I did extensive debugging and then some useful rewriting of two of the main files so that they work correctly on my systems when authenticating
against eDirectory. The entire module is attached below as file ldap-fixed.tar.gz, done because the changes have been too many for diff. It is 30KB.
While here, we should note that the LDAP property which uniquely identifies a username in eDir is "uid", not "cn". This change with eDir occurred
several years ago. The documentation should also discuss the implicit override of LDAP protocol provided with OpenLDAP of the current
epoch such that a server address may be specified with a URL, ldap://myserver.example.com/ or ldaps://myserver.example.com, and
that will override/discard an explicitly stated port value. I use ldaps://.../ to bypass the floating value of port in this code. Last.ly, the code
had a line where the user's login name was modified for LDAP lookups to be an Email address (yikes!), with no notification about it. I have
removed that "feature."
Joe Doupnik
| Comment | File | Size | Author |
|---|---|---|---|
| ldap-fixed.tar_.gz | 30.3 KB | joe.doupnik |
Comments
Comment #1
joe.doupnik commentedEven bugs have bugs, they tell me.
The bundled material, file ldap_integration/ldap_integration/LDAPInterface.php, line 131 et seq
should read
if (!$ret) {
return FALSE;
}
return TRUE;
}
but the bundle omitted the dollar sign in if (!$ret).
With this corrected then a proper password is required to login.
Joe Doupnik
Comment #2
micahw156Joe,
I was trolling through the ldap_integration issues queue and stumbled on this issue. I've been running 5.x-1.3 against eDirectory for almost a year now. I'm having some minor issues with group integration, but authentication has been working fine.
I've configured my Base DNs to use ou=name,o=name with cn as the user name and mail as the email address (we use GroupWise, so it's set) and it works fine. I've also been able to retrieve other values like fullname and employeeID for use in profiles.
I'm curious what your rewrite provides or corrects that I'm missing. If I get a chance, I'll download it and do a diff to see for myself. I haven't found too many people doing Drupal integration with eDirectory, and so I'm always on the lookout for these kinds of issues.
But for now, I'm off chasing a different issue.
Micah
Comment #3
scafmac commentedYou need to upgrade to either the recommended 5x-1-3 release or the 5x-dev snapshot after mid April '08. Re open if that doesn't fix the problems.