LDAP Authentication Error

LDAP Authentication Error

by Constance Kan -
Number of replies: 10

Hi, we're using Moodle 2.1 on IIS7 in the college.  We've got all the LDAP authentication working except in 2 weird areas:

1. When an invalid user name or password is entered, it goes to a "500 - Internal server error" page and the url is <moodle site>/login/index.php?authldap_skipntlmsso=1 (in moodle 1.9, it would say 'invalid username or password').

2. Occasionally a user would not be able to login with their LDAP account, if they try again later, it would work.  Or if we change their authentication method to manual account, it works.  What could we do to fix this (even if it's a network traffic loading problem)?

Any help is much appreciated smile

Average of ratings: -
In reply to Constance Kan

Re: LDAP Authentication Error

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Switch on Debugging and check your web server error logs. Any notices or warnings (with either problem)? Be sure yo check your LDAP server logs too to see if it is doing anything odd when the authentication fails.

A 500 error doesn't really say much. Somebody else reported exactly the same error yesterday too.
Average of ratings: Useful (1)
In reply to Howard Miller

Re: LDAP Authentication Error

by Constance Kan -

I have already set Debug messages to "Developer: extra Moodle debug messages for developer" and Display debug messages to yes.

I think the Server log is saying "

The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description."

But still I'm no wiser on which page to check in Moodle files sad

Average of ratings: -
In reply to Constance Kan

Re: LDAP Authentication Error

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
I'm no expert, but my gut feeling is that this is your AD configuration not Moodle. What do the AD logs say when this problem happens?
Average of ratings: -
In reply to Howard Miller

Re: LDAP Authentication Error

by Constance Kan -

I can understand it's an AD error if it thows out this error for valid user login too, but it is fine.  It only happens to invlid users.  I think it is trying to go to another page which contains error but I couldn't really follow the codes.

It would be really useful if you could point me to the page where Moodle loads for invalid user login.

Thanks again.

Average of ratings: -
In reply to Howard Miller

Re: LDAP Authentication Error

by Richard Oelmann -
Picture of Core developers Picture of Plugin developers Picture of Testers

Hi,
Given that your error is in the Windows server logs, not the moodle ones, and relates to group policies and Active Directory, I would go with Howard that this is a server issue rather than a moodle one.
Also, my understanding (I could be wrong - I haven't actually been through all the code for this) is that Moodle doesn't actually point to a different page, it just has an 'invalid login' type message that appears on the main moodle login page allowing the user to try logging in again with correct credentials.

Richard
Average of ratings: -
In reply to Richard Oelmann

Re: LDAP Authentication Error

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Yeh - I think you are getting hung up on the different behaviour between 1.9 and 2.x Moodle. I'm not saying that nothing is wrong in Moodle (in respect of reporting the error - or failing to), I'm just suggesting that it's not the place to start looking.

My usual advice for any LDAP issue is to take Moodle out of the equation and check very carefully that everything is ok using an LDAP search tool before (from the Moodle server) before you do anything else.
Average of ratings: -
In reply to Howard Miller

Re: LDAP Authentication Error

by Constance Kan -

I've turned off the Friendly HTTP Error message in the IE browser and this is the actual error message:

[client XXX.XX.XX.XXX] http://moodle.fareham.ac.uk Failed Login: 123 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30618; .NET4.0C)

I know it is a failed login but why is it not going to the "Returning to this website page" so that the user can be prompted to login again - like in v.1.9?

I've also reported this as a bug but the guy refer me back to this forum! sad

"Somebody who understands LDAP and IIS might explain this"

Please could someone help?

Average of ratings: -
In reply to Constance Kan

Re: LDAP Authentication Error

by Richard Oelmann -
Picture of Core developers Picture of Plugin developers Picture of Testers

I won't claim to understand LDAP and IIS - but my take on this would be that the error you are seeing is a server error and not a moodle error and it is therefore pointing at the server error page (e.g. the friendly http IE message you disabled) and that this is being thrown up by the server before any return to any moodle error page can be attempted by moodle itself.

i don't know the ins and outs - but if you are able to turn off the http message, are you able to redirect it so that when the error is reported to the browser it points back to the required moodle page instead of the http error page?

Richard

Average of ratings: -
In reply to Richard Oelmann

Re: LDAP Authentication Error

by Constance Kan -

Thanks Richard.  I agree that it is a serer error and it is being thrown up before returning to Moodle.  I was trying to debug it in the \login\index.php page but I receive this error before seeing any of my debug text.  But how do you "turn off the http message" ?

Average of ratings: -
In reply to Constance Kan

Re: LDAP Authentication Error

by Constance Kan -

We've upgraded to version 2.2.1 and the "bug" has gone away.  Thanks everyone.

Average of ratings: -