Poking around in the logs I find this error, and I wonder if it is related?
Is it possible for the LDAP authentication to store the passwords in the Moodle database and check against that before authenticating with LDAP?
FWIW, I am using Moodle 1.9 current with LAMP on Ubuntu 8.04 LTS. The ldap server is AD, and we are importing users. It all seems to work, but it is slow. I am using the IP for the domain controller, so it should not be a dns issue
You can still get this behavior (I believe) by setting "No" to "hide Passwords" The explanation reads: "Select yes to prevent passwords from being stored in Moodle's DB"
You can find this setting in the site level Authentication/LDAP settings panel under "Bind Settings"
I hope this helps.
Re: Trying to get property of non-object in ...accesslib.php
I'm afraid it won't work. Even if you configure the LDAP authentication plugin to store the passwords in the local Moodle database, it never uses them to validate users (and never has). So there's no point in storing them locally (and it's not even a good, from a security point of view).
Regarding the error you see in the logs, I don't think it's related to the long login time. As the logon process is a bit heavy (updating user info, updating enrolments, etc.) the first thing I'd do is try measurering the login time. You can edit auth/ldap/auth.php, and in function user_login(), at around line 153 (in Moodle 1.9.8) you can add the marked lines:
// Add the following two lines
list($usec_before, $sec_before) = explode (' ', microtime());
$time_before = (float)$sec_before + (float)$usec_before;
// ----> Up to here
$ldapconnection = $this->ldap_connect();
// Add the following four lines
list($usec_after, $sec_after) = explode (' ', microtime());
$time_after = (float)$sec_after + (float)$usec_after;
$time = $time_after - $time_before;
error_log('[AUTH LDAP] up to ldap_connect() took: '.$time.' seconds');
// ----> Up to here
if ($ldapconnection) {
$ldap_user_dn = $this->ldap_find_userdn($ldapconnection, $extusername);
// Add the following four lines
list($usec_after, $sec_after) = explode(' ', microtime());
$time_after = (float)$sec_after + (float)$usec_after;
$time = $time_after - $time_before;
error_log('[AUTH LDAP] up to ldap_find_usernd() took: '.$time.' seconds');
// ----> Up to here
//if ldap_user_dn is empty, user does not exist
if (!$ldap_user_dn) {
$this->ldap_close();
// Add the following four lines
list($usec_after, $sec_after) = explode(' ', microtime());
$time_after = (float)$sec_after + (float)$usec_after;
$time = $time_after - $time_before;
error_log('[AUTH LDAP] up to failed ldap_find_userdn() took: '.$time.' seconds');
// ----> Up to here
return false;
}
// Try to bind with current username and password
$ldap_login = @ldap_bind($ldapconnection, $ldap_user_dn, $extpassword);
// Add the following four lines
list($usec_after, $sec_after) = explode(' ', microtime());
$time_after = (float)$sec_after + (float)$usec_after;
$time = $time_after - $time_before;
error_log('[AUTH LDAP] up to ldap_bind() took: '.$time.' seconds');
// ----> Up to here
$this->ldap_close();
if ($ldap_login) {
return true;
}
}
Now everytime some logs in using the LDAP auth plugin, you'll get some lines in your PHP error logs similar to these (trimmed here for brevity):
[AUTH LDAP] up to ldap_connect() took: 0.0043280124664307 seconds
[AUTH LDAP] up to ldap_find_usernd() took: 0.0056140422821045 seconds
[AUTH LDAP] up to ldap_bind() took: 0.0083839893341064 seconds
This will tell you where the time is spent and will help you diagnose what could be going on.
Saludos, Iñaki.