We are working though setting this up with a couple contacts at each of the districts.
One thing that has proved to be paramount in terms of being able to work with our contacts and figure out some things is to be able to connect to the server so we can actually see how the LDAP server is setup. I installed a program on my moodle server that allows me to connect to the LDAP server so I can browse it. Technically, its an Active Directory browser and editor. Downloaded from here.
This tool allows me to browse and understand, and get confused, by the organization of their server. There server is probably like many, a hodge podge of different peoples ideas in terms of how to organize their staff data. I can see lots of OU's Organizational Units, with various people and groups contained within. Most of it makes sense, some does not, but I am learning.
Yesterday, while trying to figure out why accounts in groups that should be able to authenticate and where not, we discovered a setting on our moodle side that needed to be activated. We had to turn on the Search Subcontexts option. It was off by default and we did not realize that groups that we would need to access would be contained within other groups. Hence, the need for subcontexts to be active.
Exploring the directory shows us that there is a OU (organizational unit) called Groups, within that group, there is a CN (common name) = Moodle_Staff. This sub-group has attributes, a distingquishedName, which differentiats it from all other entities in the tree. It also contains an attribute called member, which includes a count of its entities. When I expand it, I can see the detail of each entity.
Expanding the members of the Moodle_staff group shows the individuals who are listed but also the groups or sub-groups. This makes sense. Its is similar conceptually to cohorts in moodle. Rather than repeating an account in numerous groups, create one group, add the account to it and use that group in other groups.
No comments:
Post a Comment