Does this version of ldap_integration require changes to the user.module like the old one, or require any other modules?

I have been unsuccesful getting it to work. It appears to be checking the ldap directory, but does not allow a login.

The error I get is:
Login attempt failed for user@example.com: Sorry. Unrecognized username or password.

Thanks for the help

Comments

pablobm’s picture

pablobm commented

This module needs no further installation besides leaving it in the modules directory.

The problem might lie in an incorrect setting. Have special care with the settings for LDAP login pattern and LDAP login replacement.

This is the setting for my home LDAP directory:

LDAP login pattern
/(\S+)@(\S+)\.(\S+)/i
LDAP login replacement
uid=$1,dc=$2,dc=$3

This way, a login as jmelavo@pablobm.com will be treated as uid=jmelavo,dc=pablobm,dc=com.

Anonymous’s picture

(not verified) commented

I have checked that. If I uncomment out this line in the function _ldap_integration_init:

 //die('con: ' . $con . ', dn: ' . $dn . ', pass: ' . $pass . ', server: ' . $server . ', port: ' . $port);

I get the correct dn and password.
I do not get an ldap_bind error. It appears to be something after the ldap bind.

This is a fresh install of drupal 4.5.1, and I have tried your new 1.2 version in cvs with the same results.

thanks for looking at this. If you would like more details I can email you directly.

pablobm’s picture

pablobm commented

Maybe the LDAP access control lists are not properly configured?.

Actually, I have no experience at all with LDAP and I created this module for a third organisation where, as far as I know, it has been tested succesfully.

In case it may help, I added the next lines to the /etc/openldap2.2/slapd.access.conf to make users able to authenticate against my home LDAP directory:

<code>access to *
        by self write
        by users read
        by anonymous auth
        by * none

pablobm’s picture

pablobm commented

AAAAAAAAAAAAAAAAAARGH!!. Completely forgot this!

Tha problem arises in the fact that I forgot including in the documentation the fact that there's a preference to be set: in /admin/user/configure, you have to set the preference 'Public registrations' to 'Visitors can create accounts and no administrator approval is required'.

This sounds like a terrible security issue, but it doesn't seem to give anybody any special power and, moreover, a close examination of Drupal's authentification code reveals that it is necessary (see modules/user.module, function user_authenticate()).

Sorry to everybody who I have caused a headache to because of this.

Anonymous’s picture

(not verified) commented

That's It!

I had set my system up to only allow registration by administrators. I will have to look around a bit to see if it is possible to get the ldap stuff to work both ways. Would you mind adding this little tidbit to your README?

Thanks

pablobm’s picture

pablobm commented

The README is already updated. Thanks to you for pointing out the problem.

Anonymous’s picture

(not verified) commented
tclineks’s picture

tclineks commented
Version: » 4.6.x-1.x-dev

I haven't looked over the code in much detail but couldn't it fallback to authenticating against existing (drupal-space) accounts and failing for those that aren't yet?

pablobm’s picture

pablobm commented

Sorry, but I don't follow you. Could you please leave an example?.

BTW, this thread is very old, code has undergone severe changes, some concepts are not the same... and anyway, I was terribly (and even dangerously) wrong when I wrote comment #4... I was young and clueless (one year younger than now, same cluelessness :P )