Show
Start LDAP Server
$ docker run --rm --env LDAP_USERS=user01 --env LDAP_PASSWORDS=user01 -p 1389 : 1389 bitnami/openldap
Configure Moodle
Log in as admin
Navigate to Plugins > Authentication > Manage authentication in site administration
Ensure Prevent account creation when authenticating is not enabled
Enable LDAP server
Press Settings to configure LDAP server
Set the following values:
Host URL: ldap://localhost:1389 (or the IP address of the Docker container if not localhost)
Distinguished name: cn=admin,dc=example,dc=org
Password (Password for bind-user): adminpassword
Contexts: ou=users,dc=example,dc=org
Save changes
Use Test settings from the Manage authentication page to confirm connection succeeds
Test 1
In LDAP auth settings (in Moodle) specify to match those fields to fields in your LDAP.
Notes:
For the standard profile fields, make sure to map at least the firstname, lastname and email. You can use following mapping for this test: Data mapping (First name) -> cn, Data mapping (Surname) -> sn, Data mapping (Email address)
-> mail
Make sure that for each of these mapped fields, "Update local" is set to "On every login".
Create some users in LDAP with data in those fields (inside LDAP container).
Create a ldif file to create a user such as useradd.ldif:
# Add John Smith to the organization
dn: uid=jsmith,ou=users,dc=example,dc=org
changetype: add
objectClass: inetOrgPerson
cn: JohnSmith
sn: Smith
uid: jsmith
mail: jsmith @example .com
Run `ldapadd -x -H ldap://localhost:1389 -D "cn=admin,dc=example,dc=org" -w adminpassword -f useradd.ldif` on the ldap server
Run `ldappasswd -H ldap://localhost:1389 -x -D "cn=admin,dc=example,dc=org" -W -S "uid=jsmith,ou=users,dc=example,dc=org"`
You will be prompted for password - type it, confirm (make sure to remember it - you will need it for login with LDAP users). Use adminpassword when prompted for LDAP password
Repeat above steps to have multiples users (make sure changing uid, email, cn, sn)
Run LDAP sync: `php admin/tool/task/cli/schedule_task.php --execute=\\auth_ldap\\task sync_task`
Confirm users are created in Moodle and profile fields are filled.
Change a user's field value in LDAP by creating a usermodify.ldif file e.g.:
# Change John Smith to the organization
dn: uid=jsmith,ou=users,dc=example,dc=org
changetype: modify
replace: mail
mail: jsmith1234 @example .com
Run `ldapmodify -x -H ldap://localhost:1389 -D "cn=admin,dc=example,dc=org" -w adminpassword -f usermodify.ldif` on the ldap server
Repeat for other users as well
Modify auth/ldap/auth.php and add sleep(30); after line 880 so it looks like this:
$ this ->sync_roles($user);
sleep( 15 );
Run the LDAP sync again: `php admin/tool/task/cli/schedule_task.php --execute=\\auth_ldap\\task sync_task`
When seeing output like
Updating user johnsmith3 id 127
Try to login as that user to Moodle
Ensure you can't login - browser will keep loading
Once next user started to process, i.e. when you see next record
Updating user johnsmith4 id 127
Make sure you can login as user johnsmith3
Confirm users are updated in Moodle and profile fields reflect new value.