We use LDAP for Moodle logins here, and it works a treat. Thing is, if our LDAP server fails (like it did this weekend due to power failure) our students can't logon to Moodle.
Does anything exist where Moodle uses LDAP to authenticate, but if LDAP fails it checks for the user/password combination in its own database - a kind of failsafe solution?
Guy Thomas from Ossett School wrote a wrapper for Moodle's LDAP Auth called "LDAP Capture", which gives you a pair of variables containing the password (encrypted & decrypted) so that you can write it back to wherever you like: Moodle.org: Modules and plugins
If you read it's accompanying documentation there's a section in there on using it to pass credentials around using PHP... in either encrypted or decrypted form.
But logic to me would say the better solution is to get a slave clone of the LDAP server for if the main server goes down...
We authenticate against ALL our domain controllers, so we only need 1 of the 4 to be up and accessible and users will still get auth'd. If one fails, it just moves on to the next.
if you have more than 1 DC, just seperate the LDAP://address with ; for each server
Hightower (25th January 2010)
I realised when I set Moodle up it was possible to set multiple contexts, but I never realised it did this. It has the text "To setup failover seperate multiple ldap addresses with ;".
Just never noticed it before.
hmm so does that work for multiple radius servers?
Clearly states you can add a list in the LDAP servers field, whereas RADIUS servers field refers to everything in the singular.
First solution that I can think of is round-robin... use DNS name in RADIUS server field, then assign multiple IPs to the entry in DNS. Most DNS servers will then round-robin the target IP for the DNS entry. You then write a script automated via cron to run every 30 seconds (or whatever figure suits you) to check upstate of required servers in your IP list, and remove IPs from the list when they're detected as down, and readd them back in when they're detected as up. The script would also need to restart DNS service whenever an alteration was made.
See [ame]http://en.wikipedia.org/wiki/Round_robin_DNS[/ame] for an overview.
Other alternative would be to find out what the PHP variable within moodle is for the RADIUS server, and add a step into the auth/radius/auth.php functions that checks a list of servers, and first one to reply gets set as the variable...
Last edited by Marci; 25th January 2010 at 06:08 PM.
There are currently 1 users browsing this thread. (0 members and 1 guests)