Unfortunately, I have the most embarrassing question to ask: are they entering their username and password correctly? Are they able to log in to other services that use your LDAP server
for authentication? When I look at my user logs, I believe that error ID 3 corresponds to an incorrect password.
"Login failed for user 'firstname.lastname@example.org'. Most likely the password did not match (error ID '3')."
You might want to confirm that their username in Moodle matches the corresponding field in your LDAP system. Should their username include the domain
? In our LDAP setup, we have set "User attribute" to "mail" so that people need to login with their full email address, not just the username.
All that said, I have encountered a problem where my setup was fine, and the user could authenticate to some services... but not others, including our Moodle. I do not administer the users in our LDAP system, so I had to punt the issue to our IT department. I believe the issue was related her being logged in to another device with a bad password, and our system's policies for dealing with that situation (which possibly does not apply to you). My best recommendation would be to collect as much information as possible and really isolate the problem.