I have a question about Moodle 3.9.2 (Build: 20201016) with LDAP authentication under Linux with PHP 7.4.3.
The installation is fresh and everything is up to date.
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.1 LTS"
I read the help pages and the authentication via LDAP against the AD works.
All employees can log into Moodle with standard rights.
Only the assignment of the group (manager or course creator) via the AD does not work.
Querying the user via an ldapseasrch works, though.
ldapsearch -x -D "CN=moodle Funktions User,OU=Funktionsuser,OU=User,OU=ordner,DC=domain,DC=local" -w "pass" -b "ou=ordner,dc=domain,dc=local" -H ldap://192.168.1.1 "(&(objectClass=user)(memberOf="CN=moodle-manager,OU=Gruppen,OU=ordner,DC=domain,DC=local"))" attrs=sAMAccountName
Zur Not könnte ich die Leute auch über LDAP authentifizieren und die Administaratoren / Kursersteller Rechte von Hand zuweisen.
Nachdem es aber funktionieren sollte frage ich mich, warum es das nicht tut.
I've tried everything possible and can't get on with poking around.
How can I see where it's stuck?
I'm new to Moodle so sorry if there is an obvious log file that I haven't seen.
Here is the config of the LDAP plugin:
-<AUTH_LDAP>
-<SETTINGS>
<HOST_URL>192.168.1.1</HOST_URL>
<LDAP_VERSION>3</LDAP_VERSION>
<START_TLS>0</START_TLS>
<LDAPENCODING>utf-8</LDAPENCODING>
<PAGESIZE>250</PAGESIZE>
<PREVENTPASSINDB>1</PREVENTPASSINDB>
<BIND_DN>CN=moodle Funktions User,OU=Funktionsuser,OU=Terminalserver User,OU=ordner,DC=domain,DC=local</BIND_DN>
<BIND_PW>pass</BIND_PW>
<USER_TYPE>ad</USER_TYPE>
<CONTEXTS>OU=ordner,DC=domain,dc=local</CONTEXTS>
<SEARCH_SUB>1</SEARCH_SUB>
<OPT_DEREF>0</OPT_DEREF>
<MEMBERATTRIBUTE_ISDN>0</MEMBERATTRIBUTE_ISDN>
<OBJECTCLASS>objectClass=*</OBJECTCLASS>
<FORCECHANGEPASSWORD>0</FORCECHANGEPASSWORD>
<STDCHANGEPASSWORD>0</STDCHANGEPASSWORD>
<PASSTYPE>plaintext</PASSTYPE>
<CHANGEPASSWORDURL/>
<EXPIRATION>0</EXPIRATION>
<EXPIRATION_WARNING>10</EXPIRATION_WARNING>
<GRACELOGINS>0</GRACELOGINS>
<AUTH_USER_CREATE>0</AUTH_USER_CREATE>
<CREATE_CONTEXT/>
<MANAGERCONTEXT>CN=moodle-manager,OU=Moodle,OU=Gruppen,OU=ordner,DC=domain,DC=local</MANAGERCONTEXT>
<COURSECREATORCONTEXT>CN=moodle-kursersteller,OU=Moodle,OU=Gruppen,OU=ordner,DC=domain,DC=local</COURSECREATORCONTEXT>
<REMOVEUSER>1</REMOVEUSER>
<SYNC_SUSPENDED>0</SYNC_SUSPENDED>
<NTLMSSO_ENABLED>0</NTLMSSO_ENABLED>
<NTLMSSO_SUBNET/>
<NTLMSSO_IE_FASTPATH>0</NTLMSSO_IE_FASTPATH>
<NTLMSSO_TYPE>ntlm</NTLMSSO_TYPE>
<FIELD_MAP_FIRSTNAME>givenName</FIELD_MAP_FIRSTNAME>
<FIELD_UPDATELOCAL_FIRSTNAME>onlogin</FIELD_UPDATELOCAL_FIRSTNAME>
<FIELD_UPDATEREMOTE_FIRSTNAME>0</FIELD_UPDATEREMOTE_FIRSTNAME>
<FIELD_LOCK_FIRSTNAME>locked</FIELD_LOCK_FIRSTNAME>
<FIELD_MAP_LASTNAME>sn</FIELD_MAP_LASTNAME>
<FIELD_UPDATELOCAL_LASTNAME>onlogin</FIELD_UPDATELOCAL_LASTNAME>
<FIELD_UPDATEREMOTE_LASTNAME>0</FIELD_UPDATEREMOTE_LASTNAME>
<FIELD_LOCK_LASTNAME>locked</FIELD_LOCK_LASTNAME>
<FIELD_MAP_EMAIL>mail</FIELD_MAP_EMAIL>
<FIELD_UPDATELOCAL_EMAIL>onlogin</FIELD_UPDATELOCAL_EMAIL>
<FIELD_UPDATEREMOTE_EMAIL>0</FIELD_UPDATEREMOTE_EMAIL>
<FIELD_LOCK_EMAIL>unlocked</FIELD_LOCK_EMAIL>
<FIELD_MAP_CITY>l</FIELD_MAP_CITY>
<FIELD_UPDATELOCAL_CITY>onlogin</FIELD_UPDATELOCAL_CITY>
<FIELD_UPDATEREMOTE_CITY>0</FIELD_UPDATEREMOTE_CITY>
<FIELD_LOCK_CITY>unlocked</FIELD_LOCK_CITY>
<FIELD_MAP_COUNTRY>c</FIELD_MAP_COUNTRY>
<FIELD_UPDATELOCAL_COUNTRY>onlogin</FIELD_UPDATELOCAL_COUNTRY>
<FIELD_UPDATEREMOTE_COUNTRY>0</FIELD_UPDATEREMOTE_COUNTRY>
<FIELD_LOCK_COUNTRY>unlocked</FIELD_LOCK_COUNTRY>
<FIELD_MAP_LANG>preferredLanguage</FIELD_MAP_LANG>
<FIELD_UPDATELOCAL_LANG>onlogin</FIELD_UPDATELOCAL_LANG>
<FIELD_UPDATEREMOTE_LANG>0</FIELD_UPDATEREMOTE_LANG>
<FIELD_LOCK_LANG>unlocked</FIELD_LOCK_LANG>
<FIELD_MAP_DESCRIPTION>description</FIELD_MAP_DESCRIPTION>
<FIELD_UPDATELOCAL_DESCRIPTION>onlogin</FIELD_UPDATELOCAL_DESCRIPTION>
<FIELD_UPDATEREMOTE_DESCRIPTION>0</FIELD_UPDATEREMOTE_DESCRIPTION>
<FIELD_LOCK_DESCRIPTION>unlocked</FIELD_LOCK_DESCRIPTION>
<FIELD_MAP_URL/>
<FIELD_UPDATELOCAL_URL>oncreate</FIELD_UPDATELOCAL_URL>
<FIELD_UPDATEREMOTE_URL>0</FIELD_UPDATEREMOTE_URL>
<FIELD_LOCK_URL>unlocked</FIELD_LOCK_URL>
<FIELD_MAP_IDNUMBER>distinguishedName</FIELD_MAP_IDNUMBER>
<FIELD_UPDATELOCAL_IDNUMBER>onlogin</FIELD_UPDATELOCAL_IDNUMBER>
<FIELD_UPDATEREMOTE_IDNUMBER>0</FIELD_UPDATEREMOTE_IDNUMBER>
<FIELD_LOCK_IDNUMBER>locked</FIELD_LOCK_IDNUMBER>
<FIELD_MAP_INSTITUTION/>
<FIELD_UPDATELOCAL_INSTITUTION>oncreate</FIELD_UPDATELOCAL_INSTITUTION>
<FIELD_UPDATEREMOTE_INSTITUTION>0</FIELD_UPDATEREMOTE_INSTITUTION>
<FIELD_LOCK_INSTITUTION>unlocked</FIELD_LOCK_INSTITUTION>
<FIELD_MAP_DEPARTMENT>department </FIELD_MAP_DEPARTMENT>
<FIELD_UPDATELOCAL_DEPARTMENT>onlogin</FIELD_UPDATELOCAL_DEPARTMENT>
<FIELD_UPDATEREMOTE_DEPARTMENT>0</FIELD_UPDATEREMOTE_DEPARTMENT>
<FIELD_LOCK_DEPARTMENT>unlocked</FIELD_LOCK_DEPARTMENT>
<FIELD_MAP_PHONE1/>
<FIELD_UPDATELOCAL_PHONE1>onlogin</FIELD_UPDATELOCAL_PHONE1>
<FIELD_UPDATEREMOTE_PHONE1>0</FIELD_UPDATEREMOTE_PHONE1>
<FIELD_LOCK_PHONE1>unlocked</FIELD_LOCK_PHONE1>
<FIELD_MAP_PHONE2>telephoneNumber</FIELD_MAP_PHONE2>
<FIELD_UPDATELOCAL_PHONE2>oncreate</FIELD_UPDATELOCAL_PHONE2>
<FIELD_UPDATEREMOTE_PHONE2>0</FIELD_UPDATEREMOTE_PHONE2>
<FIELD_LOCK_PHONE2>unlocked</FIELD_LOCK_PHONE2>
<FIELD_MAP_ADDRESS>streetAddress</FIELD_MAP_ADDRESS>
<FIELD_UPDATELOCAL_ADDRESS>onlogin</FIELD_UPDATELOCAL_ADDRESS>
<FIELD_UPDATEREMOTE_ADDRESS>0</FIELD_UPDATEREMOTE_ADDRESS>
<FIELD_LOCK_ADDRESS>unlocked</FIELD_LOCK_ADDRESS>
<FIELD_MAP_FIRSTNAMEPHONETIC/>
<FIELD_UPDATELOCAL_FIRSTNAMEPHONETIC>oncreate</FIELD_UPDATELOCAL_FIRSTNAMEPHONETIC>
<FIELD_UPDATEREMOTE_FIRSTNAMEPHONETIC>0</FIELD_UPDATEREMOTE_FIRSTNAMEPHONETIC>
<FIELD_LOCK_FIRSTNAMEPHONETIC>unlocked</FIELD_LOCK_FIRSTNAMEPHONETIC>
<FIELD_MAP_LASTNAMEPHONETIC/>
<FIELD_UPDATELOCAL_LASTNAMEPHONETIC>oncreate</FIELD_UPDATELOCAL_LASTNAMEPHONETIC>
<FIELD_UPDATEREMOTE_LASTNAMEPHONETIC>0</FIELD_UPDATEREMOTE_LASTNAMEPHONETIC>
<FIELD_LOCK_LASTNAMEPHONETIC>unlocked</FIELD_LOCK_LASTNAMEPHONETIC>
<FIELD_MAP_MIDDLENAME/>
<FIELD_UPDATELOCAL_MIDDLENAME>oncreate</FIELD_UPDATELOCAL_MIDDLENAME>
<FIELD_UPDATEREMOTE_MIDDLENAME>0</FIELD_UPDATEREMOTE_MIDDLENAME>
<FIELD_LOCK_MIDDLENAME>unlocked</FIELD_LOCK_MIDDLENAME>
<FIELD_MAP_ALTERNATENAME/>
<FIELD_UPDATELOCAL_ALTERNATENAME>oncreate</FIELD_UPDATELOCAL_ALTERNATENAME>
<FIELD_UPDATEREMOTE_ALTERNATENAME>0</FIELD_UPDATEREMOTE_ALTERNATENAME>
<FIELD_LOCK_ALTERNATENAME>unlocked</FIELD_LOCK_ALTERNATENAME>
</SETTINGS>
</AUTH_LDAP>