We configured one of our moodle instances to use LDAP recently. We meet with a new district to discuss moodle and discovered, by listening to my customer and my co-worker, that LDAP makes a lot of sense because it does not impact the teachers. They can simply use whatever authentication data they already use in Moodle.
No need to create new accounts in moodle. Actually, moodle will do it automatically for them when they log in for the first time. We configure moodle to look at a LDAP server when there is a authentication request (login). If the provided credentials (username and password) - exist in the LDAP definition, then the account gets created in moodle or it just logs in.
In other words, the first time the user logs in moodle, their account is created for them - if they authenticate on the LDAP side.
My customer said "one of the problems my teachers have is different accounts for various systems already in play"..... translate....If we can avoid *burdoning them with another set of authentication data to remember, that would be good.
.......
What if data in the LDAP definition does not conform to moodle username requirement. ?
What if account data already exists in moodle for a couple of the teachers? This is not a new service to one of our districts. There may be a user account or two for a teacher already in moodle. We would probably just remove their old account in moodle and let it come in from the LDAP side. We could re-enroll an account into a course, if it was their course.
We can relax our moodle password policy to match password data already in use, on the LDAP side. If the password policy on the LDAP side is *lighter than that on the moodle side, that would be problematic. So, we can change moodle to allow the existing password data.
I wonder if we can tell moodle to not store the password data, so it does not violate any moodle policy. The password data is already stored in the LDAP side, we (users) only need to provide it when authentication. Moodle does not have to store it..... I don't think anyway.
LDAP makes sense because we are using what is already there..... to authenticate. We are not introducing more logins to remember.
Its like magic. Our customer at the district can simply say to her teachers... "just use your network sign in data to sign into moodle.". When the teacher types in her network username and password - moodle will look at the LDAP data to see if she is there.
This of course is all on the conceptual level. We will need to work through implementation issues as we go.....
No comments:
Post a Comment