Forums | Mahara Community
02 December 2013, 2:09 PM
I'm trying to create an Alumni solution for our Mahara site. Currently users are created in AD and then they login to Moodle. From Moodle they can then link to Mahara using MNET authentication and all the students are currently a part of the Moodle or Moodle High institutions. What we would like to do after students graduate or leave the school is to keep hosting their Mahara portfolio but remove them from AD and remove them from Moodle.
Currently if a user tries to log in directly to Mahara with the login credentials they use for Moodle, it won't let them in.
I believe the solution would be to create an institution called Alumni and then we can push usersto that institution after they leave. The issue is how to get the logins working so they don't have to come from Moodle to login. I'm assuming it has something to do with adding another authentication method to the institution but I'm not sure how to go about getting this all to work.
Any assistance would be great.
02 December 2013, 4:35 PM
Yes, you'll need to set up some kind of authentication instance for that Alumni institution. Since you'll be removing them from AD, you will probably want to use the "internal" auth method, which just stores the password locally in the Mahara database. The downside is that you'll either have to reset their password at the time they're moved to the Alumni institution, or push their password from AD into the Mahara DB (which probably isn't even possible unless AD stores passwords in plain text).
On a slightly different topic, if you wanted your Moodle High users to be able to log in via the Mahara login page using the same (AD) password as they do on Moodle, you could use the MNet plugin's "Parent authority" feature to do that. (See the "parent authority" section here: http://manual.mahara.org/en/1.8/administration/institutions.html#xml-rpc-mnet-authentication ) What you'd need to do is set up an AD auth instance on the Moodle High Institution, and then in the settings for the MNet auth instance, pick the AD auth instance as the parent auth method. And lastly switch all the MNet users individual auth method to the new AD auth instance.
Hopefully that clears things up, or at least doesn't make them more confusing.
09 December 2013, 8:38 AM
When you remove a user from an institution and the user is associated with an external authentication method such as MNet, they will get emailed their new credentials, i.e. their internal Mahara credentials.
It is important though in this case that they still have access to their email address. Thus, it might be an idea to remove them from the regular institution before they loose access to their email address and then tell them to change their email.