13 March 2012, 4:26

Hi!

I have Moodle and Mahara installed on same server, Moodle has been in use for several years, but I have recently upgraded it to 2.0. Mahara is fresh install, version 1.4.0. Server is Ubuntu 11.10 in Vmware. Mahara is not yet in use with students, just testing at the moment.

Both Moodle and Mahara are configured to authenticate with LDAP from our windows AD, which contains student- and teacher-accounts. It works on both.

I got SSO-working (needed to modify hosts-file a bit), but...

(a) SSO works fine, but creates duplicate users for example account student can login to both directly, but if he logins through sso (Moodle -> Mahara) Mahara creates account srtudent1.

(b) I found solution to modify Mahara's config.php: $cfg->usersuniquebyusername = true; but then the SSO stops working, Mahara just gives some error-message. (I'll be able to copy that here later today, when I have access to server.)

Can someone point out what is wrong? A quick glance at the logs didnt tell me anything... What log to look into, apache, moodle, mahara?

I put that usersunique... -setting into /etc/mahara/config.php, is that the right place? Since I have installed Mahara from Ubuntu's repos, it seems to have configfiles in /etc/mahara as well as in /usr/share/mahara?

Ville Pöntinen
Raisio, Finland

19 March 2012, 16:10

Hi Ville,

You should turn $cfg->usersuniquebyusername off again.  I think it's only really useful when you have multiple Moodles using a single Mahara.

In your SSO (xmlrpc auth) configuration, set the Parent authority to LDAP.  This way, users who are created by SSO will have LDAP auth entered in their user record, and should also be able to log in directly using the Mahara login form.

If you have existing users created by SSO (before you added the parent authority), you can either delete them, or if they've already added content, change their authentication method to LDAP.

21 March 2012, 18:04

Hi Richard.

Thanks for that titbit. Was hoping it was that simple but had been to scared to try on a client site. Ill be sure to document that and spread the word as I know many organisations in such a position.

Julian

23 March 2012, 5:16

"If you have existing users created by SSO (before you added the parent authority)"

This might be what's worng... Thankyou.

21 March 2012, 19:51

Ville, although not directly related to your question I wanted to share an idea with you. I saw that you wrote

"Both Moodle and Mahara are configured to authenticate with LDAP from our windows AD, which contains student- and teacher-accounts. It works on both."

and wondered how you populate AD?

Here in NZ the Ministry of Education created  with help from Piers at Catalyst) an automated link between the student management system and the directory (details available at http://www.iam.school.nz/community-area/open-resources), via an standardised file and an modified directory management tool called phpldapadmin (known over here as the User Directory Interface or UDI).

Maybe this is of interest to you or other members of this forum.

Paul.

23 March 2012, 5:35

We have somewhat similar system, a third-party program (half-automated) to create accounts into AD from our student management system.

In august we run this program and it creates accounts in ad. Accounts are "regular" that is to say there is only this one-time, one-way datatransfer and from that point on ad acts as authentication server for all web-based services of students (Moodle, Mahara, webUI of studentmanagement). I create accounts manually to students who change school in the middle of season.

The student management system software is commercial and although it is widely used here in Finland different communes/towns have different solutions on student management and especially on e-learning. I believe that this student management software is used only here in Finland. (Primus, www.starsoft.fi)

For now, my Moodle/Mahara site serves only our high school (only one in our town).