Virtual Learning Platforms Thread, Moodle - LDAP Authentication in Technical; We use LDAP for Moodle logins here, and it works a treat. Thing is, if our LDAP server fails (like ...
25th January 2010, 11:19 AM #1
Moodle - LDAP Authentication
We use LDAP for Moodle logins here, and it works a treat. Thing is, if our LDAP server fails (like it did this weekend due to power failure) our students can't logon to Moodle.
Does anything exist where Moodle uses LDAP to authenticate, but if LDAP fails it checks for the user/password combination in its own database - a kind of failsafe solution?
IDG Tech News
25th January 2010, 11:36 AM #2
That would imply storing the user's password in a local database. What authentication method do you use - if you're using Active Directory style authentication-by-bind the whole idea is that you don't know the user's password, you simply pass it on to the authentication server. You would need a bit of code that sat in between the get-password-from-input-form and send-password-to-LDAP-server operations that wrote out the password to a local (secure, encrypted, of course) database or file of some kind. You would need to only store the password if authentication was succesful - not much point in storing incorrect passwords, and anyone who changed their password at school and then expected to log in with that new password via Moodle with the LDAP server down is going to get confused.
Originally Posted by Hightower
25th January 2010, 11:55 AM #3
Yeah - this is how it would work in my head too. Anything like this exist or is it a case of digging into the code myself?
Originally Posted by dhicks
25th January 2010, 04:43 PM #4
Guy Thomas from Ossett School wrote a wrapper for Moodle's LDAP Auth called "LDAP Capture", which gives you a pair of variables containing the password (encrypted & decrypted) so that you can write it back to wherever you like: Moodle.org: Modules and plugins
If you read it's accompanying documentation there's a section in there on using it to pass credentials around using PHP... in either encrypted or decrypted form.
But logic to me would say the better solution is to get a slave clone of the LDAP server for if the main server goes down...
We authenticate against ALL our domain controllers, so we only need 1 of the 4 to be up and accessible and users will still get auth'd. If one fails, it just moves on to the next.
25th January 2010, 04:52 PM #5
That's a better option - care to explain how this is achieved?
Originally Posted by Marci
25th January 2010, 04:53 PM #6
if you have more than 1 DC, just seperate the LDAP://address with ; for each server
Thanks to gaz350 from:
Hightower (25th January 2010)
25th January 2010, 05:01 PM #7
I realised when I set Moodle up it was possible to set multiple contexts, but I never realised it did this. It has the text "To setup failover seperate multiple ldap addresses with ;".
Just never noticed it before.
25th January 2010, 05:15 PM #8
hmm so does that work for multiple radius servers?
25th January 2010, 07:04 PM #9
Clearly states you can add a list in the LDAP servers field, whereas RADIUS servers field refers to everything in the singular.
First solution that I can think of is round-robin... use DNS name in RADIUS server field, then assign multiple IPs to the entry in DNS. Most DNS servers will then round-robin the target IP for the DNS entry. You then write a script automated via cron to run every 30 seconds (or whatever figure suits you) to check upstate of required servers in your IP list, and remove IPs from the list when they're detected as down, and readd them back in when they're detected as up. The script would also need to restart DNS service whenever an alteration was made.
See [ame]http://en.wikipedia.org/wiki/Round_robin_DNS[/ame] for an overview.
Other alternative would be to find out what the PHP variable within moodle is for the RADIUS server, and add a step into the auth/radius/auth.php functions that checks a list of servers, and first one to reply gets set as the variable...
Last edited by Marci; 25th January 2010 at 07:08 PM.
By reggiep in forum Virtual Learning Platforms
Last Post: 5th January 2010, 09:33 PM
By spacehopper in forum How do you do....it?
Last Post: 23rd September 2009, 12:00 PM
By FN-GM in forum Virtual Learning Platforms
Last Post: 25th May 2008, 12:58 PM
By alan-d in forum Web Development
Last Post: 28th February 2007, 07:21 PM
By plexer in forum How do you do....it?
Last Post: 22nd February 2007, 09:54 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)