NOTE
HERE
DOMAIN CONTROLLER IS WINDOWS
SERVER 2003/2008
DOMAIN
IS MUMBAI.COM
HOSTNAME
IS DC.MUMBAI.COM
ADMIN
USER IS ADMINISTRATOR
OR ADMIN
EMAIL
ID IS ADMIN@MUMBAI.COM
CONTEXT OU=MUMBAI
USER ACCOUNTS,DC=MUMBAI,DC=COM
"MUMBAI USER ACCOUNTS"
SHOULD BE AVAILABLE IN DOMAIN CONTROLLER AS SAME
USER
ATTRIBUTE: SAMACCOUNTNAME
Location on Moodle:
First You Need to install php-ldap module in centos
#yum install php-ldap
NOTE
HERE DOMAIN CONTROLLER IS WINDOWS SERVER 2003/2008
DOMAIN IS MUMBAI.COM
HOSTNAME IS DC.MUMBAI.COM
ADMIN USER IS ADMINISTRATOR OR ADMIN
EMAIL ID IS ADMIN@MUMBAI.COM
CONTEXT OU=MUMBAI USER ACCOUNTS,DC=MUMBAI,DC=COM
"MUMBAI USER ACCOUNTS" SHOULD BE AVAILABLE IN DOMAIN CONTROLLER AS SAME
Location on Moodle:
First You Need to install php-ldap module in centos
#yum install php-ldap
LDAP server
This method provides authentication against an external LDAP server. If the given username and password are valid, Moodle creates a new user entry in its database. This module can read user attributes from LDAP and prefill wanted fields in Moodle. For following logins only the username and password are checked.
LDAP paged results not supported (either your PHP version lacks support or you have configured Moodle to use LDAP protocol version 2)
LDAP server settings | ||
| Specify LDAP host in URL-form like 'ldap://ldap.myorg.com/' or 'ldaps://ldap.myorg.com/' Separate multipleservers with ';' to get failover support. | ||
| The version of the LDAP protocol your server is using. | ||
| Specify encoding used by LDAP server. Most probably utf-8, MS AD v2 uses default platform encoding such as cp1252, cp1250, etc. | ||
| Make sure this value is smaller than your LDAP server result set size limit (the maximum number of entries that can be returned in a single query) | ||
Bind settings | ||
| Select yes to prevent passwords from being stored in Moodle's DB. | ||
| If you want to use bind-user to search users, specify it here. Something like 'cn=ldapuser,ou=public,o=org' | ||
| Password for bind-user. | ||
User lookup settings | ||
| Select how users are stored in LDAP. This setting also specifies how login expiration, grace logins and user creation will work. | ||
| List of contexts where users are located. Separate different contexts with ';'. For example: 'ou=users,o=org; ou=others,o=org' | ||
| Search users from subcontexts. | ||
| Determines how aliases are handled during search. Select one of the following values: "No" (LDAP_DEREF_NEVER) or "Yes" (LDAP_DEREF_ALWAYS) | ||
| Optional: Overrides the attribute used to name/search users. Usually 'cn'. | ||
| Optional: Overrides user member attribute, when users belongs to a group. Usually 'member' | ||
| Optional: Overrides handling of member attribute values, either 0 or 1 | ||
| Optional: Overrides objectClass used to name/search users on ldap_user_type. Usually you dont need to chage this. | ||
Force change password | ||
Force users to change password on their first login to Moodle.
| ||
If the external authentication system allows password changes through Moodle, switch this to Yes. This setting overrides 'Change Password URL'.
NOTE: It is recommended that you use LDAP over an SSL encrypted tunnel (ldaps://) if the LDAP server is remote.
| ||
| Specify the format of new or changed passwords in LDAP server. | ||
| Here you can specify a location at which your users can recover or change their username/password if they've forgotten it. This will be provided to users as a button on the login page and their user page. If you leave this blank the button will not be printed. | ||
LDAP password expiration settings. | ||
| Select No to disable expired password checking or LDAP to read passwordexpiration time directly from LDAP | ||
| Number of days before password expiration warning is issued. | ||
| Optional: overrides ldap-attribute that stores password expiration time | ||
| Enable LDAP gracelogin support. After password has expired user can login until gracelogin count is 0. Enabling this setting displays grace login message if password is expired. | ||
| Optional: Overrides gracelogin attribute | ||
Enable user creation | ||
| New (anonymous) users can create user accounts on the external authentication source and confirmed via email. If you enable this , remember to also configure module-specific options for user creation. | ||
| If you enable user creation with email confirmation, specify the context where users are created. This context should be different from other users to prevent security issues. You don't need to add this context to ldap_context-variable, Moodle will search for users from this context automatically. Note! You have to modify the method user_create() in file auth/ldap/auth.php to make user creation work | ||
Course creator | ||
| List of groups or contexts whose members are allowed to create new courses. Separate multiple groups with ';'. Usually something like 'cn=teachers,ou=staff,o=myorg' | ||
Cron synchronization script | ||
| Specify what to do with internal user account during mass synchronization when user was removed from external source. Only suspended users are automatically revived if they reappear in ext source. | ||
NTLM SSO | ||
| Set to yes to attempt Single Sign On with the NTLM domain. Note: this requires additional setup on the webserver to work, seehttp://docs.moodle.org/en/NTLM_authentication | ||
| If set, it will only attempt SSO with clients in this subnet. Format: xxx.xxx.xxx.xxx/bitmask. Separate multiple subnets with ',' (comma). | ||
| Set to yes to enable the NTLM SSO fast path (bypasses certain steps and only works if the client's browser is MS Internet Explorer). | ||
| The authentication method configured in the web server to authenticate the users (if in doubt, choose NTLM) | ||
| If you have chosen 'NTLM' in 'Authentication type', you can specify the remote username format here. If you leave this empty, the default DOMAIN\username format will be used. You can use the optional %domain% placeholder to specify where the domain name appears, and the mandatory %username% placeholder to specify where the username appears. Some widely used formats are %domain%\%username% (MS Windows default), %domain%/%username%, %domain%+%username% and just%username% (if there is no domain part). | ||
NOTE
HERE DOMAIN CONTROLLER IS WINDOWS SERVER 2003/2008
DOMAIN IS MUMBAI.COM
HOSTNAME IS DC.MUMBAI.COM
ADMIN USER IS ADMINISTRATOR OR ADMIN
EMAIL ID IS ADMIN@MUMBAI.COM
CONTEXT OU=MUMBAI USER ACCOUNTS,DC=MUMBAI,DC=COM
"MUMBAI USER ACCOUNTS" SHOULD BE AVAILABLE IN DOMAIN CONTROLLER AS SAME
USER ATTRIBUTE: SAMACCOUNTNAME
NOTE
HERE DOMAIN CONTROLLER IS WINDOWS SERVER 2003/2008
DOMAIN IS MUMBAI.COM
HOSTNAME IS DC.MUMBAI.COM
ADMIN USER IS ADMINISTRATOR OR ADMIN
EMAIL ID IS ADMIN@MUMBAI.COM
CONTEXT OU=MUMBAI USER ACCOUNTS,DC=MUMBAI,DC=COM
"MUMBAI USER ACCOUNTS" SHOULD BE AVAILABLE IN DOMAIN CONTROLLER AS SAME
No comments:
Post a Comment