Having issues getting ldap auto enrol working.
Using moodle 3.11, I was able to get user LDAP authentication working, but trying to tie in auto enrol is having issues. I tried following this:
LDAP enrolment - MoodleDocs
I created 2 OUs as stated, then tried to create a group in each OU, but when I create the same group in the 2nd OU; getting an error that it cant be created because "the specified group already exists".
Any assistance with getting course enrol up and running would be greatly appreciated.
Update, read another post that stated, you can just add to the name to fill out the pre-windows 2000 filed to get passed the same name.
Next issue is that auto enrol not working for me. I have a user in the OU-> group; when the user logins, they aren't enrolled in the new course, and I don't see the new course in the courses listings.
Next issue is that auto enrol not working for me. I have a user in the OU-> group; when the user logins, they aren't enrolled in the new course, and I don't see the new course in the courses listings.
Here are my notes from the last time I set this up, they may help:
- First I set up auth_ldap. Important: Map the user's ID number (auth_ldap | field_map_idnumber) to LDAP attribute distinguishedName.
- Create a course and set the Course ID Number, e.g. "CM4". This will match the cn of the group in AD.
- Create an OU for specific roles, e.g. example.corp/StudentRole and in that OU create a group per course with the same name as the above Course ID Number, e.g. "CM4". Add users to this group.
- Configure enrol_ldap:
enrol_ldap | host_url: example.corp
enrol_ldap | bind_dn: administrator@example.corp
enrol_ldap | bind_pw: [...]
enrol_ldap | role_mapping:
Student: OU=StudentRole,DC=example,DC=corp/member
enrol_ldap | memberattribute_isdn: Yes
enrol_ldap | user_contexts: cn=Users,dc=example,dc=corp
enrol_ldap | user_search_sub: No (or Yes?) – not sure which is correct
enrol_ldap | user_type: MS ActiveDirectory
enrol_ldap | idnumber_attribute: distinguishedName
enrol_ldap | objectclass: (objectClass=group)
enrol_ldap | course_idnumber: distinguishedName - Enable enrol_ldap plugin.
Then when you log in as an LDAP user in the group the following appears in the PHP error log, e.g.:
[17-Oct-2020 18:08:39 Europe/London] [ENROL LDAP] Enrol user 'george' into course 'Course M-4' (id 37)
The notes are a bit rough but might help with your settings.
Thank you for the input, tried to match your settings, but no luck. Don't even see anything in the php error log file.
- First I set up auth_ldap. Important: Map the user's ID number (auth_ldap | field_map_idnumber) to LDAP attribute distinguishedName. <- This is where I am getting stuck 😅 I have AD so my ditiguished name for a user would be cn=Joe Smith, ou=My_Users,ou=campus_a,dc=moodle,dc=org How do I map the field when each user would be different? Or do I just put 'cn' in there?
That's what we use, 'cn'
I don't have a working environment right now but I think what I meant was that you enter the LDAP attribute name into the field mapping for ID number:
But your authentication is working right? So you shouldn't need to adjust this. It is the enrollment that is not happening...are you sure that you have the ID number (NOT the shortname) set to the name of your AD group?