by Satish Patel.
Dear Ken,
I get "Error: Internal script failure" while I tried to log in with LDAP credential. Please help.
↧
Re: LDAP Sync Task Error - Existing temptables found when disposing database
↧
Re: LDAP Sync Task Error - Existing temptables found when disposing database
by Ken Task.
@Satish ...
while this thread is about LDAP, it's specifically about LDAP sync which is not the same thing you are reporting. Suggest posting your own question in a new thread of this forum first.
'spirit of sharing', Ken
↧
↧
Using Common Name in Context
by Mark Picazo.
We would like to use as a Context the specific group set with CommonName (CN) "LMS-Access".
Currently, we are able to authenticate users from DC to OU e.g
- ou=finance,dc=ourcompany,dc=local;ou=accounting,dc=ourcompany,dc=local
- dc=ourcompany,dc=local
But when we try to use the CommonName "LMS-Access", authentication fails
- cn=lms-access,dc=ourcompany,dc=local
Any thoughts what could be the problem?
We are using MS Active Directory and tried to use the following Member Attribute "memberof" instead of "member".
Thank you,
Mark
↧
./auth/ldap/cli/sync_users.php throws a potential coding error for a prohibited username
by Visvanath Ratnaweera.
[Moodle 2.7.17+ on LAMP Debian Jessy]
This site was stable since a major upgrade a couple of months ago. A couple of days ago the user synchronization stopped. The error message is copied here.
Obviously there is a prohibited username. The problem is, I do not get a decent error message, can't get the username in the output, and "potential coding error" is not very reassuring!
Is this known? Or, how can I find out the offending username? (The debug level has no effect on the output below.)
===
# /usr/bin/php /var/www/html/moodle/auth/ldap/cli/sync_users.php
Verbindung zum LDAP-Server aufbauen...Temporäre Tabelle tmp_extuser erstellen.
.........................................................................................
755 Datensätze von LDAP eingelesen
Keine Nutzerkonten zum Entfernen gefunden
Keine Nutzerkonten zum Reaktivieren gefunden
Keine Aktualisierung nötig
Nutzerkonten zum Hinzufügen: 11Database transaction aborted automatically in /var/www/html/moodle/auth/ldap/cli/sync_users.php
Default exception handler: Der Anmeldename enthält ungültige Zeichen Debug:
Error code: invalidusername
* line 49 of /user/lib.php: moodle_exception thrown
* line 954 of /auth/ldap/auth.php: call to user_create_user()
* line 63 of /auth/ldap/cli/sync_users.php: call to auth_plugin_ldap->sync_users()
!!! Der Anmeldename enthält ungültige Zeichen !!!
!!
Error code: invalidusername !!
!! Stack trace: * line 49 of /user/lib.php: moodle_exception thrown
* line 954 of /auth/ldap/auth.php: call to user_create_user()
* line 63 of /auth/ldap/cli/sync_users.php: call to auth_plugin_ldap->sync_users()
!! Potential coding error - existing temptables found when disposing database. Must be dropped!
This site was stable since a major upgrade a couple of months ago. A couple of days ago the user synchronization stopped. The error message is copied here.
Obviously there is a prohibited username. The problem is, I do not get a decent error message, can't get the username in the output, and "potential coding error" is not very reassuring!
Is this known? Or, how can I find out the offending username? (The debug level has no effect on the output below.)
===
# /usr/bin/php /var/www/html/moodle/auth/ldap/cli/sync_users.php
Verbindung zum LDAP-Server aufbauen...Temporäre Tabelle tmp_extuser erstellen.
.........................................................................................
755 Datensätze von LDAP eingelesen
Keine Nutzerkonten zum Entfernen gefunden
Keine Nutzerkonten zum Reaktivieren gefunden
Keine Aktualisierung nötig
Nutzerkonten zum Hinzufügen: 11Database transaction aborted automatically in /var/www/html/moodle/auth/ldap/cli/sync_users.php
Default exception handler: Der Anmeldename enthält ungültige Zeichen Debug:
Error code: invalidusername
* line 49 of /user/lib.php: moodle_exception thrown
* line 954 of /auth/ldap/auth.php: call to user_create_user()
* line 63 of /auth/ldap/cli/sync_users.php: call to auth_plugin_ldap->sync_users()
!!! Der Anmeldename enthält ungültige Zeichen !!!
!!
Error code: invalidusername !!
!! Stack trace: * line 49 of /user/lib.php: moodle_exception thrown
* line 954 of /auth/ldap/auth.php: call to user_create_user()
* line 63 of /auth/ldap/cli/sync_users.php: call to auth_plugin_ldap->sync_users()
!! Potential coding error - existing temptables found when disposing database. Must be dropped!
↧
Re: ./auth/ldap/cli/sync_users.php throws a potential coding error for a prohibited username [HALF SOLVED]
by Visvanath Ratnaweera.
Found the offending user, had a hash (#) in the username!
Thanks to these two posts:
- https://moodle.org/mod/forum/discuss.php?d=327662#p1334774
- https://moodle.org/mod/forum/discuss.php?d=327662#p1335036
(Ken, let me know if your Karma box has become too heavy. ;)
So the remaining question is, why does it lead to a coding error?
Thanks to these two posts:
- https://moodle.org/mod/forum/discuss.php?d=327662#p1334774
- https://moodle.org/mod/forum/discuss.php?d=327662#p1335036
(Ken, let me know if your Karma box has become too heavy. ;)
So the remaining question is, why does it lead to a coding error?
↧
↧
Re: pluging SAML2 with ADFS 3.0
by John James.
Hi Patrick,
I had this error also, and turns out I had to use the full schema path for the mapping field I wanted to use. (In my case I mapped upn to Username.)
referring to this post: https://moodle.org/mod/forum/discuss.php?d=331626#p1389418
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
I'm just having trouble mapping additional profile fields now.
↧
Re: LDAP with Active Directory - Failover to secondary server delays before connection successful.
by Iñaki Arenaza.
Hi,
I have developed a patch that implements LDAP network timeouts. The idea is to solve problems like MDL-29536 and MDL-15796 (and yours).
Now that the minimum required PHP version in the supported versions of Moodle is 5.4.4, we can use the LDAP_OPT_NETWORK_TIMEOUT option that was introduced in PHP 5.3.0.
I haven't submitted the patch for integration yet (that's obviously my intention), but I've tested it against MS Active Directory (AD Domain with W2008R2 servers in W2008 functional mode) and OpenLDAP 2.4.x in Linux. The Moodle server itself is running on Debian Linux, using PHP 5.6.27.
You can find the patch at https://github.com/iarenaza/moodle/commit/86d8f888d97e7c2cd9553c6422de205457c4313b
Hope that helps.
Saludos. Iñaki.
↧
Re: LDAP with Active Directory - Failover to secondary server delays before connection successful.
by Joe Dutro.
Inaki,
Do you think this will work on AD servers running on 2012?
We willdownload the patch and give it a try.
Thank you for you help,
Joe
↧
NGINX error witg Edwiser Bridge SSO extension
by Paul Scollon.
I'm having an issue trying to get a single sign-on plugin to work in Moodle, which I suspect is actually an NGINX issue, but I could be wrong. My WordPress site refuses to verify the secret key with the Moodle server, claiming the plugin is not present. It is. so I looked at the NGINX error log on the moodle server:
2017/03/08 05:11:39 [error] 20709#20709: *189 FastCGI sent in stderr: "Unable to open primary script: /var/www/moodle.mysite.com/auth/wdmwpmoodle/wdmactions.php/index.php (No such file or directory)" while reading response header from upstream, client: 141.101.107.210, server: moodle.mysite.com, request: "GET /auth/wdmwpmoodle/wdmactions.php/?q=flags HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "moodle.mysite.com"
That /index.php that is added to the en of the URL is my issue, I suspect, yet I have no idea how it is getting there. The url without this appended bit works fine. I'm in contact with Edwiser support, but just in case they come up with nothing, has anyone seen anything like this before? The server is Ubuntu 16.04 with NGINX and PHP7-FPM. Moodle is at version 3.1.4 (version required for bridge plugin). For reference, here is my nginx config for the moodle server:
server {
listen 80;
listen [::]:80;
root /var/www/moodle.mysite.com;
index index.php index.html index.htm index.nginx-debian.html;
server_name moodle.mysite.com;
location / {
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
## Moodle Specific Changes - See Moodle Documentation ##
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location /dataroot/ {
internal;
alias /var/moodle/;
}
## End Moodle Specific Changes ##
location ~ /\.ht {
deny all;
}
}
Any help is greatly appreciated.
↧
↧
Re: LDAP with Active Directory - Failover to secondary server delays before connection successful.
by Iñaki Arenaza.
Hi Joe,
it should work with any LDAPserver. All the connection timeout handling is done client-side in the PHP LDAP code. Which in turn simply uses the LDAP client libraries that were used to build the PHP LDAP extension. Most of the time this is OpenLDAP client library (although if I remember right, you could compile PHP using Oracle's or Novell's LDAP libraries, if you had any of those at hand).
The only thing (that I can think of) that could make a difference is using a diffent LDAP client library. Either not using OpenLDAP libraries, or using a different -older- version of the OpenLDAP client library that doesn't implement connection timeout handling (or implement it in a buggy way).
Saludos. Iñaki.
↧
Re: Er: Re: Er: Re: How to use multiple LDAP servers with Moodle 2.0(!)
by Iñaki Arenaza.
That could work if you used Kerberos-style SSO instead of NTLM-style SSO. But the setup for Kerberos SSO is way more complex than the one used for NTLM.
Saludos. Iñaki.
↧
Re: Er: Re: Er: Re: How to use multiple LDAP servers with Moodle 2.0(!)
by Georges O..
Hello Inaki,
Thank you for your reply. How can I switch to Kerberos-style SSO and does it require additional modules?
Best regards,
Georges
↧
Remote Rss Feed
by karthi R.
Hi, When I add the RSS feed in the Remote Rss Feed block in moodle 1.9. I am getting the below error.
There was an error loading this rss feed. You may want to verify the url you have specified before using it.
The Url specified is working fine.
↧
↧
Using Common Name in Context
by Mark Picazo.
We would like to use as a Context the specific group set with CommonName (CN) "LMS-Access".
Currently, we are able to authenticate users from DC to OU e.g
- ou=finance,dc=ourcompany,dc=local;ou=accounting,dc=ourcompany,dc=local
- dc=ourcompany,dc=local
But when we try to use the CommonName "LMS-Access", authentication fails
- cn=lms-access,dc=ourcompany,dc=local
Any thoughts what could be the problem?
We are using MS Active Directory and tried to use the following Member Attribute "memberof" instead of "member".
Thank you,
Mark
↧
Re: Er: Re: Er: Re: How to use multiple LDAP servers with Moodle 2.0(!)
by Iñaki Arenaza.
Hi Georges,
you need to configure your web server (Apache, IIS, etc) to use Kerberos instead of NTLM. If you are using Apache on linux, the following two links give you the details to set it up:
- https://docs.moodle.org/32/en/NTLM_authentication#Using_the_Kerberos_Auth_Module_for_Apache_on_Linux.2FUNIX_.28mod_auth_kerb.29
- https://www.johnthedeveloper.co.uk/single-sign-on-active-directory-php-ubuntu
Once you have done that, you need to use "userPrincipalName" as the user attribute, and choose "Kerberos" as the authentication type in the NTLM SSO Section, as shown below:
NOTE: I've neved used Kerberos myself for this kind of setup, but according to some people in the forums, it should work.
Saludos. Iñaki.
↧
Re: Er: Re: Er: Re: How to use multiple LDAP servers with Moodle 2.0(!)
↧
Re: pluging SAML2 with ADFS 3.0
by Ron Vitug.
Can you provide a screen shot or step on how did you configure SAML 2 to ADFS 3.0? And how to get the IdP Metadata↧
↧
Re: pluging SAML2 with ADFS 3.0
by John James.
Hi Ron,
I hope this helps!
in the SAML2 settings page...
The metadata should be supplied by your ADFS admin. Either as the XML to paste, or the public XML url to use. You will need to work closely with whoever controls your ADFS instance to get this solution working. As they will need to know what claims you want configured to create mapping rules for.
Your ADFS administrator needs to have configured claims for all the fields you wish to map
(send 4 ldap attributes as claims example policy)
Mapping outing claims...
Example of 1 transform rule from above policy..
↧
LDAP Authentication
by morola oyedele.
i am having issues configuring LDAP Authentication for my Moodle windows installation. i followed all the documentation and when i try to log on it gives me the error "LDAP-module cannot connect to any servers: Server: 'ldap://IP Address of Domain controller', Connection: 'Resource id #13', Bind result: '' . for the distinguished name in the bind setting i used and account that has domain admin.
what am i doing wrong please?
↧
Re: LDAP Authentication
by Howard Miller.
Moving to Authentication forum...
↧