If the settings are exactly the same then it about has to be a network or firewall issue. If you look at the bottom of the documentation page on LDAP, you will see a link to an ldap tool. I suggest using that to see where the connection is having issues.
Hi,
Thanks for your reply,
I will check that ldap tool and will share the result
Thanks
Senthil
Hi
I run the ldap.exe from the server its connected successfully, but still new users are not getting added when i run the ldap sync, could you please check and let me know the solution for this?
Thanks in Advance,
N.Senthilkumar
Is the production server in the same location as the test server? Did you run the ldap from the production server?
Can you post a screenshot of your ldap settings?
What happens when you try to log in with an ldap account? Does it work?
Hi,
I am able to login to the Moodle using LDAP account without any issues,
I run the LDAP tool from both the server but getting the same message like successfully authenticated using this account
Test server is not the same location in production server, test server is connected to the Domain controller using VPN
Below is the ldp.exe tool result
d = ldap_open("10.9.129.51", 389);
Established connection to 10.9.129.51.
Retrieving base DSA information...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn:
1> currentTime: 4/15/2015 19:9:58 Malay Peninsula Standard Time Malay Peninsula Daylight Time;
1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domainname,DC=com;
1> dsServiceName: CN=NTDS Settings,CN=MADCWDC01,CN=Servers,CN=DatacenterSG1,CN=Sites,CN=Configuration,DC=domainname,DC=com;
5> namingContexts: DC=domainname,DC=com; CN=Configuration,DC=domainname,DC=com; CN=Schema,CN=Configuration,DC=domainname,DC=com; DC=DomainDnsZones,DC=domainname,DC=com; DC=ForestDnsZones,DC=domainname,DC=com;
1> defaultNamingContext: DC=domainname,DC=com;
1> schemaNamingContext: CN=Schema,CN=Configuration,DC=domainname,DC=com;
1> configurationNamingContext: CN=Configuration,DC=domainname,DC=com;
1> rootDomainNamingContext: DC=domainname,DC=com;
29> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413; 2.16.840.1.113730.3.4.9; 2.16.840.1.113730.3.4.10; 1.2.840.113556.1.4.1504; 1.2.840.113556.1.4.1852; 1.2.840.113556.1.4.802; 1.2.840.113556.1.4.1907; 1.2.840.113556.1.4.1948; 1.2.840.113556.1.4.1974; 1.2.840.113556.1.4.1341; 1.2.840.113556.1.4.2026; 1.2.840.113556.1.4.2064; 1.2.840.113556.1.4.2065; 1.2.840.113556.1.4.2066;
2> supportedLDAPVersion: 3; 2;
14> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MinResultSets; MaxResultSetsPerConn; MaxNotificationPerConn; MaxValRange;
1> highestCommittedUSN: 34614349;
4> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5;
1> dnsHostName: MADCWDC01.domainname.com;
1> ldapServiceName: domainname.com:madcwdc01$@domainname.COM;
1> serverName: CN=MADCWDC01,CN=Servers,CN=DatacenterSG1,CN=Sites,CN=Configuration,DC=domainname,DC=com;
5> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1670; 1.2.840.113556.1.4.1791; 1.2.840.113556.1.4.1935; 1.2.840.113556.1.4.2080;
1> isSynchronized: TRUE;
1> isGlobalCatalogReady: TRUE;
1> domainFunctionality: 2 = ( DS_BEHAVIOR_WIN2003 );
1> forestFunctionality: 2 = ( DS_BEHAVIOR_WIN2003 );
1> domainControllerFunctionality: 4;
-----------
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='lms.serviceaccount'; Pwd= <unavailable>; domain = 'domainname'.}
Authenticated as dn:'lms.serviceaccount'.
And also i have attached the LDAP settings screenshot
Thanks in Advacne
N.Senthilkumar
We need Iñaki to think on this - very strange behavior.
So, you say you can log in fine. But can you log in as a new ldap user? One that is not in Moodle already?
Existing users will get updated from the ldap changes but if you delete a user in ldap, it is not suspended in Moodle and if you create a user in ldap it will not get created in Moodle. Do I have that right?
Are you sure you are not using an ou that is not listed in context area correctly?
I would think also that it is a permissions issue but if you are able to update existing users the write permission is obviously working. Are you sure that part is working? That is the bit that makes no sense to me...
I would double-check the permissions on the bind user and make sure that user has the correct access to the users. Double check your context listing - maybe try moving a user to a different ou, changing the context and see if that works.
Also, check that the users have not been created in Moodle already but as manually added - I have seen that happen before and Moodle will ignore them because they already exist with another authentication method.
In addition to all the checks suggested by Emma Richardson, I would enable debugging in the problematic Moodle site.
Sometimes the sync script has trouble syncing the users[1], and unless you enable debugging you don't get all the details that are needed to diagnose the problem.
[1] The interactive login process and the user sync process execute different code, that's why you can have a perfectly working interactive LDAP login and still trying to sync users fails.
Saludos. Iñaki.