Moodle Auth over LDAPS

Moodle Auth over LDAPS

by Deleted user -
Number of replies: 4

Hi,


I have setup a test network with a test Active Directory Domain, and a Windows 7 Client (hopefully Server 2008 soon) as the Moodle Server.

I can get LDAP working, but if i use wireshark, the password can be seen, so i am working on LDAPS.

I have created a CA on my test domain controller, and have a Certificate, but i am not sure where to copy the CER file to?

If i just leave as is, this i get:


LDAP-module cannot connect to any servers: Server: 'ldaps://10.10.10.237', Connection: 'Resource id #81', Bind result: ''

More information about this error

Debug info:
Error code: auth_ldap_noconnect_all
Stack trace:
line 463 of \lib\setuplib.php: moodle_exception thrown
line 2147 of \auth\ldap\auth.php: call to print_error()
line 194 of \auth\ldap\auth.php: call to auth_plugin_ldap->ldap_connect()
line 4487 of \lib\moodlelib.php: call to auth_plugin_ldap->user_login()
line 1760 of \auth\ldap\auth.php: call to authenticate_user_login()
line 26 of \auth\ldap\ntlmsso_finish.php: call to auth_plugin_ldap->ntlmsso_finish()


I would prefer LDAPS, but will consider LDAP + NTLM.

Can anybody help with LDAPS?


Thanks

Average of ratings: -
In reply to Deleted user

Re: Moodle Auth over LDAPS

by Mark Hall -

   Here is a support link that I found for enabling LDAPS on a DC.   http://support.microsoft.com/kb/321051.   This refers to third party but I think it should do the trick.    

The one below is for self-signed certificates:   

http://www.javaxt.com/Tutorials/Windows/How_to_Enable_LDAPS_in_Active_Directory

Average of ratings: Useful (1)
In reply to Mark Hall

Re: Moodle Auth over LDAPS

by Deleted user -

Thanks for the reply Mark,

The links you provided were in the right direction, but i think i have figured it out.

I think I have found a spelling error on Moodles site, and it's a major pain. This has put me back about 6 weeks.

 

Here:

https://docs.moodle.org/28/en/LDAP_authentication#Enabling_LDAPS_on_your_Moodle_server

 

Windows servers

These instructions are for establishing a link using an unverified self-signed certificate


You can tell PHP's OpenLDAP extension to disable SSL server certificate checking to do this you must create a directory called C:\OpenLDAP\sysconf. In this directory, create a file called ldap.conf with the following content: 

TLS_REQCERT never

(If you are using certain versions of PHP 5.3.x you may need to place the file at other locations, see PHP bug #48866)

Now you should be able to use ldaps:// when connecting to your LDAP server.

 

OK, so the writing in RED has an error.

It should be:  C:\OpenLDAP\sysconf\ldap.conf

 

Here is more proof:

https://bugs.php.net/bug.php?id=48866

 

So, this will be effecting many people.

 

Thanks

Average of ratings: -
In reply to Deleted user

Re: Moodle Auth over LDAPS

by Deleted user -

I was using a internal Server 2008 CA.

Also, it may be best practice to you the FQDN instead of the IP, and also put 636 at the end.


Regards

Average of ratings: -
In reply to Deleted user

Re: Moodle Auth over LDAPS

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

I don't see the error.  It is telling to create the directory first and then create the file.  Your supposed correction just references the file.

The documentation is all a wiki created by users for users.  You are welcome to fix things.

Average of ratings: -