Creating a Moodle LMS with Active Directory Users

For those who aren’t aware, Moodle is an open source Learning Management System (LMS) which gives you the ability to teach courses online. I’ve used it for years and I think its brilliant. You can use it to teach in junior and high schools, but also you can use it in a corporate environment as well if you ever need to deliver training material to your staff without having them need to leave their desks.

Check it out, I highly recommend it. http://www.moodle.org

So lets crack on with the guide. What this walk through will show you is how to build a brand new Moodle website and connect it to your already existing Microsoft Active Directory environment for user authentication.

For this exercise, I will be using the below details to connect a web server running Red Hat Enterprise Linux 6.3 to Microsoft Active Directory 2008R2.

MS Active Director Domain Controller:  dc01.nt.example.com (10.0.2.11)
Web server to run Moodle:              web01.nt.example.com (10.0.2.21)
LDAP Bind User:                        moodle
LDAP Bind User Password:               RedHat123
User's Organisational Unit:            OU=Accounts,DC=nt,DC=example,DC=com
Teachers Organisational Unit:          OU=Teachers,OU=Accounts,DC=nt,DC=example,DC=com 
(Any user located in this OU will have the ability to create Moodle Courses)

 

Lets crack on with the install.

First off, we will need a blank Red Hat Enterprise Linux server. As you are using Microsoft Active Directory, I highly recommend you integrate this server into Active Directory using this article here, as I will be writing a follow-up article to enable Single Sign On which will require Kerberos.

 

Step 1, Install all the necessary packages that we will need. This includes, Apache, mod_ssl to allow us to create an SSL website, a fair few php modules and MySQL as we will be creating a local database.

root@web01:~# yum install -y httpd mod_ssl php php-mysql mysql-server php-intl php-gd php-soap php-xmlrpc php-mbstring php-xml php-ldap

 

Step 2,Enable on boot and start the MySQL server

[root@web01 ~]# chkconfig mysqld on
[root@web01 ~]# service mysqld start

 

Step 3, Set a master root password for your mysql service
This will prevent any unwanted access.

[root@web01 ~]# mysqladmin -u root password 'redhat123'

 

Step 4, Create a MySQL database to use for Moodle

[root@web01 ~]# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 554
Server version: 5.1.61 Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database db_moodle character set utf8;
Query OK, 1 row affected (0.03 sec)

mysql>

 

Step 5, create a moodle database user and grant permissions to the db_moodle database

mysql> CREATE USER 'moodle'@'localhost' IDENTIFIED BY 'redhat123';
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON db_moodle.* TO 'moodle'@'localhost' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)

 

Step 6, Open port 80 and 443 on your system with IPTables

[root@web01 ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
[root@web01 ~]# iptables -I INPUT -p tcp --dport 443 -j ACCEPT
[root@web01 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@web01 ~]#

 

Step 7, Create an SSL Virtual Host definition in Apache. Create the file /etc/httpd/conf.d/moodle.nt.example.com.conf with the below contents.

You will see that I have created an SSL enabled site here. If you need some assistance creating a certificate, you can find details on how to do this here

<VirtualHost 10.0.2.21:443>
SSLEngine on
SSLCertificateFile /etc/httpd/moodle.nt.example.com.crt
SSLCertificateKeyFile /etc/httpd/moodle.nt.example.com.key
ServerAdmin webmaster@nt.example.com
DocumentRoot /var/www/moodle.nt.example.com/html/
ServerName moodle.nt.example.com
ErrorLog logs/moodle.nt.example.com-error_log
CustomLog logs/moodle.nt.example.com-access_log common
</VirtualHost>

 

Step 8, Create your directories that are mentioned in the above file.

[root@web01 ~]# mkdir -p /var/www/moodle.nt.example.com/html/
[root@web01 ~]# chown -R apache:apache /var/www/moodle.nt.example.com/html/
[root@web01 ~]# restorecon -R /var/www/moodle.nt.example.com/

 

Step 9, Enable Apache to start on boot and start service

[root@web01 ~]# chkconfig httpd on
[root@web01 ~]# service httpd start
Starting httpd:                                            [  OK  ]
[root@web01 ~]#

 

Step 10, Download Moodle and extract it to the new site’s html directory.

[root@web01 ~]# cd /tmp/
[root@web01 tmp]# wget http://downloads.sourceforge.net/project/moodle/Moodle/stable23/moodle-2.3.1.zip?r=&ts=1344176682&use_mirror=ignum
[root@web01 tmp]# cd /var/www/moodle.nt.example.com/html/
[root@web01 html]# unzip /tmp/moodle-2.3.1.zip
[root@web01 html]# mv moodle/* ./
[root@web01 html]# rm -fr ./moodle/

 

Step 11, Browse to https://moodle.nt.example.com to continue the web installation

You will be presented with the Language selection. As English is the default, I just clicked Next.

See screen shot

Step 12, Confirm directory paths.

Moodle will need to create a directory to store all content. I left this as default. If you wish to change this, ensure that the path you specify allows the Apache user to read and write to the location.

See screen shot

Step 13, Select Database type

As we will be using MySQL, leave this as default

See screen shot

Step 14, Database Settings

Enter the host, database name, database user and password for Moodle to populate the database.

See screen shot for the details I have used in my example.

Step 15, End User License Agreement

Please read the EULA and click continue if you accept the terms.

See screen shot

Step 16, Server Checks

If you have followed this guide, you should see all green ‘OK’ statuses next to all server checks. If something is missed, please go back and check you haven’t missed something. The item that fails the check will also give you details of how to resolve the problem.

See screen shot

Step 17, Populating Database

Moodle will now populate the database will all the necessary components to get a default installation up and running. Depending on the spec and capabilities of your server, this may be quick or it may take a few minutes.

Click continue once it has finished

See screen shot

Step 18, Create Admin user

The install will now create an Admin user to manage the site. Make sure you chose a password that you will remember. Fill out all details marked in red.

See screen shot

Step 19, Site Settings

Chose a Long and Short website name for your new installation. If you change your mind, you can always change this later.

Accept the settings when you are done. This is at the bottom of the page. Once you do this, your site is now up and running.

See screen shot

Step 20,

Now that your Moodle site is up and running, lets add it to Active Directory.

Browse to the “Manage Authentication” Plug-in

See screen shot

Step 21, Enable LDAP Authentication

You can enable and disable plug-ins by clicking on the open or closed eye. I opened the eye for LDAP and closed the eye for Email-based self-registration.

See screen shot

Step 22, Configure LDAP Authentication

As this guide is specific to Active Directory, please use the below details as they may differ from other forms of LDAP authentication platforms.
If you find an entry that is not listed below, it means it is left blank.

LDAP server settings

Host URL:                           ldap://dc01.nt.example.com
(If you have multiple domain controllers, I recommend you add all of them here for redundancy. E.g: ldap://dc01.nt.example.com ; ldap://dc02.nt.example.com ; etc )
Version:                              3
LDAP encoding:               utf-8

Bind Settings

Hide Passwords:              Yes
Distinguished Name:       moodle@nt.example.com
Password:                          RedHat123

User Lookup settings

User Type:                         MS Active Directory
Contexts:                           ou=accounts,dc=nt,dc=example,dc=com
Search subcontexts:      Yes
Dereference aliases:     No
User attribute:                 sAMAccountName
Member attribute:           memberOf

**UPDATE**
If you wish to use a security group instead, or in addition to using the lookup of the Organisational Unite, you can add the following attribute
Please note, the brackets are required.

ObjectClass:                  (memberof=cn=moodle-users,ou=groups,dc=example,dc=com)

Course creators

Course creators:            ou=Teachers,ou=accounts,dc=nt,dc=example,dc=com

Data mapping

First Name:                     givenName
Surname:                        sn
Email address:              mail
City:                                  l
Country:                           c
Phone 1:                         telephoneNumber
Phone 2:                         homePhone

When you’ve finished filling out the details, click save changes.

You are now finished adding Active Directory users.

Any user that is located in the “Accounts” OU will be able to log into your Moodle site.
Any user that is located in the “Teachers” OU will be able to log into and create Moodle courses.

Enjoy.

2 comments on “Creating a Moodle LMS with Active Directory Users

  1. Karl Schuh March 26, 2013 16:18

    Hi Dale,
    thank you very much for your instructions. I had to authenticate my users via an AD and did not get it right. After reading your text and changing two little things it worked!
    Thanks,
    Karl

  2. Mike January 4, 2015 19:32

    Hi,
    The first, thank you for your post, it is very useful to me to config my moodle and AD.
    But I need to get all user of AD syn with moodle. Because, When All my staff in AD, I want to after fishing config LDAP, I can login moodle assign my staff to the courses in my moodle. How to do that.

    Thanks,

Leave a Reply to Mike Cancel Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>