LDAP AD (windows 2k3) with Enrolment Plugin(LDAP)

LDAP AD (windows 2k3) with Enrolment Plugin(LDAP)

by Graham Asplet -
Number of replies: 3

Hi all,  firstly, love moodle ;)

I have got LDAP to work great with w2k3 however when following Lars guide,  it seems windows 2003 ad doesnt have a uid in the schema.(part 1)  After looking at it most of the afternoon, I am looking for some help!

I have added a group under a seperate OU by when looking at the AD I have noticed that the schema is member, which i changed in the enrolment plugin and the information is in the form of CN=<user>,OU=whereever,DN......

so what would the reference be in the LDAP auth part? 

Has anyone setup Enrolment Plugin with windows 2003 server? A little guidance would be great!

Cheers,

Graham Asplet

Average of ratings: -
In reply to Graham Asplet

Re: LDAP AD (windows 2k3) with Enrolment Plugin(LDAP)

by Rory Allford -
Just from my own experience, to get it to work on Win2K3, ldap_x_memberattribute needs to be "member" and enrol_ldap_objectclass should be defined as "objectClass=user". Additionally you may need to specify in your config file or the mdl_config table " ldap_memberattribute_isdn" = "1" for the group membership functions to work using the new AD style in this case. Another thing, usernames are now the "sAMAccountName" object attribute, "cn" is equivalent to Fullname.
Hope this helps smile.
Average of ratings: -
In reply to Rory Allford

Re: LDAP AD (windows 2k3) with Enrolment Plugin(LDAP)

by Graham Asplet -

Thanks for the info.  It isnt working yet, however.  How do i get "ldap_memberattribute_isdn" = "1" into the config file?  When i get to work on monday i will post some info regarding the setup i have.

Cheers,

Graham Asplet

Average of ratings: -
In reply to Graham Asplet

Re: LDAP AD (windows 2k3) with Enrolment Plugin(LDAP)

by Rory Allford -
You can add the value to the mdl_config table or simply hard-code $CFG->ldap_memberattribute_isdn=1; in your config.php file. That's just because win2K4 uses distinguished names ("CN=something,DC=domain" etc) for resolving a user's group membership, whereas 2000/NT simply used the group name, which I thought might affect the enrolment plugin. If you're not using it already the ADSI editor (mmc snapin in w2k4 reskit) is very useful. smile
Average of ratings: -