by Derek Lawrie.
Hi Richard
there is an extra bit to the LDAP auth floating around here for syncing cohorts which might help. Using that you could synchronise student "groups" on the AD to a cohort for students on the Moodle side then on the front page you set permissions for those with the student role.
Sounds straightforward to me, if you can't find the extension let me know and I'll dig it out as I still have it.
Derek