when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by zizo zizo -
Number of replies: 22

Dear All , I need your help 

this error appears 

LDAP-module cannot connect to any servers: Server: 'ldap://10.1.2.10', Connection: 'Resource id #77', Bind result: ''

when i want to connect with LDAP with my moodle2.6 hosted in bluehost  

i tried all instruction such as

1- ldp.exe as this link

 https://docs.moodle.org/25/en/Active_Directory

2- all forms for Host URL with ldap:// or without with port or out like this ldap://10.1.2.10:389

3- i use dn as CN=elearn,OU=TestOU,DC=mydomain,DC=COM

4- context as ou=testou,dc=mydomain,dc=com

5- i create new OU and Create inside it two users one with read permission for plugin setting  and other i use it for login 

6- added sAMAccountname for user attribute

sorry for my english

Please need urgunt help and support

Thanks




Average of ratings: -
In reply to zizo zizo

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

You are using an internal address - Bluehost is external.  You need to use your external address to your ldap server.  Does it not have a DNS name?  "mail.yourwebsite.com" for example.

Average of ratings: Useful (1)
In reply to Emma Richardson

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by zizo zizo -

Many thanks 

 We have https://webmail.mydomain.com . Can i use it in host URL

Average of ratings: -
In reply to zizo zizo

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

You need to use the ldap address - should be something like ldap://yourdomain.com (where your domain is where the active directory is stored).  Might have confused you with the mail reference - sorry, you need your main domain server.

Average of ratings: Useful (1)
In reply to Emma Richardson

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by zizo zizo -
Many thanks for your help and time . It's working internal and waiting our network admin provide me with external address and back to you 

Thanks

Average of ratings: -
In reply to zizo zizo

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by zizo zizo -

Please can help us. when i contact with our network admin he can not provide us with external ip because he worried about security issues about user data in active directory  between our network and blue host . We need your help if we can make our moodle on bluehost and our user can login first time inside our network using lDAP Auth then his data stored in moodle . please how can do this 

Thanks

Average of ratings: -
In reply to zizo zizo

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by Dave Perry -
Picture of Testers

Are you running your moodle on shared hosting (i.e. a standard web hosting package) or a dedicated server? If it's a dedicated server, where you can access the command line via ssh, then you could install Shibboleth Service Provider on there (or get someone else to) - and ask your network admin to facilitate a Shibboleth Identity Provider on your internal network. Moodle has built in shibboleth code (we went AD, but I did have the Shibboleth approach working).

So to login, instead of having the login form on the homepage, you add a link (on the homepage) to yoursite/auth/shibboleth/ (I think) - the SP software running on the server then runs back to the IdP on your network, gets the username/password, and once they've logged in to that successfully passes the login details back to moodle.

If that's a no goer then you'll have to bring moodle on site. Or ask your admin if they would allow ldaps:// (certificate-protected) external access to a heavily locked down AD DC.

Average of ratings: -
In reply to Dave Perry

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by zizo zizo -

Thanks David Perry 

 Now it is shared hosting . There is other way else is more simple as you suggest 

Average of ratings: -
In reply to zizo zizo

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by Dave Perry -
Picture of Testers

Moving  on site (I'm sure your network admin can setup a server for you, especially if you have virtualised infrastructure) would be the simplest. Our moodle server used to be in a DMZ, so it was on one of our networks but there was a firewall in the way to stop it seeing everything (we had holes opened specifically to connect to LDAP and SQL servers).

Setting up a Shibboleth IdP CAN be a pain, I'm going through it now setting up a new one. A shibboleth SP is about an hour's work when you've done a bit of planning.

HTH

Average of ratings: -
In reply to Dave Perry

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by zizo zizo -

Many thanks David Perry

I will forward your suggested scenarios to our network teamand waiting their reply

Thanks

Average of ratings: -
In reply to zizo zizo

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

You can also use LDAPS (ssl connection) which might make your network guys happier.  That is just a case of using the url ldaps://yourserver.com.  There will need to be a certificate on your server and you might need to change the port depending on your server setup. 

Average of ratings: -
In reply to Emma Richardson

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by zizo zizo -

Many Thanks Emma Richardson,

Unfortunately . our network team reply me that we didn't have external AD address . How can we solve this issues because we already finish our moodle setup and upload courses on blue host and we still need to authenticate with our AD .

Thanks


Average of ratings: -
In reply to zizo zizo

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by Dave Perry -
Picture of Testers

You could setup a plain moodle on site, then export the database from bluehost, and copy all the /moodledata files off there, and put them onto the onsite one.

Or, you can Backup each course from the bluehost moodle, and import it to your onsite moodle.

I suspect bluehost won't support Shibboleth on shared hosting, so if you want AD login (which I would) then you have to come on site.

Unless I haven't thought of something.

Average of ratings: -
In reply to zizo zizo

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

David is correct.  If you cannot access your AD from outside the network, it is pretty much impossible without moving your Moodle site inside your network.  Alternatively, have them set up an external ip....

Average of ratings: -
In reply to Emma Richardson

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by zizo zizo -

Many thanks Emma Richardson and David Perry


Average of ratings: -
In reply to zizo zizo

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by zizo zizo -
Thanks for your help and support . 


1- If there is any risk related to security to set up an external address for our Active directory and integrate it with Moodle because our network team are afraid of this point . 

2- Importing users data from our ERB or Active directory then upload it into moodle and repeat this process every week or month is best choice to avoid setup external address for our Active directory or not ?

Thanks


Average of ratings: -
In reply to zizo zizo

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

Well there is always some risk.  You can set your moodle site to use https which will then encrypt passwords.  Your network guys should be aware of all of this. 

Average of ratings: -
In reply to Emma Richardson

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by zizo zizo -
Thanks . only if we use https we will avoid this risk
Average of ratings: -
In reply to zizo zizo

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

Using https and ldaps will give you the best security.  The security experts here might have other suggestions for you.

Average of ratings: -
In reply to Emma Richardson

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by zizo zizo -
Thanks . Please security experts we are waiting suggestions for you for this post
Average of ratings: -
In reply to zizo zizo

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
What needed are competent system and network administrators on either side. For example, the network administrator of your institution can open the firewall based on the IP address of the Moodle server. Or, even tighter, only to those particular (network) ports required. The Moodle system adminstrator can verify through an independent tool, like ldapsearch.
Average of ratings: -
In reply to Visvanath Ratnaweera

Re: when i want to connect with LDAP with my moodle2.6 hosted in bluehost but i can't

by zizo zizo -

Thanks Visvanath ,

Can you Please Moodle admin can verify using ldapsearch ?

Thanks

Average of ratings: -