Please look at the discussion from http://moodle.org/mod/forum/discuss.php?d=35865

LDAP creator does not work with MSAD when there is a comma in the DN that is not a part of the path.

In /auth/ldap/lib.php:

Near line 1386 the php function ldap_get_dn is used to obtain the dn of a user account if in this user?s dn there is a comma (my example is ?cn=Bromley, James,ou=tech center,dc=mydomain,dc=com?) it is escaped with only one backslash. Then it is fed to ldap_read near line 1261. The problem is ldap_read needs the comma escaped with two backslashes. So: ?cn=Bromley, James,ou=tech center,dc=mydomain,dc=com? needs to become ?cn=Bromley\, James,ou=tech center,dc=mydomain,dc=com?).

I could not find mention to this in the PHP website or on Mosilla?s website, except for another user pointing out in the comments of ldap_rename that things had to be escaped with two backslashes.

A particularly helpful moodler Iñaki Arenaza found the actual cause for it not working and sujested this work aroung until a patch was available, replace the if block for if ($CFG->ldap_memberattribute_isdn) with the following:

if ($CFG->ldap_memberattribute_isdn) {

$username=auth_ldap_find_userdn($ldapconnection, $username);

if (! $username )

$username = preg_replace ('/
,/', '\\\\,', $username);

}

James Bromley