I am looking for a little guidance. I am using Drupal 5.5 and have successfully set authentication to use my LDAP server. I have roles that are defined in LDAP as groupofnames, and the role information is visible in drupal but the behaviour is not quite as expected.

After a user logs in it is indicated that they belong to the correct groups but they do not have permissions of that group until the admin edits and saves their account information. When editing the users information, the correct role is checked, it is just not, well, 'active' until the admin saves. Likewise, if a user is removed from a group in LDAP, their role is not updated in Drupal upon their next login.

Am I just missing a setting? Is there a way to force drupal to update and apply the roles for a user each time they login?

Thank you in advance and apologies ahead of time if this has already been answered and I have just missed it.

Comments

PeteE’s picture

PeteE CreditAttribution: PeteE commented

After a long day of poking at LDAP modules I have figured it out. It was all in post http://drupal.org/node/171092 already.

I am using Drupal 5.5 and Ldap 5.x-1.3
======================
In ldapauth.module and ldapgroups.module:

Replace all:
user_save($user, $userinfo);

With:
$user = user_save($user, $userinfo);
menu_rebuild();
======================

======================
in ldapgroups.module

Repalce (line 244):
foreach ($user->ldap_drupal_roles as $role) {
_ldapgroups_deny_role($user, $role);
}

With:
foreach ($user->ldap_drupal_roles as $role) {
if (preg_match('/^[^=]*=([^,]*),.*$/', $role, $matches)) {
$role = $matches[1];
}
_ldapgroups_deny_role($user, $role);
}
======================

It was the menu_rebuild() that I was overlooking.

micahw156’s picture

micahw156
he/him/his
CreditAttribution: micahw156 commented

I agree this appears to be a duplicate issue.

PeteE, I rolled your changes as a patch for 171092, but I'm unsure about a couple parts of it. Could you review my comments and attached patch under that issue?

Any opposition to marking this issue as a duplicate?

scafmac’s picture

scafmac CreditAttribution: scafmac commented
Status: Active » Closed (duplicate)