Don't think it is quite what you are after but have seen this in passing.
Moodle Network - MoodleDocs
We locally host our own Moodle installation and are thinking about hosting seperate Moodle sites for some of our local Primary Schools. The hosting itself isn't a problem, but how the schools then authenticate to the Moodle installation is.
I know that an option of manual usernames and/or email address authentication is possible, but neither of those are options I want to explore (one school doesn't have email for pupils and manual would be fiddly!)
Would it be theoretically possible to allow LDAP authentication beween the primary school and our site?
Currently our sites aren't within the same AD site and I wouldn't want to change that at this point.
Would simply opening up port 389/636 between each of our sites (restricting access to and from specific IP addresses for security) allow LDAP authentication to work?
Has anyone tried this already?
Thanks for that Frosty.
It doesn't answer what I was looking for, but is useful anyway.
Anyone else any experience / knowledge of this?
Can you tell us more about the network setups between the schools (are u on the same wan for example)
It may be possible to set up a "resource" domain with user accounts in these. U could look at Microsoft Identity manager, it would mean trusts and the likes but in theory i guess it would be possible
All schools would be connected via SWGfl, so we should be able to open/restrict whatever ports were needed for school-school comms.
The schools all have different IP ranges and two different subnets (255.255.255.0 and 255.255.252.0). All of the sites operate indepentanty within their own domain, with no current cross communication.
Now this is total theory and not based on anything i've tried.. however...
Take this example
School 1, School 2, School 3 all on the same WAN as you describe.
We create a domain lets call it central
We set a trust up between School 1 and Central, then School 2 and Central and School 3 and Central.
We then use Microsoft Identity Integration to dump all the user identity details into this central domain
We then configure moodle to authenticate agains this domain.......
Now as i said this is total seat of the pants guessing stuff. We use identity manager for GAL replication between our parent company and ourselves (yeah sorry folks i no longer work in education!!) so i know it's possible to dump the data from one domain to the other.. infact now i think on it you dont need the trust between the schools, u need an account with permissions on each domain
So School 1 domain has an account centralconnectionout,
The central domain has the account centralconnectionin
You supply the details for each between the domains to set up the replication.......
If this works i'd be shocked but it might get you on the right track
[ame=http://en.wikipedia.org/wiki/Microsoft_Identity_Integration_Server]Microsoft Identity Integration Server - Wikipedia, the free encyclopedia[/ame]
I've just asked the question on the microsoft MIIS forum, if somone gets back to me i'll post here.
if your trying to authenticate moodle to AD cant you just rent a server for hosting the site (I mean entire server or private server) and then have a vpn host (openvpn) on the hosting server and openvpn client on your domain server
Last edited by squeeky; 28th January 2010 at 05:35 PM.
There are currently 1 users browsing this thread. (0 members and 1 guests)