Has anyone else noticed that an LDAP user is assigned a non-existent role? I first noticed this when playing with LDAP Groups, but it seems to happen with only ldapauth.module installed. And I seem to recall the problem in 4.7 as well.

There are two ways to see the symptom. After logging in the first time with an LDAP account, logout and login with the admin account. Navigate to admin/user/user. Listed under Roles for the recent new LDAP users should be a bullet, yet any Drupal created accounts do not have a bullet with no role name. Notice if you edit or view the user, this empty role is not displayed.

The second way to see the problem after the LDAP user has logged in, is check the users_roles table and you will find an rid equal to 0 with the new users uid. There are no roles with a rid = 0.

I haven't been able to track this down, though I haven't tried hard. Can anyone confirm they also see this? I'm using Drupal 5.1, LDAP Integration HEAD, MySql 5.0.18 if any of that matters.

Comments

hedroom’s picture

hedroom commented

Yes, it happens to me also (running 5.x-1.1). If you remove the user from the role and the put them back, everythings ok. But I only have one role available for users when the login the first time.

Wade

astoltz’s picture

astoltz commented

This is happening because of a difference in the way Drupal4 and Drupal5 handle the "Authenticated User" role. I'm sorry, I don't have patch so I can't make a patch file, but here's how to fix it:

In ldapauth.module, around line 697 you'll see a line as follows:

$user = user_save('', array('name' => $login_string, 'pass' => $pass, 'mail' => $mail, 'init' => $init, 'status' => 1, 'authname_ldapauth' => $login_string, 'roles' => array(DRUPAL_AUTHENTICATED_RID), 'ldap_authentified' => TRUE, 'ldap_dn' => $dn));

Take out "DRUPAL_AUTHENTICATED_RID". This will leave you with the line:

$user = user_save('', array('name' => $login_string, 'pass' => $pass, 'mail' => $mail, 'init' => $init, 'status' => 1, 'authname_ldapauth' => $login_string, 'roles' => array(), 'ldap_authentified' => TRUE, 'ldap_dn' => $dn));

You will no longer have the issue. In other words, the role id 0 was only happening upon account creation.

scafmac’s picture

scafmac commented
Status: Active » Fixed

Thanks for fix.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)