External Moodle Site LDAP link to school server

[stephenwelch]

Hello, just about finished my moodle site - god what a lot of effort for just a basic site!! This is how I want it to work.

The site will be hosted externally and will connect via ldap and public ip address to a school server running win 2003 std server.

The question is has anyone got this working? The hosted moodle site will be running on a lamp server. The school in questions has council owned firewalls and a change request will be required to get through the fire wall. I will have discover what port ldap runs on and also fully understand the moodle doc

LDAP authentication - MoodleDocs which only really deals with a LAMP server on the same network.

Any comments or advice will be very much appreciated.

Many thanks

Stephen

[Geoff]

You will have to be amazingly careful with how you expose this LDAP access. Ideally, if I were doing this I'd want to check my firewall rules locked down the access correctly and that I was using LDAP over SSL. Even better would be to have a VPN link between your internal network and the webserver, again with copious firewalling.

[SYNACK]

I second eveything that Geoff says above and would also add that when the change request is sent in it would be a good idea to get them to allow only the IP address of your site access to the newly opened port. This should limit your vunrability further.

The big hassle with this setup is that you are essentially allowing easy access to your username and password database. If you were to simply use LDAP your user names and passwords could be compromised comparatively easily. Even with the security measures proposed above it still leaves your external system as another point of entry into your school network if it is compromised. So best practice is to lock everything down as tight as possible.

[stephenwelch]

OK. Thanks for you help guys. I am going down the externallly hosted site route.

Stephen

[dhicks]

The site will be hosted externally and will connect via ldap and public ip address to a school server running win 2003 std server.

Probably not worth the hassle of arguing with county as to why this is useful. Have an LDAP server run on your external server and synch it with your school server over HTTPS every day / hour / whatever.

--
David Hicks