Can not use Active Directory Security Groups

Can not use Active Directory Security Groups

by mscag mscag -
Number of replies: 5

Hi,

I have managed to make my newly installed Moodle do authentication using our Active Directory. Moodle (v.3.4) is running on Ubuntu 16.04LTS server, and the AD is on W2012 R2.

I have managed to set multiple "Contexts" in "User Lookup Settings" using "ou=users,ou=company-1,dc=domain-1,dc=com; ou=users,ou=company-2,dc=domain-2,dc=com; "  and the accounts get synch'ed, but I need to benefit from the SecurityGroups of AD.

I tried using "memberof=cn=allusers,ou=groups,ou=company,dc=domain,dc=com;" but this gives the "Did not get any users from LDAP -- error? -- exiting" error.

Any help is appreciated.

Average of ratings: -
In reply to mscag mscag

Re: Can not use Active Directory Security Groups

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

You need to put something like this in Object Class field:

(|(&(objectClass=user)(!(objectClass=computer))(memberOf=cn=allusers,ou=groups,ou=company,dc=domain,dc=com)))

Average of ratings: -
In reply to Emma Richardson

Re: Can not use Active Directory Security Groups

by mscag mscag -

Hi Emma,


I am not that much experienced on Moodle and LDAP. The group I need to benefit from is in the context "cn=Moodle Users,ou=department,ou=faculty,dc=ourschool,dc=com;"

So I tried using
"(|(&(objectclass=user)(!(objectclass=computer))(memberof=cn=moodle users,ou=department,ou=faculty,dc=ourschool,dc=com;)))"
for Object Class parameter, and
"ou=department,ou=faculty,dc=ourschool,dc=com;"
for Contexts but I still get the "Creating temporary table tmp_extuser. Did not get any users from LDAP -- error? -- exiting" error.

I even tried both values after trimming the Faculty and Department OU's, but no success.

There must be something that I am missing.

Average of ratings: -
In reply to mscag mscag

Re: Can not use Active Directory Security Groups

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

The object class has to point to the place where the security group is located - is that where it is?  And the context to the ou that the users are in.

What happens when you try to log in as one of those users?  What error do you see?  Bind error or incorrect login?

Average of ratings: -
In reply to Emma Richardson

Re: Can not use Active Directory Security Groups

by mscag mscag -

The Object Class is pointing to the place where the Security Group is located. However, the users are located in multiple OU's and I didn't know how to specify the Context. I have tried specifying multiple OU's within the Context (separating them with ";") and not use the Object Class, and it works.

Is there any solution for this issue apart from specifying all the OU's in the Context ? I have more then 10 OU's and I wonder how many of these would fit in the Context field.

Regards.

Average of ratings: -
In reply to mscag mscag

Re: Can not use Active Directory Security Groups

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

If it works without the object class being set then it is not your context field that is causing issues though if you are using a group to pick your users for login then you could just reference the whole domain in your context. 

Once you get the object class working then it really isn't as important to limit to context - just make sure you have selected the Search Subcontexts option.

If you copy and pasted your object class, you have a semi colon at the end that does not belong there.  Get rid of that and it should work.

 

Average of ratings: -