I am planning to integrate LDAP Authentication into my moodle website. I have the following information with regards the same -
a) LDAP server IP Address
b) OS
But when I go to the LDAP settings page, I see that it prompts for various parameters, as below. Do I need all of them? -
| LDAP Server Settings : |
| Host URL |
| Version |
| LDAP Encoding |
| Bind Settings : |
| Distinguished Name |
| Password |
Thanks,
Deepak
The short answer is yes. LDAP is a tricky beast and needs to be set just right to get it connecting. Docs are found here.
Hi Emma,
I have done the settings, but not sure as to what is wrong there.
LDAP is using Windows 2008 R2 edition.
Not sure as to what is meant by - DISTINGUISHED NAME. But still I have kept it as cn=deepakg. Also under password, I have entered my LDAP password.
I am using the user Type as MSActive Directory from the dropdown.
User Attribute as - samaccountname
Is it right? How do I know what is wrong? I see the error as -
LDAP-module cannot connect to any servers: Server: 'XX', Connection: 'Resource id #75', Bind result: ''
Thanks,
Deepak
The distinguished name needs to have the full path to the user. It should be in this format:
cn=deepakg,ou=MoodleUsers,ou=People,dc=yourdomain,dc=com (for example)
This user needs to have permission to read the ad users that you are needing to authenticate.
The next thing that is important to get right is the context. It should look like this:
ou=people,dc=yourdomain,dc=com (for example)
If you have additional groups under that ou that you want to include, check the box for that.
Your server url should look like this: ldap://yourserver.yourdomain.com (for example)
Those are the most important settings to get right. There is a link in the docs to a utility that you can use too. It will give you more information. You also need to make sure that your firewall is allowing the connection.
Hi Emma,
I am assuming that these fields - Distinguished name etc. will be provided by the team that maintains the LDAP servers. Can you confirm? Where from can I get this information?
Thanks,
Deepak
Yes, they will have this information. You are looking for the Organizational Units (OU) for your bind user and your group of users. Realistically, if you have a team for your LDAP servers, they should be able to set up this connection for you.
Thank you so much Emma for your help! Now I am able to login to the site using my LDAP details.
One more request - Is there anyway for me to get all the users present in LDAP system be available as users in moodle. Normally they get created in moodle when they login for the first time. But I want them to get created and as and when LDAP team creates /adds new users in AD, they should also get created automatically in Moodle.
Thanks,
Deepak
Not that I know of. The user will be created in Moodle on first login. There are some plugins out there that will sync LDAP groups with course enrollments though if that is what you are looking for. I have not taken that part on yet! I sometimes just use a csv to add my LDAP users and then dump then in Moodle at the same time. Not a perfect solution but that way I can get them in their classes easily.
Thanks for the information Inaki. That was really helpful.