Cool Solution - Install Moodle / LDAP enrollments

This article is based on a successful installation of Moodle and one authentication method accomplished by following our Cool Solutions “Install Moodle” and “LDAP authentication” / “SAML authentication”.

Tested with moodle 3.9+

Enabling the LDAP enrollment plugin

After you have successfully set up an authentication method you can now configure LDAP enrolments to automatically enroll your UCS@school users into moodle courses.

First enable the LDAP enrolment plugin under Site Administration -> Plugins -> Enrolments. This plugin is already installed and only needs to be activated by pressing the icon in the Enable section.

To login with the local moodle administrator account after you have set up SAML authentication, use https://<YOUR_MOODLE_SERVER_FQDN>/moodle/login/index.php?saml=off
to open the login page and sign in.

LDAP search user

If you have not already set up a simple authentication account for LDAP lookups, please do so now.
Follow the “LDAP search user” Cool Solution to create one.

Setting up LDAP enrollments

After the plugin is enabled open the plugin-settings.

LDAP enrollments settings:


Nested groups allow you to assign groups to classes and workgroups instead having to add the individual users.

Note: As of moodle 3.9 the required functions for nested groups are already included, so you can SKIP the following part.

In order to make nested groups work with classes and workgroups of UCS@school you need to make a change to a PHP-library of the moodle enrollment plugin.

Execute the following command on your moodle server:

sed -n '911,940p' /var/www/moodle/enrol/ldap/lib.php >edit;sed -i.bak '940 r edit' /var/www/moodle/enrol/ldap/lib.php;sed -i -e '941s/ad/default/' -e '949s/group/posixGroup/' /var/www/moodle/enrol/ldap/lib.php;rm edit

Note: This command also creates a backup (lib.php.bak) in case you want to revert the changes made.

If set up correctly, on the next login to moodle, users should be automatically enrolled into courses named after groups they are assigned to.

You can also perform the enrollment sync manually by executing the following command:

 php /var/www/moodle/enrol/meta/cli/sync.php


If you run into issues regarding permissions or elements of the moodle webpage not loading properly you can try to solve the issue by executing the following commands from the “Install Moodle” Cool Solution:

chown www-data:www-data /var/www/moodle/config.php
chmod 640 /var/www/moodle/config.php
chown -R www-data:www-data /var/moodledata
find /var/moodledata -type f -exec chmod 600 {} \;
find /var/moodledata -type d -exec chmod 700 {} \;

Further links