LDAP Authentication fails

LDAP Authentication fails

by Mustafa A. -
Number of replies: 5

Hello,

I set up a Moodle on IIS (Windows Server 2012 R2) for internal trainings within our company. I can manually create users and login with them.

We need to authenticate users from Active Directory. I enabled LDAP server plugin and entered the following settings:

Host URL: ldap://IP_ADDRESS:3268
LDAP encoding: utf-8
Distinguished name: CN=ServiceGp,OU=Other Users,OU=All Users,DC=fw,DC=teknoloji,DC=com,DC=tr
Password: ***
User type: MS ActiveDirectory
Contexts: dc=com,dc=tr
Search subcontexts: Yes
Dereference aliases: No


Now, when I try logging in with a user that appeaars in Active Directory, login fails and I get only the error message: 

ErrorInvalid login, please try again

I'm not even sure if it tried querying on the Active Directory server, or if it was blocked by the firewall, or if the bind password was wrong, etc.

Are there any steps I am missing?

How can I get more detailed error messages?

best wishes

Average of ratings: -
In reply to Mustafa A.

Re: LDAP Authentication fails

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

Invalid login normally indicates a successful bind but either a bad password or an unfound user. You could turn debugging on to see if it pulls any more messages. Found under SiteAdmin/Development/Debugging.

 Try adding OU=All users to your context.

Do you have samaccountname in the User Attribute field?

Average of ratings: -
In reply to Emma Richardson

Re: LDAP Authentication fails

by Mustafa A. -

Hi Emma,

I enabled Debugging. When I change my context to 

dc=com,dc=tr,ou=all users

I start getting:

PHP Warning:  ldap_search(): Search: Operations error in C:\inetpub\wwwroot\moodle\lib\ldaplib.php on line 276


Average of ratings: -
In reply to Emma Richardson

Re: LDAP Authentication fails

by Mustafa A. -

thanks Emma, now I can login. When I dived into the logs, I found out that bind was successful but context was wrong.

Average of ratings: -
In reply to Mustafa A.

Re: LDAP Authentication fails

by Oliver Jackson -

My LDAP bind user DN is specified with a UPN suffix like this:

moodlebind@mydomain.com.au

So maybe try Distinguished name : ServiceGp@teknoloji.com.tr


Average of ratings: -
In reply to Oliver Jackson

Re: LDAP Authentication fails

by Dave Perry -
Picture of Testers

On our AD, that username format works for some things not other (e.g. does in shibboleth, but not for moodle).

Our bind user is something like CN=MoodleAccess,OU=ServiceAccounts,.....

Average of ratings: -