this is my first time here. I have started getting the basic idea about it now. So before u make any assumption, i am still newbie to moodle.
But not a newbie to php or mysql. I am php programmer.
Heres my problem.
My institutes is using moodle to deliver their training courses. So far they have used it without any ldap authentication. they created the accounts and handled out the password for them to change later.
Now, i have seen that they face problems with uses forget their password. They forget that the moodle password and they email (ldap) password are not the same. its not a SSO portal.
Now, i want to help them. after talking to them over the weekend, i find that they have 2 ldap server. one for students and one for staff.
students have a id that starts with C and has 6 digits eg, C001234. Staff has the firstname, a period and the surname eg, bill.gates
I know that moodle uses the user table to store the users and their password.
I have used "adLDAP - LDAP Authentication with PHP for Active Directory" http://adldap.sourceforge.net/ to test the authentication of the 2 ldap servers separately (both for student and staff).
What i plan to do it place all student and staff usernames into the user table of moodle (without any password). when someone feeds the username and password, i will check if that username exists in the user table. If so then, i will get it authenticated via either the staff ldap server or the student ldap server.
Once the username is authenticated, i want to set its cookies so that moodle sees it as a logged in users and its carry on with its normal process.
I see that with i access moodle, it creates 3 cookies MoodleSession, MoodleSessionTest, MOODLEID_ and its content is some werid characters. After i login, another cookies MOODLEID_ is created.
this is where my problem is. How do i set this 4th cookies. I see in the Users > Authentication there is a LDAP server options, but somehow its not working for me plus, i am using 2 ldap servers.
Any Help for Me?
yes that is possible but i have to place a sort of restriction. The moodle is not to be used by all staff/students but only a selected group of them.
What my plan is to place the usernames of the users who are to use moodle into the user table (without any password). for example out of 500 staff and 1000 students, only 50 staff and 200 students username will be stored in the moodle's users table.
So when the login screen is shown and the user fills in the username and password, I first check if the username is in the user table. If not then i show the re-login screen. Else i determine which ldap server to use (staff or student). I use adLDAP to authenticate the users. If the authentication is successful, i set the moodle cookies/session and let the normal process of moodle to take place. (Setting the moodle session/cookies is the hard part for me since i dont know what to set)
Also, some users such as observers who do not have ldap accounts, will be given a username created in the users table with a password. So if the logging in user is not in ldap, we can check it in the users table to see if such an account exits.
Sorry, in my first post, i wasnt that clear. I have been trying to find a way to do this but so far i hit a dead end. I read your post on "Moodle single signon hack" and found it very interesting and something similar to what i want to do.
Please assist. I would be very great ful to you. And i will surely document this so that others can also use it if they want to do something similar.
i have been working on the ldap solution for the past week now. (dropped the cookie/session idea).. i got it working for one ldap server (staff ldap server). then i changed the settings and got it working for the other ldap server (student ldap server).
I had to use my username and password to bind the servers. My problem is that the 2 servers are different domains. one is staff domain and the other is student domain. meaning 2 different ldap servers.
For students, it has to authenticate via the students ldap server and for staff, it has to authenticate via staff ldap server.
But the problems are that for both the ldap servers, the server is different, DN, Contexts, CN, binding username and password is different.
what can i do? my moodle system has to authenticate between 2 ldap servers.
Search the forums for 'multiple ldap servers'. There are a couple of different hacks to do it (one involves setting up a meta-directory, the other directly replicates the ldap plugin with a few changes to be able to use two ldap servers with a different set of settings).
This thread (http://moodle.org/mod/forum/discuss.php?d=74279) seems to be related to the second hack.