This is the first in 2018 series on how to enable secure LDAP(Lightweight Directory Access Protocol) communications between moodle and Windows 2008/2012 domain controllers.
Basically, there are two methods of enabling LDAPS on a DC
install an Enterprise Root CA on a Domain Controller, install the AD-CS role and specify the type of setup as “Enterprise” on a DC.
The 2nd method is add a Digital Certificate on each DC.
Import the certificate into the AD DS personal store. And import the certificate into the Moodle server server by openssh command.
openssl s_client –connect <ldap server ip address>:636
Use LDAP browser (like Softerra LDAP Administrator ); 1.Create new profile with LDAP server ip/hostname; 2.Check Use secure connection(SSL);3. Auth. Mechanism: GSS Negotiate.
If you can browse data, Done.
https://faq.moodle.com.tw/admin/auth_config.php?auth=ldap
Host: ldaps.goodspeed.tw;ldaps.click-ap.com
Version: 3
Use TLS: Yes
User Type: MS ActiveDirectory
Contexts: ou=moodle,dc=goodspeed,dc=tw
Search subcontexts: Yes