Would you like to learn how to configure the Moodle LDAP authentication on Active Directory? In this tutorial, we are going to show you how to authenticate Moodle users using the Active Directory from Microsoft Windows and the LDAP protocol.

• Ubuntu 18.04
• Ubuntu 19.04
• Moodle 3.8.1

Moodle Related Tutorial:

On this page, we offer quick access to a list of tutorials related to Moodle.

Tutorial Windows – Domain Controller Firewall

• IP – 192.168.15.10
• Operacional System – WINDOWS 2012 R2
• Hostname – TECH-DC01

First, we need to create a Firewall rule on the Windows domain controller.

This firewall rule will allow the Moodle server to query the Active directory.

On the domain controller, open the application named Windows Firewall with Advanced Security

Create a new Inbound firewall rule.

zabbix active directory

Select the PORT option.

Select the TCP option.

Select the Specific local ports option.

Enter the TCP port 389.

zabbix windows firewall port ldap

Select the Allow the connection option.

zabbix windows firewall allow connection

Check the DOMAIN option.

Check the PRIVATE option.

Check the PUBLIC option.

Enter a description to the firewall rule.

windows firewall active directory

Congratulations, you have created the required firewall rule.

This rule will allow the Moodle server to query the Active directory database.

Tutorial Windows – Domain Account Creation

Next, we need to create at least 2 accounts on the Active directory database.

The ADMIN account will be used to login on the Moodle server.

The BIND account will be used to query the Active Directory database.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new account inside the Users container.

Zabbix active directory account

Create a new account named: admin

Password configured to the ADMIN user: 123qwe..

This account will be used to authenticate on the Moodle web interface.

active directory admin account
zabbix active directory admin properties

Create a new account named: bind

Password configured to the BIND user: kamisama123..

This account will be used to query the passwords stored on the Active Directory database.

active directory bind account
zabbix active directory ldap bind properties

Congratulations, you have created the required Active Directory accounts.

Tutorial Windows – Domain Group Creation

Next, we need to create at least 2 groups on the Active directory database.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new group inside the Users container.

Radius Active directory group

Create a new group named: Moodle-Managers.

Members of this group will have the administrative permission on the Moodle web interface.

Moodle Ldap Active Directory authentication group

Important! Add the admin user as a member of the Moodle-Managers group.

Moodle Active directory administrators

Create a new group named: Moodle-Creators.

Members of this group will have the permission to create training courses on the Moodle web interface.

Moodle LDAP active directory creators group

Congratulations, you have created the required Active Directory group.

Moodle –  LDAP Authentication on Active Directory

On the Moodle server, install the required PHP module.

Copy to Clipboard

Restart the Apache service.

Copy to Clipboard

Open your browser and enter the IP address of your moodle server /moodle

In our example, the following URL was entered in the Browser:

• http://192.168.0.15/moodle

The Moodle web interface should be presented, click on the Login option.

moogle login

On the prompt screen, enter the administrative account login information.

After a successful login, the Moodle dashboard will be displayed.

moodle dashboard

Access the Site administration menu and select the Plugins tab.

Moodle Site administration menu

On the Plugins tab, locate the Authentication area and select the option named Manage authentication.

Moodle Manage Authentication

Access the LDAP server settings.

Moodle Ldap authentication

On the LDAP Server settings area, perform the following configuration:

• Host URL – ldap://192.168.15.10
• Version – 3
• Use TLS – No

You need to change the IP address to your domain controller IP.

Moodle - LDAP Server settings

On the Bind settings area, perform the following configuration:

• Prevent password caching – Yes
• Distinguished name – CN=bind,CN=Users,DC=TECH,DC=LOCAL
• Password – kamisama123..

You need to change the bind credentials to reflect your Network environment.

Moodle - LDAP Bind settings

On the User lookup settings area, perform the following configuration:

• User type – MS ActiveDirectory
• Contexts – dc=tech,dc=local
• Search subcontexts – Yes
• User attribute – samaccountname
• Member attribute – member
• Member attribute uses dn – 1

You need to change the domain information to reflect your Network environment.

Moodle - User lookup settings

On the System role mapping area, perform the following configuration:

• Manager context – CN=moodle-managers,CN=Users,DC=TECH,DC=LOCAL
• Course creator context – CN=moodle-creators,CN=Users,DC=TECH,DC=LOCAL

In our example, members of the Moodle-Managers group will have the administrative permission on the Moodle web interface.

In our example, members of the Moodle-Creators group will have permission to create courses on the Moodle web interface.

Moodle - System role mapping

On the User account synchronisation area, perform the following configuration:

• Removed ext user – Keep internal
• Synchronise local user suspension status – No

Moodle - User account synchronisation

On the Data mapping area, perform the following configuration:

• Data mapping (First name) – givenName
• Data mapping (Last name) – sn
• Data mapping (Email address) – mail

Moodle - Data mapping

Click on the Save changes button to finish the configuration.

Moodle –  Enabling the LDAP Authentication

Access the Site administration menu and select the Plugins tab.

Moodle Site administration menu

On the Plugins tab, locate the Authentication area and select the option named Manage authentication.

Moodle Manage Authentication

Click on the eye icon to enable the LDAP authentication.

Moodle - Ldap authentication

After finishing your configuration, you should log off the Moodle web interface.

Try to login using the admin user and the password from the Active Directory.

• Username: Admin
• Password: Enter the Active directory password.

moogle login

Congratulations! You have configured the Moodle authentication to use the Active Directory.