Tools Within Drupal and LDAP for Debugging
- Enable LDAP Help Module: admin/modules/list
- Enable detailed logging in ldap help: admin/config/people/ldap
- Enable Database Logging module: admin/modules/list
- Use the test link on the server settingss page: admin/config/people/ldap/servers
- Use ldap help status page: admin/config/people/ldap/help/status
Picking Through the Database
Picking through the database can be helpful. Here are some queries. The serialized data can be better viewed at http://unserialize.net/serialize.
authmap. Will contain a record for every user who is ldap authenticated.
<br/>select * from authmap where module like 'ldap%';
user. ldap data specific to a user will be stored in the
datafield of this table.
select cast(data as char(1000)) from users where data like '%ldap%';
select name, cast(value as char(1000)) from variable where name like 'ldap%'
Isolating LDAP problems from Drupal LDAP Module Problems
When things get tricky, sometimes its best to go to the php scripts or command line queries of ldap to make sure a problem is in Drupal or Drupal LDAP modules and not in the LDAP server, PHP ldap extension, or particular ldap user or group entries.
- For authentication issues, make sure the user is able to use other software with their ldap credentials.
- Try a php script that is not tied to drupal such as the one in the ldap_help module within ldap_help/ldap_test_script
This will help isolate drupal issues from php ldap extenstion and ldap server problems. This script could be intergrated into ldap_help module also for generic testing.
- Use another tool such as apache directory or command line ldap queries
Getting Good Results from LDAP Support/Issue Queue
- see: admin/config/people/ldap/help/issues
Debugging LDAP Authorization
- Go to the test form: admin/config/people/ldap/authorization/test/drupal_role
- submit with a username.
- In the response page to the form, examine the "Prefiltered and Final Mappings" section. It lists all the "raw authorizations" or the authorizations before filtering and mapping. If you do not see the raw authorizations you expect, your ldap Strategy II.A, II.B, or II.C. is off. Otherwise your problem is likely in part III of the authorization configuration which triggers when authorization happens.
- There is some ability to see intermediary data in the authorization code. This can be helpful for debugging. Enable "detailed logging" as above. Then log on as the user in question. There will be detailed logs in watchdog of the ldap authorization steps
- In the 7.1 branch, authorizations are stored in the $user->data array. To see this array, do the "Picking Through the Database" step for the user table. You should see authorization records in there.