Hi there,

I've managed to get LDAP authentication working, but there is a small problem with account creation when the DN string is particularly long. For example, if the LDAP directory returns a DN of 'CN=Bob Smith, OU=Permanent,OU=Employees, OU=Chicago, DC=Portable Scientifics, DC=com", this might be over 100 chars long for some DNs.

During the _ldapauth_ldap_login method in the ldapauth.module, if a new account is created, a new row in Drupal's user table is added. The mail and init fields are prepopulated with the value of DN. Unfortunately, these fields only allow lengths of 64 or less, so if you have a long DN you cause errors and a new user account is not created.

Code needs to be changed from:

$mail = $dn;
$init = $dn;

to:

$mail = "";
$init = "";

Thanks,
M.

Comments

poietes’s picture

poietes commented
Status: Active » Fixed

This looks like it's been fixed in HEAD.

scafmac’s picture

scafmac commented
Status: Fixed » Active

I believe only the email assignment is fixed in head. There is nothing to prevent an overly long cn from being truncated. It isn't clear it is a problem, but I haven't checked to see what init is used for. Kreaper?

poietes’s picture

poietes commented

Quite right ... init is still being initialised with the value of DN, so this can still cause truncation problems. My mistake! Beyond that initial assignment it doesn't look like the value of init is used anywhere else in the three LDAP modules. Maybe it's a hangover from the 4.7 version?

scafmac’s picture

scafmac commented
Status: Active » Fixed

It's fixed in head and will be in the 5.x-1.2 release.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)