Please look at the discussion from http://moodle.org/mod/forum/discuss.php?d=35865



LDAP creator does not work with MSAD when there is a comma in the DN that is not a part of the path.



In /auth/ldap/lib.php:



Near line 1386 the php function ldap_get_dn is used to obtain the dn of a user account if in this user?s dn there is a comma (my example is ?cn=Bromley, James,ou=tech center,dc=mydomain,dc=com?) it is escaped with only one backslash. Then it is fed to ldap_read near line 1261. The problem is ldap_read needs the comma escaped with two backslashes. So: ?cn=Bromley, James,ou=tech center,dc=mydomain,dc=com? needs to become ?cn=Bromley\, James,ou=tech center,dc=mydomain,dc=com?).



I could not find mention to this in the PHP website or on Mosilla?s website, except for another user pointing out in the comments of ldap_rename that things had to be escaped with two backslashes.



A particularly helpful moodler Iñaki Arenaza found the actual cause for it not working and sujested this work aroung until a patch was available, replace the if block for if ($CFG->ldap_memberattribute_isdn) with the following:



    if ($CFG->ldap_memberattribute_isdn) {

        $username=auth_ldap_find_userdn($ldapconnection, $username);

        if (! $username ) {

            return $result;

        }

        $username = preg_replace ('/\\,/', '\\\\,', $username);

    }





 James Bromley