Support Forums

Development Forum

LDAP module for ATutor


You must be signed-in to post.

AuthorSubject
  Page: 1 | 2 | 3
smal
ATutor_ldap_mod.tar.gz
Subject: LDAP module for ATutorQuote this post in your reply
LDAP Module for ATutor 1.5.4 (it also works with ATutor 1.5.3).

So, if you interest in LDAP support on ATutor you may use this module.
How to install and configure module described in readme.txt (see in package).
If you have any suggestions, questions or see bugs in module write here or my mail smalgroup@gmail.com
Posted: 2007-04-28 06:10:51
greg

Avatar for greg
Subject: Re: LDAP module for ATutor 1.5.4Quote this post in your reply
Thanks smal
The archive seems to be corrupted. Can you try tar.gz'ing it together again, and posting it.
Posted: 2007-04-28 08:04:12
smal
ATutor_ldap_mod.tar

Attachment: ATutor_ldap_mod.tar
Subject: Re: LDAP module for ATutor 1.5.4Quote this post in your reply
The archive is fine, i can download and extract it with any problems. But, if you have some problem with this archive, i'll post simple tar archive and zip archive. I hope it will be work.
Posted: 2007-05-03 03:38:00
smal
ATutor_ldap_mod.zip

Attachment: ATutor_ldap_mod.zip
Subject: Re: LDAP module for ATutor 1.5.4Quote this post in your reply
...and zip archive
Posted: 2007-05-03 03:38:46
greg

Avatar for greg
Subject: Re: LDAP module for ATutor 1.5.4Quote this post in your reply
No trouble with the plain tar file. Thank you.

We'll have a look over the module in the next little while, and hopefully put it up with the rest of the modules for everyone to use.

Or, you could do that, so you get proper credit.
www.atutor.ca/modules/submit_module.php
Posted: 2007-05-03 10:38:25
dekay
Subject: Re: LDAP module for ATutor 1.5.4Quote this post in your reply
I tried to extract both zip and tar but they seem to create a [(Content)] file. I did this on Windoz and Fedora. frown
Posted: 2007-05-11 04:10:16
smal
Subject: Re: LDAP module for ATutor 1.5.4Quote this post in your reply
After extract zip (or tar) archive, must be created directory atutor.ldap.mod. (not file). I tested it in different OS and it works fine. See readme.txt in this directory to install and configure module.

In reply to:
I tried to extract both zip and tar but they seem to create a [(Content)] file. I did this on Windoz and Fedora. frown

Posted: 2007-05-11 04:39:40
joel

Avatar for joel
Subject: Re: LDAP module for ATutor 1.5.4Quote this post in your reply
Could you please explain how the authentication works?

You seem to authenticate login against LDAP, then insert the details into MySQL if it doesn't exist.

There is no syncing of data after that?

It also seems like the diff files you sent include other changes that aren't related to the LDAP work.

Also, the private RSA key is publicly available, which I'm not sure is a good idea.

Either LDAP is used for registration purposes like the current master list is, or it's used for storing all the info, which means we have to map some atutor fields to derive from LDAP (That's what mooodle does). There are pros and cons for each.

But, I think what we want to try and get to is a way of enabling and disabling any form of authentication, whether it's an external LDAP, service or internally within ATutor.

That means that we have to decide on what authentication should involve and define the set of functions (API) that have to be implemented by each method.
Posted: 2007-05-28 14:12:18
smal
Subject: Re: LDAP module for ATutor 1.5.4Quote this post in your reply

Could you please explain how the authentication works?

You seem to authenticate login against LDAP, then insert the details into MySQL if it doesn't exist.

You right, in current version authentication works as you writed. LDAP uses only for registaration purposes, not for storing all information. Users authenticated via LDAP inserted to MySQL DB as students.
Syncing between LDAP and ATutor MySQL DB (or maybe between MySQL DB and LDAP) not yet implemented. But it will be done soon, because it very important thing.


Also, the private RSA key is publicly available, which I'm not sure is a good idea.

How users can get private key?
If you setup correctly httpd daemon, private key not be available for everyone (in my server nobody can get private key). Also you can store private key outside www directory tree to be more secure.


...which means we have to map some atutor fields to derive from LDAP (That's what mooodle does). There are pros and cons for each.

I'm not sure it's good idea (IMHO). Because you must have account which can write entries in LDAP directory. And it will decrease LDAP security in all. If storing all info about user (e.g. course enrollment, testing info and others), you will be often write to LDAP, but LDAP not implemented for this purpose (often writing).
In my case, university has central LDAP server which stores user's accounts.So I want only get info about user from LDAP and store in LDAP. Why I stored user info in MySQL DB? In this way I decrease queries for LDAP. But must be syncing between LDAP and MySQL some time, to be sure that the account is valid.
Posted: 2007-05-30 03:50:30
joel

Avatar for joel
Subject: Re: LDAP module for ATutor 1.5.4Quote this post in your reply
Here are some brainstorming notes I came up with:

- have multiple authentications methods even of the same type (many pop3s, etc.).

- admin orders the authentication by how username/passwords are authenticated, internal is always first. (eg. internal, LDAP 1, LDAP 2, pop3)

- could have username conflicts, that's why should limit to only one kind of external authentication. or add the account source as part of the key and assume neither change.

- when trying to login using username/password, if local account doesn't exist it checks for external account, if external account exists but there's no local account then it redirects to the registration page where it retrieves as much external info as possible and allows the
user to fill in the required fields. once created the next time they try to login it'll authenticate using the external method (we don't want to copy the password), but find the local account that it matches based on the key of username(+authentication_source ? for uniqueness).

- we have to assume that the username from an internal or an external source never change. only username and source name is stored, passwords are never stored.

- when setting up the external source the admin has to give them a descriptive name (ie. ROSI, your @utoronto.ca account, etc..).

- disabling a method of authentication will check who is using it and give a warning that those accounts will be disabled.

- non-authenticated registration can be disabled, but admins can always create accounts manually (that's why local authentication cannot be disabled and always happens first).

- master list authentication will be reworked, but the difference is that once an account is created the list is no longer used for authentication. or should that change? in that case the password cannot be changed. so there are two kinds of external sources, those that are one shot and those that are always used. so will need to distinguish between the two.

- cannot change password for non-internal sources.

- cannot use the password reminder/retrieval process.
Posted: 2007-05-30 11:50:28
neuromancer1972
Subject: Re: LDAP module for ATutor 1.5.4Quote this post in your reply
Hi, does anyone to know if this module works with 1.6.2 version too? Many thanks in advance,
Riccardo
Posted: 2008-11-11 08:36:14
greg

Avatar for greg
Subject: Re: LDAP module for ATutor 1.5.4Quote this post in your reply
We haven't tried, but I'd imagine it works fine. Authentication has not changed since 1.5.4.

Try it, and if it works, let us know.
Posted: 2008-11-11 08:53:08
tolkeinknoxy
Subject: Re: LDAP module for ATutor 1.5.4Quote this post in your reply
Is there any update on whether the ldap module works with 1.6.2?
Posted: 2009-02-20 06:45:07
Zordhick
Subject: Re: LDAP module for ATutor 1.5.4Quote this post in your reply
Hi, new here, I tried to open the ldap zipped files, but it seems to be corrupted, also tried to open using winrar and other zip programs, none of them works. I would like to request if someone could send it to my email. Thanks a lot. here's my email. zordhick@gmail.com , Thanks again.smile smile smile
Posted: 2009-03-03 03:05:22
jlazerus

Avatar for jlazerus
Subject: Re: LDAP module for ATutorQuote this post in your reply
I'm having the same issue with opening these files. I also tried both winzip and winrar. My email is jlazerus@pjvac.org if you could send it there. Thanks a lot.
Posted: 2009-03-03 15:38:11
 Page: 1 | 2 | 3

You must be signed-in to post.