Hi,
I've got the Catalyst SAML plugin working against a Shibboleth 3 IdP. (https://moodle.org/plugins/auth_saml2)
We currently use LDAP for authentication. This is useful since you can have an LDAP sync job to purge old users.
Current users that exist in Moodle who have 'ldap' as their auth type can login with SAML as I have enabled an option in the auth_saml2 plugin for all user types to auth.
But if a new user auths with SAML, their type will be 'saml' user.
1. Presumably, then, LDAP sync won't purge old users with the 'saml' type. Is this right?
2. If the answer to (1) is 'yes', is there a way around this? We'd like to make SAML the default. The only rudimentary way I can think is running a cron job to update the user type from saml back to ldap for all users.
Thanks in advance,
Matt.