Problems with LDAP config

Problems with LDAP config

by Jaison Gonzalez -
Number of replies: 9

Hi Moodlers,

I'm a Moodle newbie, and trying configure LDAP, I think I do have it all right (I’ve tried testing it with the ldp.exe) but even though I doesn’t work… and I really don’t know what even the problem is… as the testing results show that I do have everything “Ok” the problem occurs when I do try to connect to Moodle with my other account it says in Spanish “El módulo LDAP no puede conectarse a ninguno de los servidores” that translated in English is something like LDAP module cannot connect to any server… but as I said I really don’t know why…

I would really appreciate any suggestions; I know I haven’t given that much of many problem indications as I just have that one…

Average of ratings: -
In reply to Jaison Gonzalez

Re: Problems with LDAP config

by Jaison Gonzalez -

 

I have Moodle 1.8.2.

I did install it correctly and I am working and testing it almost perfectly, because of the LDPA configuration, I have done everything I have been asked for in the documentation so far but even though I'm getting the error: 'LDAP-module cannot connect to any servers'

LDAP server settings


Host URL: ldap://(my server)/
Version: 2
LDAP encoding: utf-8
Bind settings
Hide passwords: no
Distinguished Name: uid=(data),ou=(data),ou=(data),o=NetscapeRoot


Password: (data)


User lookup settings


User type: Default


Contexts: o=(data),o=(data)


Search subcontexts: yes


Dereference aliases: yes


User attribute: uid


Member attribute:
Member attribute uses dn:


Object class: (data)


Force change password


Force change password: no


Use standard Change Password Page: no


Password format: SHA-1 hash


Password-change URL: (data)


LDAP password expiration settings.


Expiration: no


Expiration warning: 10


Expiration attribute:


Grace logias: no
Grace login attribute:
Enable user creation


Create users externally: no
Context for new users:
Course creador


Creators: Name=(data),ou=(data),o=(data),o=(data)


Cron synchronization script


Removed ext user: Suspend internal
Datta Mapping


ALL fields left are blank

Some documentation says the error is usually a binding problem, but I'm able to bind with the account using ldp.exe.

I can provide more specs as needed, I would really appreciate any suggestions

Average of ratings: -
In reply to Jaison Gonzalez

Re: Problems with LDAP config

by Jaison Gonzalez -
Problem solved...
Average of ratings: -
In reply to Jaison Gonzalez

Re: Problems with LDAP config

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
And what was the fix? Just in case anyone else has the same problem in the future smile

Saludos. Iñaki.
Average of ratings: -
In reply to Jaison Gonzalez

Re: Problems with LDAP config

by Richard Acosta -
Exactly, what´s the solution cause i´m having the same problem.. i´ve used ldp.exe to get the "user dn" and i use my MS AD password. I must say that i´m testing it with my Windows account, but i keep having the same results

Unable to bind to server: Invalid credentials in C:\xampp\htdocs\moodle\auth\ldap\auth.php on line 1351

El módulo LDAP no puede conectarse a ninguno de los servidores:

This is my configuration:
Host URL: (ip address of the MS AD Server)
version:3
encoding: utf-8
hide password: yes
dn: CN=Ronald Richard Acosta Dianderas,OU=(data),OU=(data),OU=(data),OU=(data),DC=(data),DC=com,DC=(data)
password: (data)
User type: MS AD
Contexts: OU=(data),OU=(data),OU=(data),OU=(data),DC=(data),DC=com,DC=(data)
Search subcontexts: yes
Def. alias: no
user attribute: samaccountname
member attr: memberof
object class: user
force chg passwd: no, no
creators: OU=(data),OU=(data),OU=(data),OU=(data),DC=(data),DC=com,DC=(data)

Any idea?


Average of ratings: -
In reply to Richard Acosta

Re: Problems with LDAP config

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Hummm, getting invalid credentials means either the user distinguished name (DN) or password are not right, or that the account is locked or something similar (it has expired, etc.).

As you are using MS AD, you could try using your userPrincipaName (the one with the format username@your.windows.dns.domain.name) as the bind account. It could work, but I can't make any guarantee.

On the other hand, the user attribute should be sAMAccountName (yes, upper/lower case matters), and the member attribute is simple 'member', not 'memberof'. I don't think this has anything to do with your 'invalid credentials' problem, but just wanted to point it out.

Saludos. Iñaki.
Average of ratings: -
In reply to Iñaki Arenaza

Re: Problems with LDAP config

by Richard Acosta -
Hi Iñaki, thanks for your response.
I´ve changed the attributes to their upper/lower case form and also used the userPrincipalName for binding. Anyway it still shows the same result.

I can "make the bind" with that acount via ldp.exe but only when I specify the domain:
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='racosta'; Pwd= <unavailable>; domain = '(my domain)'.}
Authenticated as dn:'racosta'.

When i try to bind without specifying it I get the same result as trying to enter via Moodle. Does it have any relation, i mean, am i forgetting something about the domain definition in Moodle?



Average of ratings: -
In reply to Richard Acosta

Re: Problems with LDAP config

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

I can "make the bind" with that acount via ldp.exe but only when I specify the domain:

Uncheck the 'Domain:' checkbox in the Bind dialog box of ldp.exe (see image below) and you should be able to login without specifying the domain name, just using your distinguished name and your password.

I'm able to do it with ldp.exe on a Windows 2003 domain controller (the Windows domain name is 'windows2003.local'), with both:

cn=ldap-user,cn=users,dc=windows2003,dc=local
ldap-user@windows2003.local

(the user called 'ldap-user' is inside the 'users' folder), using the right password. From here on, I can browse the directory as usual.

When i try to bind without specifying it I get the same result as trying to enter via Moodle. Does it have any relation, i mean, am i forgetting something about the domain definition in Moodle?

Moodle doesn't care about the domain definition, as it thinks it's talking to an LDAP server. Full distinguished names is all it needs to make it work.

Just make sure you use the right distinguished name (DN) for the bind account (you can copy it from ldp.exe if you right click on the user object and select 'Copy DN' option).

Saludos. Iñaki.

Attachment ldp.png
Average of ratings: -
In reply to Iñaki Arenaza

Re: Problems with LDAP config

by Richard Acosta -
Ok i have the same "Invalid credentials" problem via the Softerra LDAP Browser so it´s not a moodle problem. I´ve been searching that i should change the "OU" from
CN=Ronald Richard Acosta Dianderas,OU=(data),OU=(data),OU=(data),OU=(data),DC=(data),DC=com,DC=pe
to "CN" but i´m done that also in every OU item and it keeps with that error msg.. i realized that applies only to the "Users" (keyword?) from AD and also the blue DN is the one that ldp.exe and this interesting program (GetMyDn.exe) gives me, so now i don´t know what to do.. i know my account is correct (i.e. not expired or locked) cause i´ve just logged in again.. help will be very appreciated folks!
Average of ratings: -
In reply to Jaison Gonzalez

Re: Problems with LDAP config

by chhivhorng ly -

Dear Jaison,

Now I have a problems with LDap config like but I edit in Domain Name but it is correct, it still show me the message : LDAP: module can't connect any LDAP servers: Server:'ldap://x.x.x.x/' connect:'Resource id # 33' bind result:

Can you tell me the solution to solve it?

best regards,

______________

Average of ratings: -