I am not able to authenticate through LDAP. I have the following settings:
LDAP server settings
Host url: 192.168.1.115
version: 3
Use TLS: no
LDAP encoding: utf8
Page size: 250
Bind settings
Don't cache passwords: yes
Distinguished name: cn=Administrator,ou=users,dc=northfields,dc=local
Password: xxxxxxx
User lookup settings
User type: MS ActiveDirectory
Contexts:ou=users,dc=northfields,dc=local
Search subcontexts: yes
Dereference aliases: yes
User attribute: samaccountname
Thanks,
Mevin
Start by formatting your ip to read: ldap://192.168.1.115
I presume that this whole installation is just being hosted internally..?
Changed the url to ldap://192.168.1.115. And yes I am testing internally. When I login, I get invalid login.
Thank you for your support.
Hi,
Are you sure the user name you are using is the one that matches the sAMAccountName attribute in Active Directory?
There are two User Logon Name values listed on the Account tab in the Active Directory Users and Computers console and these may be different.
Leon Stringer
Seeing as you are using admin account, I presume that that user does have appropriate rights on AD? Invalid login normally means the login/password is wrong for the user trying to login. Are you just using the username? No domain at the beginning...that is how it should be...
On the LDAP docs page there is a link to a tool called ldap.exe - try running it from a windows machine - it will help you verify your settings.
It would be helpful to know what error you are receiving, but here's some heplful info to help you get started.
Check out this page https://docs.moodle.org/30/en/Active_Directory#Troubleshooting_AD_and_LDAP_authentication
Basically your going to want to use ldp.exe to play around with it until you find the settings that work. What worked for me was changing the DN from CN=xxx to xxx@"domain"."tld"
Hello Joshua,
Changed the base DN but even then I am not able to login.
Again it would be helpful to know what error your getting. What does moodle tell you when you try to login?
Also your going to want to use ldp.exe. The output from that will be really helpful in troubleshooting.
ldp.exe seems to be working on prior versions of Windows. I have Windows Server 2012 and I couldn't find a compatible version of it.
Are there any alternatives of it for testing LDAP configuration?
Just run it from any windows desktop - it should work fine.
Hi all,
Changed url to ldap://192.168.1.115
DN: mevin@northfields.local
Contexts: dc=northfields, dc=local
And now it is working. Thank you all for your precious support. Now I would like to import all users from AD. I tried exporting the users in csv format. But when I upload, it does not work. I do not have my VM with me right now. But will forward the message error later today.
Thanks,
Mevin
Glad to hear it
1. Please tell me that config is for testing purposes only. Using your account for sync means that sync will break every time you change your password, and you'll have to reconfigure Moodle. It's probably best to make a service account (you can call it "moodlesync") specifically for this purpose.
2. While optional, I'd recommend setting your context to the actual OU you store your users in. The way you have it now it will pull in a lot of accounts that may not necessarily belong to any person, and will just clutter your user store. Something like cn=users, dc=northfields, dc=local.
Now on to your question:
You'll want to enable the scheduled task so that the LDAP sync actually does stuff. Until then the LDAP module won't do anything.
https://docs.moodle.org/30/en/Scheduled_tasks
https://docs.moodle.org/30/en/Administration_via_command_line#Scheduled_tasks
There is a sync utility in auth/ldap/cli. Just run that ...
Hi,
I also added the following in cron in order for the site to run properly as mentioned in the docs. Yes that config is for testing purposes only until to install in production.
And I have also made the change to cn=users, dc=northfields, dc=local.
I have added the following crons:
* * * * * /usr/bin/php /var/www/moodle/admin/cli/cron.php >/dev/null
* * * * * /usr/bin/php /var/www/html/moodle/auth/ldap/cli/sync_users.php
WIll these normally enough to pull all users to moodle from AD?
Thank you.
Yes..I am presuming you replaced some of the stars with times..
Have you checked that you have LDAP set up correctly now? You can log in with an LDAP account?
Oh just noticed that you have a different path to your moodle cron than to your ldap cron - I think you probably need to add html to your first path or remove it from your second...
Yes thank you. I made a mistake on the cron. All the users have been imported. Well this was only a test environment. I will need to implement it. Is there any limit on the users it will import?
Thank you.
