In this appendix we will present the remaining list of the other authentication modules that are shipped with Moodle and which were not discussed in Chapter 4.
These plugins are all disabled by default in a new installation of Moodle and are not so common in everyday usage. We are presenting most of them for informational purposes.
LDAP (Lightweight Directory Access Protocol) is an application protocol for retrieving and modifying data from the directory service. LDAP server is often used as a source of user information. For this plugin to work, you will need LDAP and OpenSSL plugin for PHP. To make the connection as secure as possible, use LDAPs protocol. That way no interception will be possible. Also try to have a failover server because when the central server is down no user will be able to enter into the platform. In order to be able to use secure LDAP we need to make sure that OpenSSL and LDAP PHP extensions are installed and properly configured. We have already explained particular configuration bits of OpenSSL for both Linux and Windows, so let us focus on LDAP extension.
In general most of the configuration of the LDAP extension is located in a separate configuration file called ldap.conf. By default on Linux PHP looks for this file in /etc/openldap/ while on Windows in versions of PHP before 5.3 default folder is C:\openldap\sysconf. In PHP 5.3 up to version 5.3.2 the default folder was a root of disk partition on which web server's main web documents folder is located (does that sound complicated or what?). As you can see PHP looks in various places for this file depending on various factors. What we want is to have a predictable way of placing and configuring location of ldap.conf. This is done by specifying environment variable LDAPCONF with the valid location of our ldap.conf. On Linux we should open Apache configuration file httpd.conf and add this line to it:
SetEnv LDAPCONF "<path to ldap.conf>"
On Windows we should set it up in the same place we defined PHPRC and OPENSSL_CONF (see Chapter 3 dedicated to configuration of Windows server).
After this configuration is applied we should restart the web server.
CAS (Central Authentication Service) is a Single-Sign-On (SSO) system that enables the account linking of two or more different systems. By default this system requires HTTPS connection, so no particular additional configuration is needed within Moodle in terms of security other than what is already being mentioned in the first section of Chapter 4.
FirstClass is proprietary groupware software mostly used by educational institutions to offer enhanced electronic communication and collaboration to their students.
IMAP (Internet Message Access Protocol) is one of the two most prevalent protocols for email retrieval. IMAP server can also be used as a source of user credentials. Often these servers use LDAP as their user back-end. In order to make access to this resource in a secure manner it is recommended to use encrypted protocol (IMAP Cert or IMAP SSL).
MNET authentication is a plugin intended for a SSO with another Moodle instance. This instance is considered as a central user repository. This connection uses xml-rpc protocol over HTTPS and it is quite secure by default.
This plugin enables usage of NNTP (Network News Transport Protocol) for retrieving user information.
This plugin supposedly gives support for PAM provider. However, it uses a PHP4 library which is no longer publicly available. Therefore usage of this module is not recommended for production sites.
This is another popular protocol for e-mail retrieval. In order to use this integration we recommend use of SSL connection with certificates.