Moodle and LDAP

Hi all, I installed Moodle and I want to configure LDAP for users access. I need to connect my moodle to a remote OpenLDAP. I tried to use anonymous bind, the check is fine, but when I try to login I get an error.

If I use ldapservice access check fails, probably because StartTls is not enabled but I don’t know how to enable it.

Someone could help me? :smiley:
Thanks

Did you install the moodle module?

IIRC It should autoconfigure remote LDAP.

In “Dashboard/Site administration/Plugins/Authentication/LDAP server” you should find the TLS setting:

1 Like

No, I use a clean moodle installation (manual installation). What I need I think it’s to enable StartTLS on the remote LDAP (another nethserver) to login with ldapservice… or enable ldapservice without StartTLS also for others IP than 127.0.0.1

Yes, you need SSL/TLS for remote LDAP. I don’t recommend to enable remote unencrypted LDAP.

The TLS (start_tls) setting is on the page I screenshotted.

From CLI (change path as needed):

sudo -u apache scl enable rh-php73 -- php /usr/share/moodle/admin/cli/cfg.php --component="auth_ldap" --name="start_tls" --set="1"
1 Like

@mrmarkuz I know how to enable on Moodle, but I don’t know how to enable in NethServer. In Account Provider page, StartTls is disabled. How can I enable it?

1 Like

Sorry, I misunderstood. :grinning:

From what I found here it seems starttls is the default for openldap but I need to check…

EDIT:

I could join remote LDAP with STARTTLS even if the LDAP server has STARTTLS disabled so I think the server supports both SSL and starttls.

1 Like

If I try to join I get Invalid credentials. Only anonymous bind is working. Testing with ldapsearch command

I joined a Nethserver to another Nethserver with remote LDAP.
It’s basically working, I can login with LDAP users to my moodle on the LDAP client Nethserver, so we need to find out why it’s not working on your side.
I’m going to try with ldapsearch…

This is what I set in the moodle module for LDAP:

sudo -u apache scl enable rh-php73 -- php /usr/share/moodle/admin/cli/cfg.php --component="auth_ldap" --name="host_url" --set="$ldapuri"
sudo -u apache scl enable rh-php73 -- php /usr/share/moodle/admin/cli/cfg.php --component="auth_ldap" --name="ldap_version" --set="3"
sudo -u apache scl enable rh-php73 -- php /usr/share/moodle/admin/cli/cfg.php --component="auth_ldap" --name="bind_dn" --set="$binddn"
sudo -u apache scl enable rh-php73 -- php /usr/share/moodle/admin/cli/cfg.php --component="auth_ldap" --name="bind_pw" --set="$bindpassword"
sudo -u apache scl enable rh-php73 -- php /usr/share/moodle/admin/cli/cfg.php --component="auth_ldap" --name="search_sub" --set="1"
sudo -u apache scl enable rh-php73 -- php /usr/share/moodle/admin/cli/cfg.php --component="auth_ldap" --name="user_type" --set="rfc2307"
sudo -u apache scl enable rh-php73 -- php /usr/share/moodle/admin/cli/cfg.php --component="auth_ldap" --name="contexts" --set="ou=People,dc=directory,dc=nh"
sudo -u apache scl enable rh-php73 -- php /usr/share/moodle/admin/cli/cfg.php --component="auth_ldap" --name="user_attribute" --set="uid"
sudo -u apache scl enable rh-php73 -- php /usr/share/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_map_firstname" --set="gecos"
sudo -u apache scl enable rh-php73 -- php /usr/share/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_map_lastname" --set="uid"
sudo -u apache scl enable rh-php73 -- php /usr/share/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_map_email" --set="Email"

Working settings (sorry, too much to show all)

EDIT:

This works for me:

ldapsearch -x -b dc=directory,dc=nh -H ldap://192.168.1.187

EDIT2:

And with credentials:

ldapsearch -Z -b dc=directory,dc=nh -H ldap://192.168.1.187 -D cn=ldapservice,dc=directory,dc=nh -W

1 Like

Thank you @mrmarkuz I solved using your settings and enabling TLS on ldap 389 port!

1 Like