LinkBack URL
About LinkBacksRather you then me! For £30 \ 1 days work I wouldn't risk it.Originally Posted by kieran8055
Rather you then me! For £30 \ 1 days work I wouldn't risk it.
How u gonna do that?
Do what? Get an SSL license?
If it was me,
SSL license:
https://www.godaddy.com/gdshop/ssl/ssl.asp
or such. I support you could get the enhanced stuff too if you've got some extra cash.
Dedi \ static IP are free, with RIPE justification. Generally can be done within 1 day, issues occur when you haven't planned it fully. Generally having to get your LA to setup the reverse proxy for HTTPS.
kieran8055 (11th May 2009)
I just want to bring this thread back up. I'm still having the problems that I stated in my original post (and the same as Marc was having).
All users who log on can successfully get the shared drive I set up (shown in image).
Teaching staff can get their home drives (shown in image), but kids get the error (shown in image). The kids are even on the same server as the teaching staff so I really don't know whats going on.
Any help guys? We're CC3 network.
I eventually figured out the problem for our installation - the problem had absolutely nothing to do with the SMB web block and absolutely everything to do with the way the moodle ldap capture plugin was authenticating with AD. Specifically I had been using a server URL that included a port. Just specifying the ip without a port allowed the SMB block to retrieve the users home Diriectory. M$ have made AD so that on the port I was using AD will not return the home directory attribute.
I used adldap/ to help determine what was being returned by AD.
When you finally get it working, the SMB block is well worth it!
Hi Marc, I've just gone into Moodle as an admin and changed the LDAP server from ldap://SERVERNAME to ldap://SERVERIP.
LDAP authentication is still working but it hasn't changed the errors I get with the block. Is this the thing you were meaning or am I trying the wrong thing?
using the adldap php class I linked in my previous post, I used the following php file to test that AD was returning the homeDirectory attribute correctly:
Code:<?php $dn = "CN=user,OU=x,OU=Users,OU=yourdomain,DC=yourdomain,DC=yourdomain,DC=yourdomain,DC=yourdomain"; //user to search for $attributes = array(); $filter = "(objectClass=*)"; $ad = ldap_connect("ldap://SERVERIP") //port 3268 was the one I had trouble with! or die("Couldn't connect to AD!"); ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 2); //use the same settings as moodle connects with $bd = ldap_bind($ad,"CN=binduser,CN=OU,DC=YOURDOMAIN,DC=YOURDOMAIN,dc=SCH,DC=UK","password") or die("Couldn't bind to AD!"); $result = ldap_search($ad, $dn, $filter, $attributes); $entries = ldap_get_entries($ad, $result); /*for ($i=0; $i<$entries["count"]; $i++) { echo $entries[$i]["displayname"] [0]."(".$entries[$i]["l"][0].")<br />"; }*/ //var_dump($entries); // $ds is the link identifier for the directory // $sr is a valid search result from a prior call to // one of the ldap directory search calls $ds=$ad; $sr=$result; $entry = ldap_first_entry($ds, $sr); $attrs = array(); $attribute = ldap_first_attribute($ds,$entry,$identifier); while ($attribute) { $attrs[] = $attribute; $attribute=ldap_next_attribute($ds,$entry,$identifier); } echo count($attrs) . " attributes held for this entry:<p>"; for ($i=0; $i<count($attrs); $i++) { echo $attrs[$i] . "<br />"; } echo "<br>"; // $ds is a valid link identifier for a directory server // $sr is a valid search result from a prior call to // one of the ldap directory search calls // $entry is a valid entry identifier from a prior call to // one of the calls that returns a directory entry $values = ldap_get_values($ds, $entry, "memberOf"); echo $values["count"] . " values for this entry.<br />"; for ($i=0; $i < $values["count"]; $i++) { echo $values[$i] . "<br />"; } ldap_unbind($ad); ?>
Last edited by Marc; 20th November 2009 at 12:55 PM.
Note you may not need that adldap class - my memory is a bit hazy on whether i installed it or not. Try the php with out it.
Also are you using the ldap capture moodle plugin? I'm using that and the web share zip linked to on the first page of this thread.
Last edited by Marc; 20th November 2009 at 01:00 PM.
Ok. The first one is the script you gave me set to return a student user. As you can see the 'homeDirectory' field is missing. The second is a one that returns a teaching user. As you can see the 'homeDirectory' is available for the teaching user.
See we can see that LDAP isn't returning the homeDirectory, but I don't know how to fix it so it does return it.
Any help guys?
Code:cn sn description givenName distinguishedName displayName name objectGUID codePage countryCode primaryGroupID objectSid sAMAccountName sAMAccountType userPrincipalName objectCategoryCode:objectClass cn sn description givenName distinguishedName instanceType whenCreated whenChanged displayName uSNCreated memberOf uSNChanged name objectGUID userAccountControl badPwdCount codePage countryCode employeeID homeDirectory homeDrive badPasswordTime lastLogoff lastLogon pwdLastSet primaryGroupID profilePath objectSid adminCount accountExpires logonCount sAMAccountName sAMAccountType userPrincipalName lockoutTime objectCategory
The users home drive is mapped in their AD user profile?
I believe so - they are mapped just like teacher accounts (I think).
Can you check using the MS AD mmc snap-in? The SMB web client specifically looks for that attribute in AD, if for some reason known only to RM, teachers have it mapped but pupils don't on your RM network, that will be the cause of the problem. Seems a bit odd that you are getting so few attributes returned using that script when quering against a pupil user. Something's going on!
I've just made a change to the homeDirectory attribute - I'll wait for things to replicate and then post back what change it was if it works.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
