+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 27 of 27
Virtual Learning Platforms Thread, Moodle LDAP/NTLM/SSO ok for some? in Technical; Have you tried adding the students child OUs to the context field? ( something like ou= Year 8,dc=sstthomasmore,dc=local) I'm not ...
  1. #16
    alan-d's Avatar
    Join Date
    Aug 2005
    Location
    Sutton Coldfield
    Posts
    2,414
    Thank Post
    360
    Thanked 256 Times in 187 Posts
    Rep Power
    75
    Have you tried adding the students child OUs to the context field? ( something like ou= Year 8,dc=sstthomasmore,dc=local)

    I'm not familiar with IIS.

  2. #17

    Join Date
    Oct 2009
    Posts
    35
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    The Pupils are working, it is the staff one that does not work.

  3. #18
    budgester's Avatar
    Join Date
    Jan 2006
    Location
    Enfield, Middlesex
    Posts
    486
    Thank Post
    4
    Thanked 37 Times in 30 Posts
    Rep Power
    24
    <quote>Contexts: ou=STM Users,dc=stthomasmore,dc=local;ou=Pupils,dc=stthom asmore,dc=local;ou=STM_Staff,dc=stthomasmore,dc=lo cal</quote>

    Should the Staff OU be STM_Staff or just staff ?

  4. #19
    alan-d's Avatar
    Join Date
    Aug 2005
    Location
    Sutton Coldfield
    Posts
    2,414
    Thank Post
    360
    Thanked 256 Times in 187 Posts
    Rep Power
    75
    Quote Originally Posted by stm-tech View Post
    The Pupils are working, it is the staff one that does not work.
    OK - having a bad day!


  5. #20

    Join Date
    Oct 2009
    Posts
    35
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by budgester View Post
    <quote>Contexts: ou=STM Users,dc=stthomasmore,dc=local;ou=Pupils,dc=stthom asmore,dc=local;ou=STM_Staff,dc=stthomasmore,dc=lo cal</quote>

    Should the Staff OU be STM_Staff or just staff ?
    The staff are in a SECURITY GROUP called STAFF, but their OU is STM_STAFF.

    The Pupils is a child OU of STM Users.
    Each year group is a Child OU of Pupils.

    The STM_STAFF is a child OU of STM Users

    The BIND user is a member of the ADMINISTRATORS Security Group.

    I have tried moving the test STAFF user (COVER) to the same OU as the test PUPIL user (FORM8A). It still fails.
    Last edited by stm-tech; 12th October 2009 at 11:57 AM.

  6. #21
    penfold_99's Avatar
    Join Date
    Feb 2008
    Location
    East Sussex
    Posts
    947
    Thank Post
    58
    Thanked 163 Times in 115 Posts
    Rep Power
    67
    why not add you base dn to the context and see if staff can then login?

  7. #22

    Join Date
    Oct 2009
    Posts
    35
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Tried the BASE DN, no change.

  8. #23

    Join Date
    Oct 2009
    Posts
    35
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I have just used LDP.exe to search for the users we have been testing with:

    -----------
    ***Searching...
    ldap_search_s(ld, "DC=Stthomasmore,DC=local", 2, "(sAMAccountName=*cover*)", attrList, 0, &msg)
    Result <0>: (null)
    Matched DNs:
    Getting 1 entries:
    >> Dn: CN=Cover Teacher,OU=STM_Staff,OU=STM Users,DC=Stthomasmore,DC=local
    -----------
    ***Searching...
    ldap_search_s(ld, "DC=Stthomasmore,DC=local", 2, "(sAMAccountName=*form8a*)", attrList, 0, &msg)
    Result <0>: (null)
    Matched DNs:
    Getting 1 entries:
    >> Dn: CN=form8a,OU=Pupils,OU=STM Users,DC=Stthomasmore,DC=local
    -----------

    I used the same bind credentials that Moodle would use, and the same base DN.

  9. #24

    Join Date
    Oct 2009
    Posts
    35
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Ok I think I know the problem.

    When Moodle is checking the username it fails because it is checking against the wrong field.

    When I use the script to manually import the users from LDAP the mapping seems to be out.

    Where the USERNAME field in MOODLE is being populated with the DISPLAY NAME of the LDAP account.

    For example:

    Username in LDAP: cover Display name in LDAP: cover teacher
    Username in MOODLE: cover teacher

    Hence when we attempt to login using the username cover, it fails.

    How can I get MOODLE to import the CORRECT usernames from LDAP?

  10. #25

    Join Date
    Oct 2009
    Posts
    35
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    FIXED:

    Ok now that I figured that LDAP was returning the Display Name rather than the account name I changed one of the "Optional" fields.

    Under User Lookup Settings:
    Set User Attribute to sAMAccountName

    LDAP now correctly authenticates ALL users by their LOGON name as per NTLM.

    The fields givenName and sn are still not copied over though. But i am sure I'll figure this out later.

    Thank you for all your help guys.

  11. #26
    alan-d's Avatar
    Join Date
    Aug 2005
    Location
    Sutton Coldfield
    Posts
    2,414
    Thank Post
    360
    Thanked 256 Times in 187 Posts
    Rep Power
    75
    Glad you sorted it

  12. #27

    Join Date
    Oct 2008
    Posts
    214
    Thank Post
    2
    Thanked 11 Times in 11 Posts
    Rep Power
    22
    I would just like to say that you are my hero

    After tearing my hair out for the last day this sorted my identical issue out. Indeed it is taking display name rather than logon name....

    Ta!

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. NTLM, Samba, LDAP and SSO on Moodle
    By Mintsoft in forum Virtual Learning Platforms
    Replies: 2
    Last Post: 4th July 2011, 06:52 PM
  2. Moodle & NTLM Authentication
    By alan-d in forum Virtual Learning Platforms
    Replies: 12
    Last Post: 15th December 2009, 02:19 PM
  3. Moodle - NTLM Authentication Clarification
    By FN-GM in forum Virtual Learning Platforms
    Replies: 13
    Last Post: 28th July 2009, 03:11 PM
  4. Getting NTLM SSO to work with Moodle - Apache issue?
    By TheFopp in forum Virtual Learning Platforms
    Replies: 4
    Last Post: 3rd April 2009, 10:17 AM
  5. SSO NTLM RADIUS???
    By PWright in forum Wireless Networks
    Replies: 0
    Last Post: 3rd March 2009, 11:52 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •