LDAP Authentication but not reach the user name

Re: LDAP Authentication but not reach the user name

by Ken Task -
Number of replies: 3
Picture of Particularly helpful Moodlers

Not sure it's wise to allow Moodle to update LDAP - although potentially it could.  Most LDAP server admins that I have worked with would prefer that accounts be changed only on the LDAP server by authorized server admins.

Moodle requires username, first name, last name, and an EMail address on bulk uploads, but seems to change somethings with LDAP authentications ... one must have Country as well as City/State.  Any of the moodle *required* fields for a profile that is NOT obtained from LDAP will result in the user being thrown into their profile.  And, even though they don't know it, when they make/change entries, Moodle is attempting to make changes to LDAP - which is not setup.

So think your issue is related to configuration of LDAP in Moodle.  At the bottom of that form there is the section on Data mapping.

First name = givenName
Surname = sn
EMail address = mail
City/Town = l
Country = c

Those attributes must exist in LDAP and could be different in your setup.  Under each, there is a drop down list: Update Local
Think it wise to have that set to for each above to: on every login
Update external: set to never (which is default).  Even if you set this one otherwise, LDAP server might reject changes unless it's setup to allow ... again ... don't think that wise at all.

You've not mentioned what your Moodle server's 'flavor' is ... Windows or Linux.  If Linux, one could use ldapsearch from the command line to test access to the LDAP server (can't change/edit ... just query/test).

'spirit of sharing', Ken

Average of ratings: Useful (2)
In reply to Ken Task

Re: LDAP Authentication but not reach the user name

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Just a small note to complement Ken's excellent information (thanks Ken!).

Moodle only redirects the user to the profile page if the first name, last name or email is not filled in (either directly by the user, or obtained from and external source like LDAP). So in this particular case mapping the firstname, lastname and email fields would be enought.

In fact, if you are using Moodle 2.2 or later, so can set a default country and city for all your users, that will be used if they don't specify one (or is not obtained from external sources like LDAP). You can set these defaults in "Site administration >> Location >> Location settings".

Saludos. Iñaki.

Average of ratings: Useful (1)
In reply to Iñaki Arenaza

Re: LDAP Authentication but not reach the user name

by Ken Task -
Picture of Particularly helpful Moodlers

@Iñaki ... thanks for your kind comments.  I like you already ... the way you very politely corrected. ;)  I should have checked.  My 'bad' as they say.

@Gergely ... have you had time to make the changes and test?  Please do let the community know by following up!

'spirit of sharing', Ken

Average of ratings: -
In reply to Ken Task

Re: LDAP Authentication but not reach the user name

by Gergely Toth -

Hello Ken and Iñaki,

Now seems the auth is works fine and the user data is updated from the LDAP.

Currently im using FirsName, Surname and email.

The root cause was: I used the LDAP attributes what you suggested but I didn't set the "Update Local" and changed the "Update External"

Thank you very much again and I hope this topic will help others in the next time.

Gergely from Hungary

 

Average of ratings: -