系統整合-LDAP

LDAPS

This is the first in 2018 series on how to enable secure LDAP(Lightweight Directory Access Protocol) communications between moodle and Windows 2008/2012 domain controllers.

Enabling LDAP on Windows-Based Domain Controllers

Basically, there are two methods of enabling LDAPS on a DC

1st method

install an Enterprise Root CA on a Domain Controller, install the AD-CS role and specify the type of setup as “Enterprise” on a DC.

          2nd method

The 2nd method is add a Digital Certificate on each DC. 

Import the certificate into the AD DS personal store. And import the certificate into the Moodle server server by openssh command.

openssl s_client –connect <ldap server ip address>:636

Test LDAPS

Use LDAP browser (like Softerra LDAP Administrator ); 1.Create new profile with LDAP server ip/hostname; 2.Check Use secure connection(SSL);3. Auth. Mechanism: GSS Negotiate.

LDAPS設定頁面
Softerra LDAP Administrator 畫面

If you can browse data, Done.

Moodle LDAPS settings

https://faq.moodle.com.tw/admin/auth_config.php?auth=ldap

LDAP 伺服器設定頁面