Moodle LDAP/NTLM/SSO ok for some?

**alan-d** · 12th October 2009, 11:07 AM

Have you tried adding the students child OUs to the context field? ( something like ou= Year 8,dc=sstthomasmore,dc=local)

I'm not familiar with IIS.

**stm-tech** · 12th October 2009, 11:43 AM

The Pupils are working, it is the staff one that does not work.

**budgester** · 12th October 2009, 11:47 AM

<quote>Contexts: ou=STM Users,dc=stthomasmore,dc=local;ou=Pupils,dc=stthom asmore,dc=local;ou=STM_Staff,dc=stthomasmore,dc=lo cal</quote>

Should the Staff OU be STM_Staff or just staff ?

**alan-d** · 12th October 2009, 11:49 AM

Originally Posted by stm-tech

The Pupils are working, it is the staff one that does not work.

OK - having a bad day!

**stm-tech** · 12th October 2009, 11:53 AM

Originally Posted by budgester

<quote>Contexts: ou=STM Users,dc=stthomasmore,dc=local;ou=Pupils,dc=stthom asmore,dc=local;ou=STM_Staff,dc=stthomasmore,dc=lo cal</quote>

Should the Staff OU be STM_Staff or just staff ?

The staff are in a SECURITY GROUP called STAFF, but their OU is STM_STAFF.

The Pupils is a child OU of STM Users.
Each year group is a Child OU of Pupils.

The STM_STAFF is a child OU of STM Users

The BIND user is a member of the ADMINISTRATORS Security Group.

I have tried moving the test STAFF user (COVER) to the same OU as the test PUPIL user (FORM8A). It still fails.

**penfold_99** · 12th October 2009, 12:04 PM

why not add you base dn to the context and see if staff can then login?

**stm-tech** · 12th October 2009, 12:27 PM

Tried the BASE DN, no change.

**stm-tech** · 12th October 2009, 01:44 PM

I have just used LDP.exe to search for the users we have been testing with:

-----------
***Searching...
ldap_search_s(ld, "DC=Stthomasmore,DC=local", 2, "(sAMAccountName=*cover*)", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: CN=Cover Teacher,OU=STM_Staff,OU=STM Users,DC=Stthomasmore,DC=local
-----------
***Searching...
ldap_search_s(ld, "DC=Stthomasmore,DC=local", 2, "(sAMAccountName=*form8a*)", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: CN=form8a,OU=Pupils,OU=STM Users,DC=Stthomasmore,DC=local
-----------

I used the same bind credentials that Moodle would use, and the same base DN.

**stm-tech** · 12th October 2009, 03:52 PM

Ok I think I know the problem.

When Moodle is checking the username it fails because it is checking against the wrong field.

When I use the script to manually import the users from LDAP the mapping seems to be out.

Where the USERNAME field in MOODLE is being populated with the DISPLAY NAME of the LDAP account.

For example:

Username in LDAP: cover Display name in LDAP: cover teacher
Username in MOODLE: cover teacher

Hence when we attempt to login using the username cover, it fails.

How can I get MOODLE to import the CORRECT usernames from LDAP?

**stm-tech** · 12th October 2009, 07:06 PM

FIXED:

Ok now that I figured that LDAP was returning the Display Name rather than the account name I changed one of the "Optional" fields.

Under User Lookup Settings:
Set User Attribute to sAMAccountName

LDAP now correctly authenticates ALL users by their LOGON name as per NTLM.

The fields givenName and sn are still not copied over though. But i am sure I'll figure this out later.

Thank you for all your help guys.

**alan-d** · 13th October 2009, 08:02 AM

Glad you sorted it

**KK20** · 30th October 2009, 11:57 AM

I would just like to say that you are my hero

After tearing my hair out for the last day this sorted my identical issue out. Indeed it is taking display name rather than logon name....

Ta!

LinkBack

Thread Tools

Search Thread

Similar Threads

NTLM, Samba, LDAP and SSO on Moodle

Moodle & NTLM Authentication

Moodle - NTLM Authentication Clarification

Getting NTLM SSO to work with Moodle - Apache issue?

SSO NTLM RADIUS???

Thread Information

Users Browsing this Thread

Posting Permissions