Authorization Strategy II.B. not assigning roles. [#1817018]

I'm not able to successfully assign a Drupal role and I'm not sure why. When I run tests on users, I do get the proper group for users in the test results. However, when a user logs in they are not assigned any role.

I am using Authorization method II.B. with the following settings:

"roles are specified by LDAP attributes" - checked
"Attribute names (one per line)" = memberOf
"Convert full dn to value of first attribute. e.g. cn=admin group,ou=it,dc=ad,dc=nebraska,dc=edu would be converted to admin group" - checked
"Revoke drupal roles previously granted by LDAP Authorization but no longer valid." - checked
"Re grant drupal roles previously granted by LDAP Authorization but removed manually." - checked
"When a user logs on" checked, under "IV.B. When should drupal roles be granted/revoked from user?"

My logs give me the following message when I login.

LdapAuthorizationConsumerAbstract grantsAndRevokes() method log. action=grant:
consumer_id=Content Creator, op=grant, grant existing consumer id (Content Creator), granting existing consumer object, ,result=

I have been successful in mapping Organic Groups / OG roles, but the Drupal roles has proven troublesome. Any help with this would be appreciated.

Comment	File	Size	Author
#6	LDAP-server.png	676.99 KB	scottAtRoot802
#6	LDAP-authentication.png	358.29 KB	scottAtRoot802
#6	LDAP-authorization-og-role.png	315.37 KB	scottAtRoot802
#6	LDAP-authorization-drupal-role.png	308.78 KB	scottAtRoot802
#2	Auth-Strategy-IIB-test.png	91.62 KB	scottAtRoot802

Comments

Comment #1

scottAtRoot802 commented 1 November 2012 at 15:25

I'm still struggling with this. Any help would be appreciated. I'm willing to try any new configuration and / or provide more details if requested.

Comment #2

scottAtRoot802 commented 22 October 2012 at 16:14

Status	File	Size
new	Auth-Strategy-IIB-test.png	91.62 KB

In case it helps. Here's a screen of my test Authorization.

Comment #3

johnbarclay commented 3 November 2012 at 02:50

I don't expect to get back to authorization issues in 7.x-1.x. I would suggest trying 7.x-2.x-dev.

Comment #4

scottAtRoot802 commented 5 November 2012 at 20:41

I've been watching the 7.x-2.x-dev build. On your project page you mention, "An upgrade/update will be provided to go from 7.x-1.0 to 7.x-2.0." Is this upgrade path available now? If it is, I'll update now. If there isn't, are there steps to follow to preform the upgrade? My website is pre-production but there are several internal users who use the site on a daily bases. I'd like to avoid a lengthy disruption if possible.

Thanks.

Comment #5

johnbarclay commented 5 November 2012 at 20:54

The configuration data needs to be moved by hand at this point. The data in the user accounts (user table and user field tables) is likely not important in your use case unless the user's cns are changing. I'd like to do a quick writeup of which configuration fields in 7.x-1.x go to 7.x-2.x. What type of LDAP are you using and can you send me the configurations for ldap_server, ldap_authentication, and ldap_authorization (as much as you can share). I can use that as an example and help you along also.

Comment #6

scottAtRoot802 commented 6 November 2012 at 22:06

Version:

7.x-1.0-beta12

» 7.x-1.x-dev

Status	File	Size
new	LDAP-authorization-drupal-role.png	308.78 KB
new	LDAP-authorization-og-role.png	315.37 KB
new	LDAP-authentication.png	358.29 KB
new	LDAP-server.png	676.99 KB

Here are some screenshots of my config. I'm currently using LDAP 7.x-1.x-dev. Let me know if you need anything else.

Comment #7

johnbarclay commented 29 November 2012 at 05:38

In drupal roles, I would check create roles if needed and make "Content Creator" lower case ("content creator"). Then test. If this works, uncheck create drupal roles and test again.