I have seen several posts from people using Active Directory in an educational environment with for example, separate Active Directory domains for staff and students. There are ways to talk to multiple LDAP servers if you have an Active Directory forest and are talking to an appropriate Global Catalogue server, however what if you have domains that are not in a forest and what if you have some other LDAP system that you would also like to authenticate against - for example, say you have a student Active Directory domain that is not in a forest with a staff Active Directory domain, and what if you also have another LDAP server such as Apple's OSX OpenDirectory or Linux OpenLDAP or Novell eDirectory?
The good news is you can use as many as you like - my solution to this problem is quite simple - duplicate the LDAP plugin and make some small changes - here's how to do it (using Moodle 1.8):
*DISCLAIMER* I accept no responsibility for anything that may go wrong with your system as a result of this procedure. I suggest taking a backup of your system and database first just in case.
- Backup ANY files before making changes. Better safe than sorry, however we are not going to be changing anything old, just adding something new.
- Find the 'ldap' folder in html/auth/
- Make a copy of the folder, and call it something different - e.g. ldap2
- Note that by doing this step the admin will not be able to get into the authentication page of Moodle until the changes below are applied (they will get a blank page). If you panic, simply delete the new folder (i.e. ldap2) and all will return to normal.
- Look in the newly created ldap2 folder and edit the file auth.php
- Change the following lines:
to
class auth_plugin_ldap2 extends auth_plugin_base {
...note we are simply adding a '2' on the end of the class name.
Line 29: function auth_plugin_ldap() {
To: function auth_plugin_ldap2() {
...note again simply adding a '2'.
Line 31: $this->config = get_config('auth/ldap');
$this->config = get_config('auth/ldap2');
...again with the '2'.
Then jump to line 1654 and change all of the auth/ldap lines to have a '2' on the end - e.g.
// save settings
set_config('host_url', $config->host_url, 'auth/ldap2');
set_config('ldapencoding', $config->ldapencoding, 'auth/ldap2');
set_config('host_url', $config->host_url, 'auth/ldap2');
...
...(lots of lines)
...
set_config('removeuser', $config->removeuser, 'auth/ldap2');
- Save the file
- In Moodle 'Users/authentication' if you refresh the page, you will now see another LDAP module (mine is auth_ldap2title at the moment as I've not working out how to change the title yet but this appears to be purely cosmetic).
- Configure the settings for your additional LDAP server.
- Click the 'eye' to turn the module on.
- Test a login from both LDAP servers.
Hope this is useful!