Moodle 2.0 ldap enrolment

Moodle 2.0 ldap enrolment

by Tobias Bäumlin -
Number of replies: 4

Hi

I'm running into difficulties with using the ldap enrolment plugin with Moodle 2.0.

Everything (i. e authentication and enrolment against LDAP) works fine as long as I use MS Windows Server as a LDAP server, but with a linux server (Debian 6.0) I still can authenticate but enrolment stops working.

The  moodle/enrol/ldap/cli/sync.php-script produces an error like

"Could not find user 'name.surname', skipping"

for every groupmember it finds in each LDAP-group. I tried every plausible configuration and still can't figure out what's wrong.

Regards

Tobias

 

 

 

 

Average of ratings: -
In reply to Tobias Bäumlin

Re: Moodle 2.0 ldap enrolment

by John Lohr -

I'm afraid I can't help you with you Linux problems, but perhaps you could help me.  I can get LDAP authentication to work with Active Directory, but not enrollment.  Could you take a quick look at my settings and see if anything looks incorrect?  You can view it in this post: http://moodle.org/mod/forum/discuss.php?d=175181

Thanks and sorry if I hijacked your thread.

Average of ratings: -
In reply to Tobias Bäumlin

Re: Moodle 2.0 ldap enrolment

by Tobias Bäumlin -

I was digging into the php-code a little and figured out that for ldap-enrolments the database-query is using the 'idnumber' attribute of each user.

Line 519 in enrol/ldap/lib.php:

$sql = 'SELECT id,username,1 FROM {user} WHERE idnumber = ? AND deleted = '0';
$member = $DB->get_record_sql($sql, array($ldapmember));

So I was able to circumvent the problem by assigning the same value as the user attribute (uid) to this field (ID Number) in the data mapping section in ldap authentication settings.

Though I don't think this is the intended behavior. Shouldn't the above read:

$sql = 'SELECT id,username,1 FROM {user} WHERE username = ? AND deleted = '0';

At least it seems to work for me that way.

Average of ratings: -
In reply to Tobias Bäumlin

Re: Moodle 2.0 ldap enrolment

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Hi Tobias,

different people have different needs, and different LDAP servers have different ways of doing thins. That's why Moodle uses ID Number field and lets you map to it whatever LDAP attribute you need to make enrolment work (be it the user name, the user LDAP distinguished name, etc.)

Saludos.
Iñaki.
Average of ratings: -
In reply to Iñaki Arenaza

Re: Moodle 2.0 ldap enrolment

by Tobias Bäumlin -

Hi Iñaka

I agree fully with that. But my problem is that it doesn't work that way now.

1. The hint for the 'ID number attribute' field on the ldap enrolment plugin says:

If the group membership contains distinguised names, specify the same attribute you have used for the user 'ID Number' mapping in the LDAP authentication settings.

In my case the groupmembership doesn't contain distinguished names, so I left the field empty

2. Even when I set the corresponding value, the ldap enrolment isn't working.

Regards

Tobias

Average of ratings: -