This is a script I wrote that converts my 6000 users from ldap_integration 4.7 to be compatible with the latest 5.x HEAD. Basically it opens up each LDAP user in the users table (anyone with ldap_authentified = TRUE) and makes sure they have the correct value of ldap_config set. Because I had so many users it was not feasible to just change them all by hand or expect the users to correctly modify their own setups.

The presence of ldap_authentified in the serialized user data caused those users to be unable to login, also loading the User page would cause a long delay while LDAP connections would timeout. LDAP integration 5.x thinks that the user is properly configured because it sees ldap_authentified = 1 but the user does not have the ldap_config value set and so it sees an empty value for the server to connect to, resulting in these watchdog errors from the LDAPInterface class:

LDAP Bind Failure for user , Error -1: Can't Contact LDAP server

ldapauth should make sure that ldap_config is set before attempting an ldap connection, and possibly also set ldap_authentified = FALSE and alert the user.

The attached 4.7 - 5.x data conversion/upgrade script is only useful for you if you have:
- lots of old 4.7 LDAP users you want to use with 5.x LDAP integration
- only one LDAP server. You put the name of your server config in one of the variables at the top of the file.

To use it the pci_useres_fix_ldap.php script:
1. Drop it in the sites dir for your site (like sites/mysite.com/ , right next to settings.php)
2. Configure and follow instructions in the file.
3. BACK UP YOUR DATABASE BEFORE YOU RUN IT!!

Hopefully this comes in useful for anyone having to upgrade large numbers of users and keep their LDAP settings.

Damien
The Post Carbon Institute

CommentFileSizeAuthor
pci_users_fix_ldap.php_.txt5.53 KBdamien_vancouver

Comments

johnbarclay’s picture

johnbarclay commented
Status: Active » Closed (won't fix)

Closing 5.x issues to clean out issue queue.