Authentication

long ldap basedn not working

 
Picture of Hafriz Azhan
long ldap basedn not working
 

hi,

our colleage has just new install for moodle 2.4 before this we are using 1.9. I have a problem with multiple ldap. we have multiple ldap base dn for multiple type user that differentiate between staff and student. 

I have no problem with staff basedn which we use ou=People,dc=umt,dc=edu,dc=my

the problem is my student can't login although i just put vd=student.umt.edu.my,o=hosting,dc=umt,dc=edu,dc=my

our basedn now use : 

ou=People,dc=umt,dc=edu,dc=my; vd=student.umt.edu.my,o=hosting,dc=umt,dc=edu,dc=my

i can make it working in moodle 1.9 but not in moodle 2.4

anyone know what is the problem?  i have try to put only vd=student.umt.edu.my,o=hosting,dc=umt,dc=edu,dc=my and use student id and password, it still not working

 
Average of ratings: -
Picture of Iñaki Arenaza
Re: long ldap basedn not working
Core developersDocumentation writersParticularly helpful MoodlersPlugin developers

I'm only guessing here, as you haven't published your LDAP settings, but did you set 'Search subcontexts' to true in your Moodle 2.4 install?

Saludos. Iñaki.

 
Average of ratings: -
Picture of Hafriz Azhan
Re: long ldap basedn not working
 

Hi Inaki

thanks for your reply. i think it isnt because of long ldap basedn. but because of context search. We have try with ldap.exe and also with ldapsearch. both working fine for searching student.

here is our ldap settings 

Host URL : 192.168.123.12

Version : 3

LDAP Encoding : utf-8

Page Size : 250

Hide Pass : NO

Distinguished Name : cn=Sysadmin,o=DSA,dc=domain,dc=edu,dc=my

Password : somepasswordhere

Usertype : PosixAccount (rfc2307)

Contexts : ou=people,dc=domain,dc=edu,dc=my;vd=student.domain.edu.my,o=hosting,dc=domain,dc=edu,dc=my;vd=pps.domain.my,o=hosting,dc=domain,dc=edu,dc=my (we also try use dc=domain,dc=edu,dc=my)

Search Subcontets : Yes

Dreference Aliases : No

User Attribute : Uid (we also try use blank)

Member attribute : blank

Member attribute uses dn : blank

Object Class : blank

Others is as is

We also try use to ldapsearch function and the log as below . 

elearning5# ldapsearch -x -b 'dc=domain,dc=edu,dc=my' -h 192.168.123.12 'uid=studentid'

  1. extended LDIF
    #
  2. LDAPv3
  3. base <dc=domain,dc=edu,dc=domain> with scope subtree
  4. filter: uid=studentid
  5. requesting: ALL
    #
  1. studentid@mydomain.my, student.domain.my, hosting, domain.my
    dn: mail=studentid@student.domain.my,vd=student.domain.my,o=hosting,dc=domain,dc=
    edu,dc=my
    cn: John Doe
    mail: studentid@mydomain.my
    uid: studentid
    objectClass: top
    objectClass: inetOrgPerson
    objectClass: VirtualMailAccount
    objectClass: Vacation
    objectClass: amavisAccount
    objectClass: VirtualForward
    objectClass: domainObject
    sn: johndoe
  1. search result
    search: 2
    result: 0 Success
  1. numResponses: 2
  2. numEntries: 1

We don't have anyproblem to login using staff id which i believe in a top layer. What we know from our ldap guy, our student ldap use virtual domain for our student (vd=student.domain.my, o=hosting, dc=domain, dc=my) 

For your information, we also use the same configuration for our moodle 1.9 and there is no problem with it. Only after migrate to moodle 2.4 we do have a problem and i setup a test environment which is looks like it also have problem with moodle 2.3

We also try to do ldap sync script  in moodle 2.3 and do setup with only student context and the login for student still not working and the script output is : 

Connecting to LDAP server...
Creating temporary table tmp_extuser
Did not get any users from LDAP -- error? -- exiting

Thanks a lot

syed

 
Average of ratings: -
Picture of Hafriz Azhan
Re: long ldap basedn not working
 

found out the different is :

$ldap_result = ldap_search($ldapconnection, $context,
'(&'.$objectclass.'('.$search_attrib.'='.ldap_filter_addslashes($username).'))',
array($search_attrib));

regardng the objectclass. how to 'not use' object class?

thanks 

 
Average of ratings: -
Picture of Hafriz Azhan
Re: long ldap basedn not working
 

just to let you all know, after study back all the codes.. now i get the solution

my solution is putting "top" for objectclass

thanks 

 
Average of ratings: -
Picture of Iñaki Arenaza
Re: long ldap basedn not working
Core developersDocumentation writersParticularly helpful MoodlersPlugin developers

I'd use 'inetOrgPerson' for your objectClass, as that's really the structural object class you are using for your users (according to the output of ldapsearch you sent before).

'top' is not really meant as a final object class.

Saludos. Iñaki.

 
Average of ratings: -