Could not find user

Could not find user

by Kyler Moore -
Number of replies: 3

Hi there,


  We have been using moodle for several years now and everything was working as it should with adding new users.  However, now I am having an issue creating new users using LDAP Authentication against our Active Directory.  I am seeing the error: 

  

Could not find user 'CN=*USER,OU=STUDENTS,OU=BUILDING,DC=DOMAIN,DC=INTERNAL'


However, if I manually add the student myself and select LDAP authentication, everything syncs and works just fine.  I did a bit of searching around and I haven't come to a clear answer as to what this issue may be.  Anyone have any ideas?  Any help would be appreciated.  

Average of ratings: -
In reply to Kyler Moore

Re: Could not find user

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
Hi

> We have been using moodle for several years now and everything was working as it should with adding new users.

Go through your LDAP settings (Site administration > Plugins > Authentication > LDAP server) comparing them to the documentation https://docs.moodle.org/en/LDAP_authentication.

> However, now I am having an issue creating new users using LDAP Authentication against our Active Directory. I am seeing the error:
>
> Could not find user 'CN=*USER,OU=STUDENTS,OU=BUILDING,DC=DOMAIN,DC=INTERNAL'

Did you try to annonymize the error message or is it literally that? Where does this message appear: as the user tries to login or when an sync script is run in the back end? Is the CN the user who is trying to log in or is it the bind user?

What has changed between then and now: A Moodle upgrade? The AD admins tuned something?

> However, if I manually add the student myself and select LDAP authentication, everything syncs and works just fine.

What to you mean by "sync": The user can login with the password in the AD? Inspect the table 'user' in the Moodle database, especially comparing the records with auth='ldap' and to auth='manual'.

BTW, what is the User attribute (auth_ldap | user_attribute) in the LDAP configuration?
Average of ratings: -
In reply to Visvanath Ratnaweera

Re: Could not find user

by Kyler Moore -

Thanks for the reply.

Our LDAP configuration is correct with the LDAP_authentication documentation.  

I did annonymize the error message.  It does show up as "Could not find user" then the specific location it exists in AD.  That seemed to check out.

It turns out our recent update had no relation to our error.

What I meant by sync was that if you created the user manually and select LDAP Authentication, the user would successfully create and it would use their Active Directory password.  

I ended up figuring it out.  It turns out we have an Active Directory user in our environment that has invalid characters.  I ran the file in ../user/auth/ldap/cli/sync_users.php and it returned invalid characters but didn't return the offender..  Due to this error, it would not continue to create the accounts in Moodle that were not having issues which is why about 3000 accounts were not being created..  We have a very high amount of users so it may be difficult to go one by one to figure out the culprit.  Looks like there is an option to enable extended characters.  That at least has us running right now.  going to try and hunt down that user.


Hope this helps for anyone else having the same issue. 


Also, thanks again for your reply.


Average of ratings: Useful (1)
In reply to Kyler Moore

Re: Could not find user

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
Glad that you could localize the issue. When you said "adding new users" in your original post, you meant running ./user/auth/ldap/cli/sync_users.php, right? You know that Moodle can be configured to create the user as he logs in the first time (without running sync_users.php)?

I am curious: What made a manually created user, after manually setting the authentication to LDAP, to recognize him as the correct user in AD? The username? Has it any connection to auth_ldap | user_attribute?
Average of ratings: -