Issue Details (XML | Word | Printable)

Key: MDL-8596
Type: New Feature New Feature
Status: Open Open
Priority: Major Major
Assignee: Petr Skoda
Reporter: Charlie Owen (SonniesEdge)
Votes: 3
Watchers: 11
Operations

Add/Edit UI Mockup to this issue
If you were logged in you would be able to see more operations.
Moodle

Ability to choose from multiple authentication sources of same type

Created: 21/Feb/07 05:14 PM   Updated: 26/Nov/08 05:36 AM
Return to search
Component/s: Authentication
Affects Version/s: 1.6, 1.7, 1.8
Fix Version/s: None

Participants: Charlie Owen (SonniesEdge), Craig Redl, Gary Blok, Iñaki Arenaza, Martin Dougiamas, Martín Langhoff and Petr Skoda
Security Level: None
Affected Branches: MOODLE_16_STABLE, MOODLE_17_STABLE, MOODLE_18_STABLE


 Description  « Hide
It would be great if Moodle natively supported the ability to define multple authentication servers of the same type. At the moment (in 1.8) you can define, for example, an LDAP server and a POP3 server, in addition to the native internal auth. However you can *not* specify two LDAP servers or two POP3 servers.

It would be great if multiple authentication plugins of the same type could be specified and (most importantly for us) when a user logs in, they can *choose which authentication method to use*.

This would help us enormously as we have two AD servers (on completely different forests) with overlapping usernames. We would need some way for users to choose which server to authenticate against, otherwise they could be authenticating against the wrong server.

(BTW, this two forest setup isn't that uncommon in UK FE colleges as its usage is demanded by a lot of "security-minded" auditors...)

We have had to seriously hack our Moodle installation to achieve the above - before anyone asks, it's really specific to our institution's setup and everything is hard-coded - we'd really like it to work natively so that we can upgrade Moodle without having to recode the authentication routines every time.

 All   Comments   Change History   Version Control      Sort Order: Ascending order - Click to sort in descending order
[ Permalink | « Hide ]
Martin Dougiamas added a comment - 30/Mar/07 09:53 AM
This sounds like a really good idea.

[ Permalink | « Hide ]
Martín Langhoff added a comment - 30/Mar/07 11:43 AM
We can resolve this with either multi-instance plugins, or teaching some plugins to talk to multiple backends. For many plugins, multi-instance just does not make sense.

[ Permalink | « Hide ]
Gary Blok added a comment - 06/Jun/08 02:30 AM
I would also like to authenticate on 2 forests. I have a Staff forest and a Student forest I need to connect to, but currently am not sure how to do that.

[ Permalink | « Hide ]
Craig Redl added a comment - 21/Nov/08 03:13 AM
We run two forests at our University as well, one for Students and one for Staff/Faculty. I'm curious if I should spend a week hacking the core, or just wait for this to be added. Do we have an ETA?

[ Permalink | « Hide ]
Iñaki Arenaza added a comment - 22/Nov/08 08:31 PM
Hi Craig,

as far as I know, there are no short term plans to add this into core. I did part of the job a long time ago (something like two years ago or so), but I've never finished it, as other things have side-tracked me

Iñaki.


[ Permalink | « Hide ]
Craig Redl added a comment - 25/Nov/08 09:33 AM
Thanks Iñaki,

Well Ill start writing it myself then, we need it for January. Ill post the code for anyone interested when Im done.

Craig.


[ Permalink | « Hide ]
Craig Redl added a comment - 26/Nov/08 05:36 AM
Okay no hack needed. Got it working based on thread found at http://moodle.org/mod/forum/discuss.php?d=17198 which suggests to tweak the LDAP Host URL by removing the subdomain and appending port 3268.

So if you have a similar setup as us, here is how it works:

Our students authenticate against http://discovery.mala.bc.ca, while faculty/staff authenticate against http://capitan.mala.bc.ca. Adding both domains to the LDAP Host URL field will not work because it will only check the 2nd domain as "failover" support. This wont check the 2nd domain if the user fails to authenticate against the 1st, it will only check the 2nd domain in the event the 1st is offline.

To access ALL the domains within the global catalog using a single HOST URL, set your Host URL to just the top level domain along with the default 3268 port. We must include the port for it to work. Here is the syntax:

HOST URL: ldap://mala.bc.ca:3268

It now authenticates against all subdomains within the forest successfully. Hope this helps as well.

Craig.
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.5-#360) - Bug/feature request - Atlassian news - Contact Administrators