Hi,
I'm having some issues with LDAP authentication, more specifically with the LDAP users sync job \auth_ldap\task\sync_task
My Daskboard/Site administration/Plugins/Authentication/LDAP server is configured, Test settings is successful. I've attached screenshots, to help with the diagnostic.
The issue arises when I Run now \auth_ldap\task\sync_task. It gives me this :
Execute scheduled task: Tâche de synchronisation pour utilisateurs LDAP (auth_ldap\task\sync_task) ... started 15:49:52. Current memory use 8.7MB. Connection au serveur LDAP...Création de la table temporaire tmp_extuser(sorry about the french part : it says "No users fetched from LDAP", roughly).
Warning: ldap_search(): Search: Operations error in /var/www/moodle/auth/ldap/auth.php on line 713
Aucun utilisateur obtenu depuis LDAP
Fatal error: Uncaught coding_exception: Erreur de programmation détectée. Ceci doit être corrigé par un programmeur : A lock was created but not released at: /var/www/moodle/lib/cronlib.php on line 279 Code should look like: $factory = \core\lock\lock_config::get_lock_factory('type'); $lock = $factory->get_lock(Resource id #512); $lock->release(); // Locks must ALWAYS be released like this. in /var/www/moodle/lib/classes/lock/lock.php:117 Stack trace: #0 [internal function]: core\lock\lock->__destruct() #1 {main} thrown in /var/www/moodle/lib/classes/lock/lock.php on line 117
I've found out that the field "auth_ldap | contexts" it pasted into a ldap_search without quotes, which causes problems since every comma used in a LDAP path is interpreted as a separator between ldap_search arguments. So I tried to single or double quote the Context, which caused another issue :
Warning: ldap_search(): Search: Invalid DN syntax in /var/www/moodle/auth/ldap/auth.php on line 713
I also tried leaving the Context empty, letting PHP rely on my /etc/ldap.conf (which is correctly configured), but I got this error :
Execute scheduled task: Tâche de synchronisation pour utilisateurs LDAP (auth_ldap\task\sync_task) ... started 15:54:29. Current memory use 8.7MB. Connection au serveur LDAP...Création de la table temporaire tmp_extuserAucun utilisateur obtenu depuis LDAPStill no user found, and still that lock error... but the syntax error is gone.
Fatal error: Uncaught coding_exception: Erreur de programmation détectée. Ceci doit être corrigé par un programmeur : A lock was created but not released at: /var/www/moodle/lib/cronlib.php on line 279 Code should look like: $factory = \core\lock\lock_config::get_lock_factory('type'); $lock = $factory->get_lock(Resource id #513); $lock->release(); // Locks must ALWAYS be released like this. in /var/www/moodle/lib/classes/lock/lock.php:117 Stack trace: #0 [internal function]: core\lock\lock->__destruct() #1 {main} thrown in /var/www/moodle/lib/classes/lock/lock.php on line 117
When I try a ldapsearch with the same settings as the ones I used to configure this module, it works :
~# ldapsearch -x -H ldaps://192.168.233.30 -D "CN=moodle,OU=SERVICES,DC=auth,DC=bipase,DC=local" -w ********* "(samaccountname=*)"
...
# numResponses: 120
# numEntries: 116
# numReferences: 3
(output cut for readability, but believe me, it works )
I've been tinkering with it for hours, and I can't find a way to make it work... If you have anything that could give me a clue, that would be great.
Moodle is installed on a Debian 9, with apache2 & MariaDB.
The LDAP server is actually a SAMBA4 configured as a AD DC, with a working configuration : it is already used by my NAS, an IRC server, and for proxy auth by squid3/squidGuard.
... and that's all I can think of that could have an importance in the matter...
Don't hesitate to ask questions, I'll be in the office waiting for input and trying different approaches until it works anyway
Thanks !
