I am working on this right now. I have an offsite web server trying to authenticate back to an active directory server behind a Sonicwall firewall.
The first thing you need to do is make sure that you can bind to LDAP from inside your firewall. To do this, download a free LDAP browsing tool such as LDAP Browser/Editor 2.81 (JAVA client - click on browser.jar to run program). If you are able to bind to your ldap server from inside, then the next step is to configure your firewall to port forward your LDAP traffic to the correct server.
The configuration will depend on your server, but you must forward the applicable ports below to the LDAP server's local ip address (inside firewall). This way, any traffic that hits your firewall on those ports (i.e. Moodle authentication) gets to the right place inside your firewall. You may not need all of the ports below. The basics are the following:
port 389 (LDAP)
port 636 (LDAP over SSL)
port 3268 (Global catalog server for Microsoft Active Directory)
port 3269 (Global catalog server for Microsoft Active Directory w SSL)
If you need some clarification, let me know. I am actually still having some binding issues with mine, but I can see the LDAP server from outside, so I know it is simply a mattery of tweaking my Moodle settings.
The first thing you need to do is make sure that you can bind to LDAP from inside your firewall. To do this, download a free LDAP browsing tool such as LDAP Browser/Editor 2.81 (JAVA client - click on browser.jar to run program). If you are able to bind to your ldap server from inside, then the next step is to configure your firewall to port forward your LDAP traffic to the correct server.
The configuration will depend on your server, but you must forward the applicable ports below to the LDAP server's local ip address (inside firewall). This way, any traffic that hits your firewall on those ports (i.e. Moodle authentication) gets to the right place inside your firewall. You may not need all of the ports below. The basics are the following:
port 389 (LDAP)
port 636 (LDAP over SSL)
port 3268 (Global catalog server for Microsoft Active Directory)
port 3269 (Global catalog server for Microsoft Active Directory w SSL)
If you need some clarification, let me know. I am actually still having some binding issues with mine, but I can see the LDAP server from outside, so I know it is simply a mattery of tweaking my Moodle settings.
Hi Arvind,
Thank you for your reply
I too am working with a domain controller, using Active Directory as my LDAP server.
Everything works beautifully on the inside, but as soon as I move the server to the DMZ on our Cisco, I can no longer bind to the server. It sees the server, but can't bind to it using the same username and password that worked fine on the inside. Kind of odd really. Please keep me (us, the community) aware of any discoveries you make during your testing.
When you set up the server in the DMZ, are you using a LAN IP address with NAT, or are you using a public IP address for the LDAP server? Also, what do you mean by it "sees" the server? You may be where I am. I can connect to the LDAP server with an LDAP client, but I can't get my Moodle authentication configuration to work properly.
12/07/04, it is working! 
I'm using a LAN IP address. I have opened up communication in both directions between the IPs (ports 389, 636, 3268, 3269) of one of my domain controllers and the moodle server on the DMZ. I'll now start closing ports until I can determine what I really need.
would you mind sharing the variable entries for the authentication page? i could swear that i have everything in correctly, but it just will not bind for me.
Sure:
ldap_host_url: ldap://10.x.x.x
ldap_version: 2
ldap_contexts: ou=Students,ou=Middle,dc=MyDistrict,dc=org
ldap_user_attribute: sAMAccountName
ldap_search_sub: 1
ldap_bind_dn: cn=comp1,ou=Students,ou=Middle,dc=MyDistrict,dc=org
ldap_bind_pw: test
ldap_memberattribute: memberOf
ldap_creators: ou=Teachers,ou=Middle,dc=MyDistrict,dc=org
Everything else is optional
Hello.
To complete Joe's final comment, for those with Firewall and Internet environments you HAVE to open port 3268 ONLY from Moodle server to yourActiveDirectoryMainDomainServer. No need to open 389, 636 nor 3269.
And have a look at http://moodle.org/mod/forum/discuss.php?d=17198 for more information.
Good luck.
And have a look at http://moodle.org/mod/forum/discuss.php?d=17198 for more information.
Yes, make sure you have a look there, for a comment on why this may not do what you expect.Saludos. Iñaki.