Hello everyone
This isn't an really and issue, but rather a request for advice, ideas, etc.
I have to set up a new LDAP server for our university. We currently don't have any kind of directory service. So this will be the first one.
I decided to go with OpenLDAP because of the different OSes and services we use but also because of licensing issues when it comes to Active Directory. We have and AD domain but it is used exclusively for a lab that requires a domain for a certain app they use. Yes, silly, but the licensing service of that app works only in a domain environment.
What I plan to do now is set up a general LDAP server that will be used to authenticate users for various services and applications (web based apps, WiFi, through RADIUS, etc.).
We also started using Moodle, more and more, so I also want to integrate our Moodle server with LDAP.
The reason why I am asking for advice here is because this community has experience with LDAP used in academic environments. While researching for LDAP best practices, I found mostly advice for corporations, which doesn't always fit the academic purposes.
I have some Active Directory experience but this is the first time that I have to set up a directory structure. All my previous experiences with Active Directory involved small networks that required no special structure setup (with different OUs and such). All users were in the Users OU and that was it.
So I have to figure out a good structure that will be easy to maintain and use without major changes in the foreseeable future. As I said, I did a little reading on LDAP best practices and, based on what I found, here is my plan so far:
- In the root of the directory, I am going to create a People OU, to hold all person accounts, so that if a service needs to authenticate all users, it will search this OU.
- In People, I plan to create the following OUs: TeachingStaff, Administration, Students.
I believe this is enough for OUs. I think I'll do the rest with user attributes (to separate students in majors and years, to separate teaching staff in departments, etc.). As I understand, it is a bad idea for the LDAP structure to mimic the organisational structure of the university (because of the possible organisational changes in the future).
Regarding Moodle
I would like to use the LDAP Moodle connection for the following:
- User authentication (I know how to set this up)
- Make all teaching staff course creators automatically (I understand it can be done)
- Have all students accounts in groups by major and year, so that a teacher can manually enrol in any class the entire group of students at once. Can this be done?
This is all. I welcome any advice, idea, etc and thank anyone on advance for it.