系統整合-LDAP
LDAPS
This is the first in 2018 series on how to enable secure LDAP(Lightweight Directory Access Protocol) communications between moodle and Windows 2008/2012 domain controllers.
Enabling LDAP on Windows-Based Domain Controllers
Basically, there are two methods of enabling LDAPS on a DC
1st method
install an Enterprise Root CA on a Domain Controller, install the AD-CS role and specify the type of setup as “Enterprise” on a DC.
2nd method
The 2nd method is add a Digital Certificate on each DC.
Import the certificate into the AD DS personal store. And import the certificate into the Moodle server server by openssh command.
openssl s_client –connect <ldap server ip address>:636
Test LDAPS
Use LDAP browser (like Softerra LDAP Administrator ); 1.Create new profile with LDAP server ip/hostname; 2.Check Use secure connection(SSL);3. Auth. Mechanism: GSS Negotiate.
If you can browse data, Done.
Moodle LDAPS settings
https://faq.moodle.com.tw/admin/auth_config.php?auth=ldap
Host: ldaps.goodspeed.tw;ldaps.click-ap.com
Version: 3
Use TLS: Yes
User Type: MS ActiveDirectory
Contexts: ou=moodle,dc=goodspeed,dc=tw
Search subcontexts: Yes
