Best practice forum (Archived)
This forum discussion has been removed
It is a question I have dealt with a few times but never really a great result. Essentially a need I have come across is for the LDAP plugin to have the ability to assign users to org/pos/mgr but as you know the LDAP plugin does not really integrate with Totara hierarchies in this way.
The ideas I've had on this include:
1. Extend LDAP plugin to allow for integration with Totara Hierarchies
2. Recommend client to create reports from AD that include the necessary data for HR Import
Not much help from me I'm afraid, its just something I've also seen come up several times. It seems that a lot of organizations no longer desire services such as the LMS to access to AD directly (instead company policy is to use SSO services), so on the other hand I haven't seen this come up as much as I used to. With that said then it pushes the need for SAML plugin to integrate with Totara Hierarchies.
Jamie
Hi Amir. Totara 27 LDAP authentication can map custom user fields from LDAP into the LMS. I don't think this used to be available but to my pleasure it was there last time I checked. Maybe I just missed it previously. Anyway to you question about updating custom profile fields via the LDAP authentication module for dynamic audience rules, yup that should work!
Jamie
Ah yes I forgot the part about it being AD groups, sorry. It would seem that the LDAP plugin may need to be extended then to do that.
I recently worked with another integration where they had the same need as I alluded to before, and they ended up taking the approach to generate the user.csv for HR Import based on custom export from AD. On that note, a sort of hacky solution would be to use a custom PHP script that uses the LDAP settings to query the AD and generate the HR Sync import file from AD manually, and in doing so you could build logic into that to populate custom user fields. If you're going that far then you could also integrate it with hierarchies I suppose.
The LDAP sync, by default, occurs when user logs in. There is also a separate LDAP sync cli script that can be custom scheduled to run periodically, kind of like HR Import/Totara Sync.