I have tried my best to resolve this without calling "Help!" but I see defeat on the horizon so here I am. I've looked at a lot of posts on and off this forum and some have helped me get closer to the goal, but I'm still not there. I apologise for what will be a long post, but the more info I give the more likely someone will be able to point out my mistake. Once there, I intend to update the Wiki with some of the great help I've found. At the moment it's not that great if you don't know the ins and outs of AD and LDAP.
So, here's what I'm aiming for:
- Auto-login to Moodle, or login automatic when clicking on the Login link.
- No big re-arrangement of AD. We're a fairly big college and that wouldn't fly too well. Adding a group for Moodle Admins etc would be OK though.
- No kind of profile management from Moodle. Just using it to auto-login
Here's the system setup details that will make or break it. I'll expand to give those in my shoes some help and those trying to help me some more info.
- Domain name: midkent
- External name: midkent.ac.uk
- Moodle Server: Name = s-moodle1, Setup = Windows 2003, Apache 2.2.2.0, MySQL 5.0.21, PHP 5.1.44
Now for the fun story of everything I've tried.
I used the "Configuration File (php.ini) Path" field on http://s-moodle1/admin/phpinfo.php to determine which php.ini was being used. I deleted the others to save confusion and uncommented the extension=php_ldap.dll line. I then logged on to Moodle as Admin and went to Users>User Authentication to set up LDAP.
I set up all the variables as best as I could, using this page to help me, but I kept getting an error "LDAP-module cannot connect any LDAP servers : Server: 'ldap://my.ldap.server/' Connection: 'Resource id #26' Bind result: '' ".
This one took me a while, but by using the Command Prompt on the Moodle Server and navigating to the moodle/php directory and running "php -m" I got an error message telling me two dlls were missing. They were elsewhere on the machine and copying them to the moodle/php directory stopped the error messages with "php -m" and got rid of the red error message.
NB: I also added the moodle/php directory to the windows PATH, but I've removed this now and it doesn't seem to have affected anything, so I don't think it's needed, but worth a shot if you're having trouble.
This all helped, but I still wasn't there. Then I stumbled across a great post by Kieran Denny in this thread helped a LOT. I dug out the Server 2003 CD and installed the Server Tools and ran ldap.exe.
After much fun, I discovered that the user account I was using to Bind to the AD server didn't have the right access. We have an account for this kind of access where you don't want the password to expire, etc, but apparently it needs more rights. The Admin account worked though, which allowed me to change a few things.
I drilled down the tree to find the Admin account. Double-clicked it to get the accounts details up and scanned the top few lines and picked out the DN line. ldap_bind_dn became "CN=Adminstrator,OU=Unique,OU=Users OU,DC=midkent,DC=ac,DC=uk".
I also used the tree to find the DNs of the groups to search for user accounts. So ldap_contexts became "OU=Staff,OU=Users OU,DC=midkent,DC=ac,DC=uk;OU=Site One,OU=Students,OU=Users OU,DC=midkent,DC=ac,DC=uk;OU=Site Two,OU=Students,OU=Users OU,DC=midkent,DC=ac,DC=uk;OU=Site Three,OU=Students,OU=Users OU,DC=midkent,DC=ac,DC=uk;"
I logged in as Admin and realised I needed to edit the user accounts to change the Authentication Method from manual to Use an LDAP server.
All this resulted in nicer error messages. Instead of a spartan page with an LDAP error I now got an Invalid Login one. *sigh*
The Eureka moment was changing the ldap_user_attribute field. I went back to the ldap.exe on the Moodle server and double-clicked my own user account. I looked down the list of data until I found my login id, as this is what I'm expecting Moodle to verify against. The field name for me is sAMAccountName, not cn which is the Moodle default, or so it says on the Authtication settings page. It worked! I can now log in!
My final hurdle is working out how to get Moodle to try to log in automatically or at the click of the Login button as it currently does with Blackboard.
I hope this helps a few more struggling souls. Once I have the login working I will see what I can add to the Wiki. Cribbing a lot from Kierans very helpful post I imagine. The forum desperately needs Sticky posts so good ones like that don't slip down and people need to ask over and over again.