LDAP Authorization: Successful Login only on reloading the page when using non LDAP SSO Module (e.g. CAS)

Certainly there must be some error messages in the apache logs or in the drupal log files as error 500 messages generally never go unlogged. Also you don't indicate which page or step in the process you are getting the error 500 on. Need much more info to help in solving this.

Let's move this issue to the right project. Would be helpful if you chimed in with the correct version. The developer may want to know about this one.

Which ldap modules are you using?

Hi

LDAP Authentication: Login page was disabled if ldap server was connected .
says:"You are accessing localhost using an unencrypted connection. For your security, localhost only supports account logins using a secure protocol such as HTTPS. You can switch to HTTPS by trying to view this page again after changing the URL in your browser's location bar to begin with "https" instead of "http". Please contact site admin for help if this error continues."

Help me and tell that what may I do.

Thanks

Please open a new issue for this. In general don't ask support questions unrelated to the original issue.

I'm also getting an error with LDAP + CAS, specifically "Call to a member function search() on a non-object in .....sites/modules/ldap/ldap_profile/ldap_profile.module on line 142."

I am running a copy of D7 (7.16), LDAP 1.0beta12 and CAS 1.2. I saw that this error was showing up in some other issue, but that it was only happening for old users. I deleted my drupal account and tried again and was still getting the 500 error.

My site is not in production now, but we hope to be soon, so any help would be greatly appreciated.

I would give the 7.x-2.x branch a whirl. Things are shuffled around in it but at this point I believe its in better shape than 7.x-1.x-dev.

The 2.x branch solved the problem. and CAS+LDAP Authorization seems to be working well at this point. Are LDAP_Server, LDAP_Authorization, LDAP_AuthorizationDrupalRoles and LDAP_User in 2.x pretty stable at this point? I'm looking to roll out a production site within the next week or two and am curious if you think the current version of the code would cause problems down the line?

Thanks!

Thanks for following up on this.

This last post of #1115704: Drupal 7 Status Updates will answer your question in more detail. I suggest subscribing to that issue. In summary, I think the 7.x-2.x is the way to go.

LDAP_Server, LDAP_Authorization, LDAP_AuthorizationDrupalRoles and LDAP_User are the most heavily tested in the 7.x-2.x branch. In the 7.x-1.x the authorization still has a number of bugs related to ldap group entries; in the 7.x-2.x branch that was all rewritten in a more sensible way.

I'm having this issue (server error after cas login, then refreshing shows the front page just fine) - I'm using
CAS 7.x-1.2
LDAP 7.x-2.0-beta1
Drupal 7.17
It started once I downloaded LDAP a week and a half ago. I was on Drupal 7.15 then, I updated today and still see the same issue. This was fixed before by getting the latest version of LDAP? Because I have it...Is there something I'm missing? Thanks so much in advance

Also, I earlier I had an LDAP 1.0-beta12 version (had error then too). But now I have 7.x-2.0-beta1

I believe this is a bug. If refreshing the page authenticates the user, I suspect authentication is taking place but not redirecting properly. Or LDAP Authorization breaking the redirect/login process. I tagging this as a bug and making this issue specific to non ldap single sign on with ldap authorization.

For the CAS users:
- does CAS log the users on when ldap modules are disabled?
- is ldap_sso and ldap_authentication disabled?
- Which ldap modules do you have enabled?

I am authenticating with CAS currently, and it signs them on, once you refresh you see they're logged in. I'm authorizing with LDAP (trying to get it to add a drupal role when signing in).
Unfortunately now I'm getting WSOD on my whole site..so I'll have to fix that before I can try 1) disabling LDAP and checking CAS and 2)checking if ldap_sso & ldap_authentication are disabled. I'll get you a list as soon as i fix my WSOD (i hope it wasn't related to updating the LDAP module..but it was fine yesterday.)
Thanks for responding so quickly, i'll work on your questions asap.

Okay, there's a problem with my LDAP stuff now - (don't worry I won't change this from original issue, I still want to know this server issue)
I had these modules enabled:
ldap_authorization
ldap_authorization_drupal_role
ldap_help
ldap_profile
ldap_servers
ldap_user
cas_ldap
Once I disabled these through phpmyadmin, WSOD went away. And yes, CAS logs the user on when LDAP modules are disabled. I did NOT have ldap_authentication because I wanted to use CAS to authenticate, and LDAP to just authorize. I did NOT have ldap_sso enabled either.

Thanks for following up on this. This may be a pain to debug, but here are the next steps I believe:

1. disable ldap_user and ldap_profile (ldap_profile is replaced by ldap_user in 7.x-2.0) just to rule these out as part of the problem.

If this does not help, I suspect _ldap_authorizations_user_authorizations_set() saving the $user may be the cause. I don't see ldap_authorization affecting the redirect/destination of the process.

2. To help narrow which code is presenting the issue, in ldap_authorization.inc comment one of the following lines at a time in ldap_authorizations.inc and see if the problem exists:

• around line 291: // _ldap_authorizations_user_authorizations_set($user, $consumer, $filtered_ldap_authorizations, $ldap_user, $watchdog_tokens);
• around 410 // $consumer->authorizationGrant($user, $user_auth_data, $grants, $ldap_entry, FALSE)
• around 422 // $user = user_save($user, $user_edit);

Here's roughly the workflow:

• cas.module:cas_login_check()
• cas.module:cas_login_check $account = cas_user_register($cas_name); // create account
• cas.module:cas_login_check cas_user_module_invoke('presave', $edit, $account); // allow other modules to affect account
• cas.module:cas_login_check user_login_finalize() ... invokes hook_user_login() which is where ldap authorization kicks in
• ldap_authorization.module:ldap_authorization_user_login()
• ldap_authorizations_user_authorizations
• cas_login_page() redirect to pages

this debugging was for CAS, not cas_ldap.

okay, so to be clear, i'm not getting the server error anymore - i disabled cas_ldap (CAS ldap tokens), and things were fixed. Are your instructions mostly to fix this server error? I'm not sure if I should re-enable ldap cas (i'm still not sure if i need it or not) and try your instructions with it enabled to see if i can fix the server error WITH it enabled?
#2 - do i need the cas ldap module to be able to add drupal roles based on an ldap attribute?
Sorry, i'm new to the ldap module.

I can try the debugging though - just tell me if you want me to do it with cas_ldap enabled or disabled

Sorry, but I'm a little bit confused - you said to turn of LDAP user module, but to do that i have to disable LDAP authorization & LDAP Authorization-drupal roles..so then almost all the LDAP modules i'm using are disabled, and it won't do anything. Sorry, I guess I don't understand what you're understanding about this. :(

This may simply be a product of #1834600: Incompatibility with LDAP 7.x-2.x-dev. To get around that issue, use the lastest ldap 7.x-2.0-dev. If this does not solve it, I'll clarify the debugging process better.

Recent changes in ldap user save and ldap authentication validation in 7.x-2.x-dev may have helped with this. Can someone test with CAS and get back to this issue.

>12 months without an update