Олег Давидович: 1 версия импортирована

2024-10-14T16:47:16Z

1 версия импортирована

← Предыдущая версия	Версия от 16:47, 14 октября 2024
(нет различий)

1>Tim@horizoneducationnetwork.org: clean up, typos fixed: e.g → e.g.

2021-12-09T17:06:41Z

clean up, typos fixed: e.g → e.g.

Новая страница

{{Enrolment}}{{Update}}
Location: LDAP edit settings link in ''Site administration > Plugins > Enrolments > Manage enrol plugins''

== How to set up LDAP enrollment==
This describes how to set up Lightweight Directory Access Protocol (LDAP) enrollment in Moodle (first written by Lars Jensen). LDAP enrolment works best in Moodle when used in conjunction with [[LDAP authentication]], and we're going to assume that you have already set Moodle up for LDAP authentication.

=== Assumptions ===

# You are running a recent version of Moodle.
# You are using LDAP authentication as your primary authentication method.
# Each user in has a uid attribute in the users LDAP record, that matches the ID number in the same users Moodle profile (this can easily be arranged with a mapping on the Moodle LDAP Authentication setup page - for Active Directory, use 'distinguishedName', without the quotes)

=== The Course Setup ===

Our setup involves the following course and user definitions:

* Two courses, '''Math101''' and '''Eng201'''.
* Two teachers, '''TeacherA''' and '''TeacherB'''.
* Three students, '''StudentD''', '''StudentE''', and '''StudentF'''.
* StudentD and StudentE are enrolled as students in Math101, and TeacherA is enrolled as teacher of Math101. StudentE and StudentF are enrolled as students in Eng201, and TeacherA and TeacherB are both enrolled as teachers of Eng201.

=== The LDAP Container Setup ===

# Define two LDAP containers ou=StudentEnrollment and ou=TeacherEnrollment
# For each course we define an LDAP group entry (e.g. a posixGroup entry) in the StudentEnrollment and TeacherEnrollment containers. Thus, we define a Math101 posixGroup under StudentEnrollment, and we define a Math101 posixGroup under TeacherEnrollment. We define the two Eng201 groups in a similar way. Be careful, '''the name of the posixGroup has to match the Course ID number of the Moodle course.''' Do not use the course short name, it will not work. (Changing the group name slightly in the Windows pre 2000 group name window will allow you to have two security groups with the same name in MS-AD)
# Enroll students and teachers as members of in the LDAP-groups we just defined. This is done by entering the users uid attribute (idnumber) in the memberUid attribute of the relevant group:
#* TeacherA is a member of the Math101 group under TeacherEnrollment.
#* StudentD and StudentE are a members of the Math101 group under StudentEnrollment.
#* TeacherA and TeacherB are members of the Eng201 group under TeacherEnrollment
#* StudentE and StudentF are a members of the Eng201 group under StudentEnrollment.

=== The LDAP Enrollment Configuration in Moodle ===

The LDAP enrollment settings in Moodle corresponding to the above setup are as follows:

{| cellspacing="0" cellpadding="5" border="1"
! LDAP Enrollment Variable:
! Value:
|-
| enrol_ldap_student_contexts:
| ou=StudentEnrollment,dc=ldapserver,dc=tmcc,dc=edu
|-
| enrol_ldap_student_memberattribute:
| memberUid (use 'member' -without the quotes- for Active Directory)
|-
| enrol_ldap_teacher_contexts:
| ou=TeacherEnrollment,dc=ldapserver,dc=tmcc,dc=edu
|-
| enrol_ldap_teacher_memberattribute:
| memberUid (use 'member' -without the quotes- for Active Directory)
|-
| enrol_ldap_objectclass:
| posixGroup (use 'group' -without the quotes- for Active Directory)
|-
| enrol_ldap_course_idnumber:
| cn
|-
| enrol_ldap_course_shortname:
| cn
|-
| enrol_ldap_course_fullname:
| cn
|-
| enrol_ldap_autocreate:
| Yes
|-
|}

Additionally, since you are using LDAP authentication, you should also map the Moodle "ID number" of users to the "uid" in the ldap entry of the user. This is done on the Moodle LDAP Authentication page (not the LDAP Enrollment page).

=== Automatic course creation ===

Courses can be created automatically if there are LDAP enrolments to a course that doesn't yet exist in Moodle. To enable this, set '''enrol_ldap_autocreate''' to '''Yes'''.

'''enrol_ldap_category''' field sets the category for the automatically created courses.

'''enrol_ldap_template''' field can contain the ''shortname'' of a course that is used as a template in the automatic course creation.

Note that only the basic settings are copied from the template course such as start date, format etc. no content or block configuration will be copied over.

=== Notes ===

# You do not need to create the courses manually in Moodle. If they don't exist, they will be created when the first enrolled user login.
# We are using the same string cn and uid in a users LDAP record. This is not necessary, I believe. However, if you use different values, you will need to define the ldap_user_attribute to uid in the LDAP authentication setup.
# The value of the group id number (gidNumber) defined for the groups in step 2 of the LDAP Container Setup above is not critical. It is not used in this setup.
# The attached .ldif file assumes that users are in the ou=People container in LDAP. You will need to configure your LDAP Authentication setup to reflect this (ldap_contexts variable).
# User passwords for this setup are defined in the attached .ldif file.
# If you use the attached .ldif file, you'll need to edit the ldap server information (the "dn=" lines).

==Other LDAP Layout==

I do suggest to create a new LDAP object, say <TT>moodleCourse</TT>, which contains all information,& members of the course, including teachers, students a.s.o. For instance (OpenLDAP):
<pre>
attributetype ( oidAttrBase:44 NAME ( 'teacherUid' ) SUP memberUid
DESC 'which person is a teacher of this course'
)

objectclass ( oidObjRoot:14 NAME 'moodleCourse' SUP top STRUCTURAL
DESC 'course available in Moodle'
MUST ( cn )
MAY ( owner $ gn $ sn $ seeAlso $ description $ memberUid $ teacherUid )
)

Note: Openldap 2.x will need something like:

attributetype ( 1.2.1.1.1.1.2.1 NAME 'teacherUid'
SUP memberUid
DESC 'which person is a teacher of this course'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

objectclass ( 1.2.1.1.1.1.1.1
NAME 'moodleCourse'
SUP top STRUCTURAL
DESC 'course available in Moodle'
MUST ( cn )
MAY ( owner $ gn $ sn $ seeAlso $ description $ memberUid $ teacherUid )
)
</pre>

The configuration is like this, in bold you see required changes, in italic you see
useful changes.

{| cellspacing="0" cellpadding="5" border="1"
! LDAP Enrollment Variable:
! Value:
|-
| enrol_ldap_student_contexts:
| ou=moodle,ou=groups,dc=ldapserver,dc=tmcc,dc=edu
|-
| enrol_ldap_student_memberattribute:
| memberUid
|-
| enrol_ldap_teacher_contexts:
| ou=moodle,ou=groups,dc=ldapserver,dc=tmcc,dc=edu
|-
| enrol_ldap_teacher_memberattribute:
| teacherUid
|-
| enrol_ldap_objectclass:
| moodleGroup
|-
| enrol_ldap_course_idnumber:
| cn
|-
| enrol_ldap_course_shortname:
| givenname
|-
| enrol_ldap_course_fullname:
| sn
|-
| enrol_ldap_course_summary:
| description
|-
| enrol_ldap_autocreate:
| Yes
|-
|}

Note: The <TT>enrol_ldap_course_idnumber</TT> (<TT>cn</TT> in my setup) is used to identify the course by the LDAP enrolment script and the database uses an <TT>INTEGER</TT> numeric here, in Moodle v1.8 anyway. When you
call <CODE>cd enrol/ldap/ && php -f enrol_ldap_sync.php</CODE> any course with the same idnumber is updated, hence,
it is quite important for the LDAP synchronisation and needs to be unique.

Sample of an moodleCourse LDAP object:
<pre>dn: cn=851,ou=moodle,ou=groups,dc=ldapserver,dc=tmcc,dc=edu
objectClass: moodleCourse
cn: 851
givenName: LV851
sn: 2007S/Introduction to Moodle
description: Jahr: 2007 Sommer, <A TARGET=_blank HREF="https://other_server/display/851">Announcement</A>
teacherUid: userA
memberUid: user1</pre>

In the same fashion one can add all the other role mappings.

==See also==

* [http://download.moodle.org/download.php/docs/en/how-to_guides/ldap_auth_and_enrolment_set-up.pdf LDAP auth and enrolment set-up guide] (PDF 227KB)

Using Moodle forum discussions:
*[http://moodle.org/mod/forum/discuss.php?d=31761 LDAP Enrollment HOWTO] with Lars Jensen's 2005 post
*[http://moodle.org/mod/forum/discuss.php?d=39549 LDAP Auto enrollment]
*[http://moodle.org/mod/forum/discuss.php?d=41829 LDAP nightmare Part II]
*[http://moodle.org/mod/forum/discuss.php?d=56198 Moodle + AD + LDAP = Confusion - Help Required and Provided]

* [http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Wikipedia on LDAP:] a great deal of information beyond the context of Moodle

[[de:LDAP-Einschreibung]]
[[es:Inscripción por LDAP]]
[[fr:Inscription par LDAP]]
[[ja:LDAPユーザ登録]]

LDAP enrolment - История изменений

Олег Давидович: 1 версия импортирована

1>Tim@horizoneducationnetwork.org: clean up, typos fixed: e.g → e.g.