I have a strange case in production where we have the same username on two different ldap servers/domains. Both servers are setup in drupal too.

The users are different persons, so I expected that ldap_integration will allow login for the first person but not the second. However, it appears they can both log in, and the last person to log in claims the drupal user.

A temporary fix is to make all usernames across all domains to be unique... But it would be nice for ldap_integration to handle the situation, by at least only allowing only one person to log in to avoid the shared drupal user scenario.

Please any suggestions on fix are welcome. Thanks for your help.

Comments

johnbarclay’s picture

cgmonroe’s picture

Status: Active » Fixed

Marking as fixed since the just commited dev version should now prevent this.... this is best done using a PUID attribute but even if you are not, it now checks that the authenticated LDAP info (Server/DN) matches the Drupal user.

There is also a hook_ldap_drupal_user_name_alter that can be used to allow both user to access Drupal by mapping them to different Drupal names via a custom module.

See Comment #10 of #1475272: 6.x-1.0 Release Candidate 1 Status

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.