by Ben Steeples.
We're moving away from LDAP to Shibboleth to get 'proper' single-sign-in. ie. users should only be asked to sign in once and their credentials follow across multiple services; rather than the current situation of using the same credentials multiple times. It also means that other external services which rely on Shibboleth (via Moodle) should me more seamless.
We're going for pure Shibboleth via shibd and Apache with mod_shib.