Symptom:
Users (using "ldap" auth) who have logged in prior to upgrade from 1.6 are still able to authenticate via LDAP. But users who haven't logged in (and therefore have no local user records) get the following error message:
"Invalid login, please try again"
Background:
* LDAP authentication is default.
* Worked great in 1.6.
* Works great for LDAP users already in moodle.
* Upgraded from 1.63 to Moodle 1.7+ on 12/23/2007.
Could you paste your LDAP config here (removing any passwords and sensible data), please?
Saludos. Iñaki.
Saludos. Iñaki.
My configuration is here w/o pw & other identifying info:
http://staff.ed.uiuc.edu/rthomas/auth.html
http://staff.ed.uiuc.edu/rthomas/auth.html
I don't see anything wrong in your settings, except the ldap_memberattribute, which should be 'member' instead of 'memberof'. But given that authentication only uses this attribute to assign course creator role, this shouln't be an issue for authentication itself.
Maybe you could add the following lines (the ones marked) to your moodle/auth/ldap/lib.php file to try and diagnose the problem:
if ($ldapconnection) {
$ldap_user_dn = auth_ldap_find_userdn($ldapconnection, $username);
error_log ("username: |".$username."|,ldap_user_dn: |".$ldap_user_dn."|"); /// <---- Add this line.
//if ldap_user_dn is empty, user does not exist
if(!$ldap_user_dn){
ldap_close($ldapconnection);
return false;
}
// Try to bind with current username and password
$ldap_login = @ldap_bind($ldapconnection, $ldap_user_dn, stripslashes($password));
ldap_close($ldapconnection);
if ($ldap_login) {
return true;
}
} else {
@ldap_close($ldapconnection);
error("LDAP-module cannot connect to server: $CFG->ldap_host_url");
}
error_log ("username or password incorrect"); /// <---- Add this line too.
return false;
This will add some logging info to your PHP logs which will enable us to see why new user logins are failing.
Saludos. Iñaki.
This symptom has gone away...and I'm not sure why.
I saw distinguishedName was getting truncated for some users. So I increased the length of the idnumber field to 100. But I don't see how that explains the behavior I was seeing -- where users with moodle accounts that were created manually but set to LDAP (manually) were able to authenticate (even with truncated distinguishedNames) and where first-time users (with >64 character distinguishedName) trying to log in with their AD/LDAP credentials were getting "Invalid login".
Was it bonking trying to write the idnumber (distinguishedName) to the database?
I'm good to go, but curious if anyone has an explanation. I'm hoping better understanding will help me troubleshoot more effectively next time.
I saw distinguishedName was getting truncated for some users. So I increased the length of the idnumber field to 100. But I don't see how that explains the behavior I was seeing -- where users with moodle accounts that were created manually but set to LDAP (manually) were able to authenticate (even with truncated distinguishedNames) and where first-time users (with >64 character distinguishedName) trying to log in with their AD/LDAP credentials were getting "Invalid login".
Was it bonking trying to write the idnumber (distinguishedName) to the database?
I'm good to go, but curious if anyone has an explanation. I'm hoping better understanding will help me troubleshoot more effectively next time.
Was it bonking trying to write the idnumber (distinguishedName) to the database?
I'm 99'99% sure this was the real issue.
Saludos. Iñaki.
Where do you change the idnumber length? I am having the same issue.
Thanks
Ed
Thanks
Ed
You need to alter the length of the idnumber field in of the mdl_user table in your database (using phpmyadmin or a SQL sentence), and then you need to edit .../moodle/lib/moodlelib.lib, at function truncate_userinfo() (around line 2281 for 1.7.1+) and change the line that reads:
'idnumber' => 64,
to:
'idnumber' => XXX,
where XXX is the same length you used above for the idnumber field length.
If you are using auth_ldap_sync_users.php, you also need to change .../moodle/auth/ldap/lib.php, in the auth_sync_users() function, where it creates the temporary table using something like:
execute_sql('CREATE TEMPORARY TABLE ' . $CFG->prefix .'extuser (idnumber VARCHAR(64), PRIMARY KEY (idnumber)) TYPE=MyISAM',false);
and chage that 64 to XXX like above.
Saludos. Iñaki.
Hola!
Does this applies to moodle V 1.9.6?
Mine was working fine until yesterday.
All current users are able to logon, but any new user cannot.
Thanks in advance
Yes, the bit about the sync_users() function (if using auth_ldap_sync_users.php) still applies to 1.9.6
The other two changes are already fixed.
Saludos.
Iñaki.
The other two changes are already fixed.
Saludos.
Iñaki.