Locking Profile Fields

In Moodle, you have the option of locking profile fields. Users will not be able to change the data in these fields.

For each authentication method being used in Moodle the locking must be set.

Manual accounts

Navigate to Administration block > Site administration > Plugins > Authentication > Manage authentication

Click settings for Manual accounts > for each field set locking option > click save changes

LDAP

Navigate to Administration block > Site administration > Plugins > Authentication > Manage authentication

Click settings for LDAP server > for each field set locking option for “lock value” field > click save changes

More...

If LDAP is used, simply have it locked so the control point is always at the LDAP side of things and not at students/instructor profile page.
There is first name, last name and email locked and updated every time when a user logs in via LDAP authentication (Moodle built-in function so you don't need to do much, if any customization).

Administration block > Site administration > Plugins > Authentication > LDAP server > Data mapping section

then on Email address option, select the following

Update local > On every login

Update external > never (this means it won't push up and change your ldap's email mail object value)

Lock value > locked

The key point is that only one master/central point where values are stored is wanted. In most cases, it should be your LDAP*
So if the user's email address has changed, trigger it down from your SIS and down to your LDAP. When a user logs into Moodle and because the settings are set to update the email field at every log in against your LDAP, it will always grab what is there in your LDAP and update the user's Moodle profile.