LDAP Authentication: Logged in user has identity changed when another user logs in... [#1899336]

Posted by gwfran on January 25, 2013 at 10:34pm

5 followers

Issue Summary

User A logs in successful against the AD server. User B then logs in successfully on a separate computer. User A looks at his account via the "My Account" link and is now logged in as User B.

Under Servers, we are using a Service Account Bind, AuthName/AccountName is "SAMAccountName", Email Attribute is "UserPrincipalName", Unique User ID Attribute is "dn", Expression for user DN is "cn=%username,%basedn".

Under User, we "Show option on user create form to determine how account conflict is resolved", "Create or Sync to Drupal user anytime a Drupal user account is created or updated. Requires a server with binding method of "Service Account Bind" or "Anonymous Bind", "Associate Drupal Account with the LDAP entry", "Account creation settings at /admin/config/people/accounts/settings do not affect LDAP Associated Drupal accounts", "Do not check for orphaned Drupal accounts".

Authentication settings are "Only LDAP Authentication is allowed except for user 1", "Show disabled email field on usr forms...", and "Update stored email if LDAP email differs at login but don't notify user."

Thanks for any help you can lend!

Comments

#1

Posted by gwfran on January 25, 2013 at 10:42pm

More info: In the Admin section, it looks like User 2 in the People list changes from User A to User B any time a new user successfully logs in.

#2

Posted by johnbarclay on January 28, 2013 at 4:16am

Title:	Logged in user has identity changed when another user logs in...	» LDAP Authentication: Logged in user has identity changed when another user logs in...
Status:	active	» postponed (maintainer needs more info)

Do user A and B have different Drupal UIDs, LDAP PUIDs, and different Drupal usernames?
What happens if you convert user A and user B to drupal accounts and repeat the same process with LDAP disabled?

Can you test against 7.x-2.0-dev please also?

#3

Posted by gwfran on January 28, 2013 at 7:45pm

User A was created in Drupal and was then matched up to the corresponding LDAP user entry. User B was never created in Drupal but exists in the LDAP. User A and B have different PUIDs within LDAP. I'll load 7.x-2.0-dev ASAP.

Thanks for your rapid jump on this!

#4

Posted by gwfran on January 31, 2013 at 1:46pm

Using the 7.x-2.0-dev did not help. I get the following error now: "Notice: Undefined variable: ldap_authentication_authmap in _ldap_authentication_user_login_authenticate_validate() (line 507 of /usr/share/drupal7/modules/ldap/ldap_authentication/ldap_authentication.inc)."

#5

Posted by nlozovan on February 5, 2013 at 7:26am

I also have this problem. Let's say I have only the admin drupal account. When I am trying to log in with an LDAP testing account, it goes in with no problems. When I log out and try to log in with a second LDAP testing account, it logs in, but the username of the first testing account overwrites the second one. The email stays the same. And the error with "Undefined variable: ldap_authentication_authmap" prints out.

#6

Posted by gwfran on February 8, 2013 at 6:39pm

Status:

postponed (maintainer needs more info)

» active

#7

Posted by johnbarclay on February 10, 2013 at 5:33pm

I refactored the ldap authentication validation function completely to get more insight into this. It was unwieldy in length and branching. See http://drupalcode.org/project/ldap.git/commitdiff/048aa7423a085548261c7f...

The undefined variable issue is fixed. I still can't reproduce the error. It may be solved, maybe not.

Do you mind trying to reproduce again with http://drupalcode.org/project/ldap.git/snapshot/048aa7423a085548261c7f29...
?

#8

Posted by johnbarclay on February 10, 2013 at 7:00pm

Version:

7.x-2.0-beta3

» 7.x-2.x-dev

#9

Posted by gwfran on February 15, 2013 at 8:22pm

Tried the variable fix - that definitely removed the error message. However, the user issue remains. Here's a list of all the modules I have installed in case there might be a conflict...

Hide Core

Name	Version	Description	Operations
Aggregator	7.18	Aggregates syndicated content (RSS, RDF, and Atom feeds).
Block	7.18	Controls the visual building blocks a page is constructed with. Blocks are boxes of content rendered into an area, or region, of a web page.Required by: Dashboard (enabled)	Help	Permissions	Configure
Blog	7.18	Enables multi-user blogs.	Help
Book	7.18	Allows users to create and organize related content in an outline.	Help	Permissions	Configure
Color	7.18	Allows administrators to change the color scheme of compatible themes.Required by: Stylizer (enabled)	Help
Comment	7.18	Allows users to comment on and discuss published content.Requires: Text (enabled), Field (enabled), Field SQL storage (enabled)Required by: Forum (enabled), Tracker (enabled)	Help	Permissions	Configure
Contact	7.18	Enables the use of both personal and site-wide contact forms.
Content translation	7.18	Allows content to be translated into different languages.Requires: Locale (disabled)
Contextual links	7.18	Provides contextual links to perform actions related to elements on a page.	Help	Permissions
Dashboard	7.18	Provides a dashboard page in the administrative interface for organizing administrative tasks and tracking information within your site.Requires: Block (enabled)	Help	Permissions	Configure
Database logging	7.18	Logs and records system events to the database.	Help
Field	7.18	Field API to add fields to entities like nodes and users.Requires: Field SQL storage (enabled), Field (enabled)Required by: Drupal, Field SQL storage (enabled), Field (enabled), Text (enabled), Comment (enabled), Field UI (enabled), File (enabled), Options (enabled), Taxonomy (enabled), Forum (enabled), Image (enabled), Number (enabled), LDAP User Module (enabled), LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP SSO (disabled), List (enabled), Tracker (enabled), XML sitemap taxonomy (disabled)	Help
Field SQL storage	7.18	Stores field data in an SQL database.Requires: Field (enabled), Field SQL storage (enabled)Required by: Drupal, Field SQL storage (enabled), Field (enabled), Text (enabled), Comment (enabled), Field UI (enabled), File (enabled), Options (enabled), Taxonomy (enabled), Forum (enabled), Image (enabled), Number (enabled), LDAP User Module (enabled), LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP SSO (disabled), List (enabled), Tracker (enabled), XML sitemap taxonomy (disabled)	Help
Field UI	7.18	User interface for the Field API.Requires: Field (enabled), Field SQL storage (enabled)	Help
File	7.18	Defines a file field type.Requires: Field (enabled), Field SQL storage (enabled)Required by: Image (enabled)	Help
Filter	7.18	Filters content in preparation for display.Required by: Drupal	Help	Permissions	Configure
Forum	7.18	Provides discussion forums.Requires: Taxonomy (enabled), Options (enabled), Field (enabled), Field SQL storage (enabled), Comment (enabled), Text (enabled)	Help	Permissions	Configure
Help	7.18	Manages the display of online help.	Help
Image	7.18	Provides image manipulation tools.Requires: File (enabled), Field (enabled), Field SQL storage (enabled)	Help	Permissions	Configure
List	7.18	Defines list field types. Use with Options to create selection lists.Requires: Field (enabled), Field SQL storage (enabled), Options (enabled)	Help
Locale	7.18	Adds language handling functionality and enables the translation of the user interface to languages other than English.Required by: Content translation (disabled)
Menu	7.18	Allows administrators to customize the site navigation menu.Required by: XML sitemap menu (disabled)	Help	Permissions	Configure
Node	7.18	Allows content to be submitted to the site and displayed on pages.Required by: Drupal	Help	Permissions	Configure
Number	7.18	Defines numeric field types.Requires: Field (enabled), Field SQL storage (enabled)Required by: Drupal (Field type(s) in use - see Field list), LDAP User Module (enabled), LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP SSO (disabled)	Help
OpenID	7.18	Allows users to log into your site using OpenID.
Options	7.18	Defines selection, check box and radio button widgets for text and numeric fields.Requires: Field (enabled), Field SQL storage (enabled)Required by: Taxonomy (enabled), Forum (enabled), List (enabled), XML sitemap taxonomy (disabled)	Help
Overlay	7.18	Displays the Drupal administration interface in an overlay.	Help	Permissions
Path	7.18	Allows users to rename URLs.Required by: Pathauto (enabled)	Help	Permissions	Configure
PHP filter	7.18	Allows embedded PHP code/snippets to be evaluated.	Help	Permissions
Poll	7.18	Allows your site to capture votes on different topics in the form of multiple choice questions.
RDF	7.18	Enriches your content with metadata to let other applications (e.g. search engines, aggregators) better understand its relationships and attributes.
Search	7.18	Enables site-wide keyword searching.	Help	Permissions	Configure
Shortcut	7.18	Allows users to manage customizable lists of shortcut links.	Help	Permissions	Configure
Statistics	7.18	Logs access statistics for your site.
Syslog	7.18	Logs and records system events to syslog.
System	7.18	Handles general site configuration for administrators.Required by: Drupal	Help	Permissions	Configure
Taxonomy	7.18	Enables the categorization of content.Requires: Options (enabled), Field (enabled), Field SQL storage (enabled)Required by: Drupal (Field type(s) in use - see Field list), Forum (enabled), XML sitemap taxonomy (disabled)	Help	Permissions	Configure
Testing	7.18	Provides a framework for unit and functional testing.
Text	7.18	Defines simple text field types.Requires: Field (enabled), Field SQL storage (enabled)Required by: Drupal (Field type(s) in use - see Field list), Comment (enabled), Forum (enabled), Tracker (enabled)	Help
Toolbar	7.18	Provides a toolbar that shows the top-level administration menu items and links from other modules.	Help	Permissions
Tracker	7.18	Enables tracking of recent content for users.Requires: Comment (enabled), Text (enabled), Field (enabled), Field SQL storage (enabled)	Help
Trigger	7.18	Enables actions to be fired on certain system events, such as when new content is created.	Help		Configure
Update manager	7.18	Checks for available updates, and can securely install or update modules and themes via a web interface.	Help		Configure
User	7.18	Manages the user registration and login system.Required by: Drupal	Help	Permissions	Configure

Hide Chaos tool suite

Name	Version	Description	Operations
Bulk Export	7.x-1.2	Performs bulk exporting of data objects known about by Chaos tools.Requires: Chaos tools (enabled)
Chaos tools	7.x-1.2	A library of helpful tools by Merlin of Chaos.Required by: Bulk Export (disabled), Custom rulesets (enabled), Chaos Tools (CTools) AJAX Example (disabled), Custom content panes (enabled), Panels (enabled), Page manager (enabled), Chaos Tools (CTools) Plugin Example (disabled), Views (enabled), Date Views (enabled), LDAP Views (disabled), Panels In-Place Editor (enabled), Mini panels (enabled), Panel nodes (enabled), Stylizer (enabled), Views content panes (enabled), Views Slideshow (disabled), Views Slideshow: Cycle (disabled), Views UI (enabled)	Help
Chaos Tools (CTools) AJAX Example	7.x-1.2	Shows how to use the power of Chaos AJAX.Requires: Chaos tools (enabled)
Chaos Tools (CTools) Plugin Example	7.x-1.2	Shows how an external module can provide ctools plugins (for Panels, etc.).Requires: Chaos tools (enabled), Panels (enabled), Page manager (enabled), Advanced help (enabled)
Custom content panes	7.x-1.2	Create custom, exportable, reusable content panes for applications like Panels.Requires: Chaos tools (enabled)		Permissions
Custom rulesets	7.x-1.2	Create custom, exportable, reusable access rulesets for applications like Panels.Requires: Chaos tools (enabled)		Permissions
Page manager	7.x-1.2	Provides a UI and API to manage pages within the site.Requires: Chaos tools (enabled)Required by: Chaos Tools (CTools) Plugin Example (disabled)	Help	Permissions
Stylizer	7.x-1.2	Create custom styles for applications such as Panels.Requires: Chaos tools (enabled), Color (enabled)		Permissions
Views content panes	7.x-1.2	Allows Views content to be used in Panels, Dashboard and other modules which use the CTools Content API.Requires: Chaos tools (enabled), Views (enabled)

Hide Date/Time

Name	Version	Description	Operations
Date	7.x-2.6	Makes date/time fields available.Requires: Date API (enabled)Required by: Date All Day (disabled), Date Context (disabled), Date Migration (disabled), Date Repeat Field (disabled), Date Migration Example (disabled), Date Tools (disabled)	Help
Date All Day	7.x-2.6	Adds 'All Day' functionality to date fields, including an 'All Day' theme and 'All Day' checkboxes for the Date select and Date popup widgets.Requires: Date API (enabled), Date (enabled)
Date API	7.x-2.6	A Date API that can be used by other modules.Required by: Date (enabled), Date All Day (disabled), Date Context (disabled), Date Migration (disabled), Date Repeat API (enabled), Date Repeat Field (disabled), Date Migration Example (disabled), Date Popup (enabled), Date Tools (disabled), Date Views (enabled)
Date Context	7.x-2.6	Adds an option to the Context module to set a context condition based on the value of a date field.Requires: Date (enabled), Date API (enabled), Context (missing)
Date Migration	7.x-2.6	Provides support for importing into date fields with the Migrate module.Requires: Migrate (missing), Date (enabled), Date API (enabled)Required by: Date Migration Example (disabled)
Date Popup	7.x-2.6	Enables jquery popup calendars and time entry widgets for selecting dates and times.Requires: Date API (enabled)	Help	Configure
Date Repeat API	7.x-2.6	A Date Repeat API to calculate repeating dates and times from iCal rules.Requires: Date API (enabled)Required by: Date Repeat Field (disabled), Date Migration Example (disabled)
Date Repeat Field	7.x-2.6	Creates the option of Repeating date fields and manages Date fields that use the Date Repeat API.Requires: Date API (enabled), Date (enabled), Date Repeat API (enabled)Required by: Date Migration Example (disabled)
Date Tools	7.x-2.6	Tools to import and auto-create dates and calendars.Requires: Date (enabled), Date API (enabled)
Date Views	7.x-2.6	Views integration for date fields and date functionality.Requires: Date API (enabled), Views (enabled), Chaos tools (enabled)

Hide Fields

Enabled	Name	Version	Description	Operations
	Link	7.x-1.0	Defines simple link field types.

Hide Lightweight Directory Access Protocol

Name	Description	Operations
LDAP Authentication	Implements LDAP authenticationRequires: LDAP Servers (enabled), LDAP User Module (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled)Required by: AD Common Use Cases (disabled), LDAP SSO (disabled)	Help	Configure
LDAP Authorization	Implements LDAP authorization (previously LDAP Groups)Requires: LDAP Servers (enabled), LDAP User Module (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled)Required by: LDAP Authorization - Drupal Roles (disabled), AD Common Use Cases (disabled), LDAP Authorization - OG (Organic Groups) (disabled)
LDAP Authorization - Drupal Roles	Implements LDAP authorization for Drupal rolesRequires: LDAP Authorization (disabled), LDAP Servers (enabled), LDAP User Module (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled)Required by: AD Common Use Cases (disabled)
LDAP Authorization - OG (Organic Groups)	Implements LDAP authorization for Organic GroupsRequires: LDAP Authorization (disabled), LDAP Servers (enabled), LDAP User Module (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled), Og (missing)
LDAP Feeds	Included feeds fetcher for a generic ldap query and ldap entry parser to turn fetcher data into feeds compatible parser result. Used to automate content creation based on ldap queries.Requires: Feeds (missing), LDAP Servers (enabled), LDAP Query (disabled)
LDAP Help	LDAP Help for configuration and reporting issues.Requires: LDAP Servers (enabled), LDAP Test Module (disabled), Entity API (enabled)Required by: AD Common Use Cases (disabled), Provision LDAP Users (disabled)
LDAP Query	LDAP Query Builder and Storage for queries used by other ldap modules such as ldap feeds, ldap provision, etcRequires: LDAP Servers (enabled)Required by: LDAP Feeds (disabled), LDAP Views (disabled)
LDAP Servers	Implements LDAP Server ConfigurationRequired by: LDAP User Module (enabled), LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), LDAP Test Module (disabled), LDAP Help (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP Query (disabled), LDAP Feeds (disabled), LDAP SSO (disabled), LDAP Views (disabled)	Help	Configure
LDAP SSO	Implements Single Sign On (SSO) LDAP AuthenticationRequires: LDAP Servers (enabled), LDAP Authentication (enabled), LDAP User Module (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled)
LDAP Test Module	Module for LDAP module for testing. Only for development and debugging purposes.Requires: LDAP Servers (enabled), Entity API (enabled)Required by: LDAP Help (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled)
LDAP User Module	Module for ldap identified users. User may be associated via ldap authentication, ldap authorization, or from account provisioning. Configures synching of ldap entries to drupal user properties, fields and the opposite direction.Requires: LDAP Servers (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled)Required by: LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP SSO (disabled)	Help	Configure
LDAP Views	Implements LDAP integration with ViewsRequires: LDAP Query (disabled), LDAP Servers (enabled), Views (enabled), Chaos tools (enabled)

Hide Mail

Enabled	Name	Version	Description	Operations
	SMTP Authentication Support	7.x-1.0-beta2	Allow for site emails to be sent through an SMTP server of your choice.	Help	Permissions	Configure

Hide Other

Name	Version	Description	Operations
Advanced help	7.x-1.0	Allow advanced help and documentation.Required by: Chaos Tools (CTools) Plugin Example (disabled), Advanced help example (disabled)	Help	Permissions
Advanced help example	7.x-1.0	A example help module to demonstrate the advanced help module.Requires: Advanced help (enabled)
Backup and Migrate	7.x-2.4	Backup or migrate the Drupal Database quickly and without unnecessary data.	Help	Permissions	Configure
Entity API	7.x-1.0-rc3	Enables modules to work with any entity type and to provide entities.Required by: Entity tokens (enabled), LDAP User Module (enabled), LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), LDAP Test Module (disabled), LDAP Help (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP SSO (disabled), Rules (enabled), Rules UI (enabled), Rules translation (disabled), Rules Scheduler (enabled)	Help
Entity tokens	7.x-1.0-rc3	Provides token replacements for all properties that have no tokens and are known to the entity API.Requires: Entity API (enabled)Required by: Rules (enabled), Rules UI (enabled), Rules translation (disabled), Rules Scheduler (enabled)	Help
Libraries	7.x-2.0	Allows version dependent and shared usage of external libraries.Required by: Views Slideshow: Cycle (disabled)
Pathauto	7.x-1.2	Provides a mechanism for modules to automatically generate aliases for the content they manage.Requires: Path (enabled), Token (enabled)	Help	Permissions	Configure
Token	7.x-1.4	Provides a user interface for the Token API and some missing core tokens.Required by: Pathauto (enabled)	Help

Hide Panels

Name	Version	Description	Operations
Mini panels	7.x-3.3	Create mini panels that can be used as blocks by Drupal and panes by other panel modules.Requires: Panels (enabled), Chaos tools (enabled)		Permissions
Panel nodes	7.x-3.3	Create nodes that are divided into areas with selectable content.Requires: Panels (enabled), Chaos tools (enabled)		Permissions	Configure
Panels	7.x-3.3	Core Panels display functions; provides no external UI, at least one other Panels module should be enabled.Requires: Chaos tools (enabled)Required by: Chaos Tools (CTools) Plugin Example (disabled), Panels In-Place Editor (enabled), Mini panels (enabled), Panel nodes (enabled)	Help	Permissions	Configure
Panels In-Place Editor	7.x-3.3	Provide a UI for managing some Panels directly on the frontend, instead of having to use the backend.Requires: Panels (enabled), Chaos tools (enabled)			Configure

Hide Printer, email and PDF versions

Name	Version	Description	Operations
PDF version	7.x-1.2	Adds the capability to export pages as PDF.Requires: Printer-friendly pages (enabled)		Permissions	Configure
Printer-friendly pages	7.x-1.2	Adds a printer-friendly version link to content and administrative pages.Required by: Send by email (enabled), PDF version (enabled)	Help	Permissions	Configure
Send by email	7.x-1.2	Provides the capability to send the web page by emailRequires: Printer-friendly pages (enabled)		Permissions	Configure

Hide Rules

Name	Version	Description	Operations
Rules	7.x-2.2	React on events and conditionally evaluate actions.Requires: Entity tokens (enabled), Entity API (enabled)Required by: Rules UI (enabled), Rules translation (disabled), Rules Scheduler (enabled)	Help	Permissions	Configure
Rules Scheduler	7.x-2.2	Schedule the execution of Rules components using actions.Requires: Rules (enabled), Entity tokens (enabled), Entity API (enabled)			Configure
Rules UI	7.x-2.2	Administrative interface for managing rules.Requires: Rules (enabled), Entity tokens (enabled), Entity API (enabled)

Hide User interface

Name	Version	Description	Operations
IMCE Wysiwyg API bridge	7.x-1.0	Makes IMCE available as plugin for client-side editors integrated via Wysiwyg API.Requires: IMCE (disabled), Wysiwyg (disabled)
jQuery Update	7.x-2.2	Updates jQuery to jQuery 1.5.2 and jQuery UI 1.8.11.	Help	Configure
Wysiwyg	7.x-2.2	Allows to edit content with client-side editors.Required by: IMCE Wysiwyg API bridge (disabled)

Hide Views

Name	Version	Description	Operations
Views	7.x-3.5	Create customized lists and queries from your database.Requires: Chaos tools (enabled)Required by: Date Views (enabled), LDAP Views (disabled), Views content panes (enabled), Views Slideshow (disabled), Views Slideshow: Cycle (disabled), Views UI (enabled)	Help	Permissions
Views Slideshow	7.x-3.0	Provides a View style that displays rows as a jQuery slideshow. This is an API and requires Views Slideshow Cycle or another module that supports the API.Requires: Views (enabled), Chaos tools (enabled)Required by: Views Slideshow: Cycle (disabled)
Views Slideshow: Cycle	7.x-3.0	Adds a Rotating slideshow mode to Views Slideshow.Requires: Views Slideshow (disabled), Views (enabled), Chaos tools (enabled), Libraries (disabled)
Views UI	7.x-3.5	Administrative interface to views. Without this module, you cannot create or edit your views.Requires: Views (enabled), Chaos tools (enabled)			Configure

Hide Webform

Enabled	Name	Version	Description	Operations
	Webform	7.x-3.18	Enables the creation of forms and questionnaires.	Help	Permissions	Configure

Hide XML sitemap

Name	Version	Description
XML sitemap	7.x-2.0-rc2	Creates an XML sitemap conforming to the sitemaps.org protocol.Required by: XML sitemap custom (disabled), XML sitemap engines (disabled), XML sitemap internationalization (disabled), XML sitemap menu (disabled), XML sitemap node (disabled), XML sitemap taxonomy (disabled), XML sitemap user (disabled)
XML sitemap custom	7.x-2.0-rc2	Adds user configurable links to the sitemap.Requires: XML sitemap (disabled)
XML sitemap engines	7.x-2.0-rc2	Submit the sitemap to search engines.Requires: XML sitemap (disabled)
XML sitemap internationalization	7.x-2.0-rc2	Enables multilingual XML sitemaps.Requires: XML sitemap (disabled), I18n (missing)
XML sitemap menu	7.x-2.0-rc2	Adds menu item links to the sitemap.Requires: XML sitemap (disabled), Menu (enabled)
XML sitemap node	7.x-2.0-rc2	Adds content links to the sitemap.Requires: XML sitemap (disabled)
XML sitemap taxonomy	7.x-2.0-rc2	Add taxonomy term links to the sitemap.Requires: XML sitemap (disabled), Taxonomy (enabled), Options (enabled), Field (enabled), Field SQL storage (enabled)
XML sitemap user	7.x-2.0-rc2	Adds user profile links to the sitemap.Requires: XML sitemap (disabled)

#10

Posted by gwfran on February 21, 2013 at 4:32pm

Okay, what I've done is uninstall 2.x-dev and install 1.0-beta12. Now the creation of users works perfectly, but downgrading has resulted in an issue where logging in takes the user to a blank page (500 error). I think I've got a better chance of troubleshooting this error than the other one. Not sure if that analysis helps, but it's another benchmark...

[UPDATE] The 500 error was stupid. Checked the logs and it was a conflict between the ldap directory and a backup I had. Removed the backup and no error. Everything is working fine in 1.0-beta12 for me.

#11

Posted by johnbarclay on March 7, 2013 at 10:35pm

Priority:

critical

» normal

Can someone try to replicate this on the current 7.x-2.x-dev?

#12

Posted by johnbarclay on March 7, 2013 at 10:36pm

Status:

active

» postponed (maintainer needs more info)

#13

Posted by u.kurilla on March 17, 2013 at 8:03pm

I have tried and could replicate this on the current 7.x-2.x-dev (and on 7.x-2.0-beta3)
There is only one ldap generated drupal user possible. Every new login overwrites previous user data, apart from data not triggered from ldap (e.g. group, which is not in ldap).
In this context i found, that setting "AccountName attribute" in the server settings to a different value than default (e.g. "uid", which exists in ldap) causes a php error message:

Notice: Undefined index: uid in LdapServer->userUsernameFromLdapEntry() (line 965 of /var/www/drupal-sites/drupal7/panda/modules/ldap/ldap_servers/LdapServer.class.php).

Anyhow, the user is generated and logged in.
I am not sure, if there is a relationship between the routines.....

#14

Posted by u.kurilla on March 25, 2013 at 11:20am

Priority:	normal	» major
Status:	postponed (maintainer needs more info)	» active

The issue makes the ldap module not usable for me, due to functional, but also for security reasons. Therefore i have changed the prio and the status.

#15

Posted by johnbarclay on March 25, 2013 at 2:59pm

Title:	LDAP Authentication: Logged in user has identity changed when another user logs in...	» LDAP Servers: Logged in user has identity changed when another user logs in...
Priority:	major	» critical
Status:	active	» needs review

I see an obvious bug, that might cause this or at least obfuscate the issue. I've committed the fix: http://drupalcode.org/project/ldap.git/commitdiff/4e4f4b28e57506bc73a901...

And some more checks for unresolved usernames:
http://drupalcode.org/project/ldap.git/commitdiff/e7310d04c9e3b089951661...

Additional checks could be made after any calls to LdapServer::entryToUserEdit() that return conflicted username conditions such as both $account->name and $edit['name'] being empty.

Please try this out; its committed to 7.x-2.x-dev.

#16

Posted by u.kurilla on March 25, 2013 at 4:20pm

Title:	LDAP Servers: Logged in user has identity changed when another user logs in...	» LDAP Authentication: Logged in user has identity changed when another user logs in...
Priority:	critical	» normal
Status:	needs review	» active

I have rechecked with a fresh drupal installation using only ldap module (+ctools +entity) and no problems occured! I will try to find out which combination cause the trouble......

#17

Posted by u.kurilla on March 26, 2013 at 5:11pm

I found the reason for the problem and it is - like in most cases - a layer 8 problem. So the user - ME! - was too stupid. During ldap server module config i came along the parameter:

Persistent and Unique User ID Attribute

The description is:
In some LDAPs, a user's DN, CN, or mail value may change when a user's name changes or for other reasons. In order to avoid creation of multiple accounts for that user or other ambiguities, enter a unique and persistent ldap attribute for users. In cases where DN does not change, enter "dn" here. If no such attribute exists, leave this blank.

And i misunderstood the advice and entered "dn" here. If you do so, you will only get one ldap generated drupal user. Leave that parameter blank and everything is okay (tested with 7.x-2.0-beta3+80-dev)!

So if that is the planned behaviour i suggest to change the ticket status to fixed and close it. :-)

#18

Posted by johnbarclay on March 27, 2013 at 4:36am

#17. Using dn should not create a problem except if an individual's DN changes. So if using "dn" creates the problem, its still an issue. Thanks for narrowing it down. I will try to replicate it with dn.

#19

Posted by johnbarclay on March 27, 2013 at 5:36pm

Status:

active

» postponed (maintainer needs more info)

Can someone try to replicate this in 7.x-2.x-dev? I cannot even using "dn" as puid.

#20

Posted by johnbarclay on May 3, 2013 at 3:42am

Status:

postponed (maintainer needs more info)

» fixed

#21

Posted by System Message on May 17, 2013 at 3:50am

Status:

fixed

» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Project:	Lightweight Directory Access Protocol (LDAP)
Version:	7.x-2.x-dev
Component:	Code
Category:	bug report
Priority:	normal
Assigned:	Unassigned
Status:	closed (fixed)

LDAP Authentication: Logged in user has identity changed when another user logs in...

Jump to:

Issue Summary

Comments