HOORAY! I've managed to fix the problem for our installation. I'm not a programmer, so you'll have to forgive my lack of technical description. I managed to track the problem to around line 50 in 'moodle/auth/ldap/auth.php'
if (empty($this->config->objectclass)) { // Can't send empty filter
$this->config->objectclass='objectClass=*';
} else if (strpos($this->config->objectclass, 'objectClass=') !== 0) {
$this->config->objectclass = 'objectClass='.$this->config->objectclass;
}
For our LDAP setup, objectClass was being set to objectClass=posixAccount, which is correct. However, for some reason, that was causing something to fail when doing any kind of ldap_read() or ldap_get_entries(), etc., through PHP. So the user information would come back empty.
I 'fixed' it by taking out the if/else statement and just leaving it as
$this->config->objectclass='objectClass=*';
I've spoken with our LDAP gurus and have determined exactly what the problem is, given our system. We don't force students to have a university e-mail address, or any other university centralized account. The only one they have to have is our central LDAP login one, called a Passport account. If they never use any other central account, such as e-mail, or a lab account, they will not get a UID. Without a UID they are not considered a 'posixAccount', hence, they don't show up when we query that type in the tree.
So, the fix was to stop looking for a posixAccount and just set it to a wildcard. This is fine since Moodle already knows the exact user_dn when it does the lookup.
Such a simple answer. Anyway, thanks for your help Inaki, and I hope that this info helps someone else fix their problems.
--Mike