Hoping to get some assistance with the configuration of LDAP groups.
We have been successful in configuring LDAP Integration but can not get
LDAP groups to link Drupal roles correctly.
When an new user is established via the module they have no role.

We have followed the steps outlined in http://drupal.org/node/118112 using the
"groups are specified by LDAP attributes" as well as making advanced
configuration changes to the ldapgroups.conf.php file as described in
http://drupal.org/node/118127.
Further we applied the suggested code changes in this link,
http://drupal.org/node/211590.
Still no Luck in linking Roles to Groups.
New user accounts are set with no role assigned they are treated as
authenticated users only.

Do LDAP group names have to have the same title as Drupal roles in order to link correctly?

Any assistance will be greatly appreciated!

Comments

scafmac’s picture

scafmac commented

Please provide some details about your configuration. What type of ldap server are you using (AD, LDAP, etc) & the OS of the server. Also how is the ldap schema laid out - that is which of the three configurations on the ldapgroups admin screen did you select? What did you enter on that page?

So did you uncomment or comment out the ldapgroups_roles_filter function? Do you want to filter out some roles?

epruett’s picture

epruett commented

We are using AD on Windows 2003 Standard.

Sorry to say I do not currently know want ldap schema was chosen in the initial configuration. I can find this out if this is signifigant.

Yes I have confirmed that in the ldapgroups.conf.php file
we have NOT commented out the ldapgroups_roles_filter function.
No we do not want to filter out any roles currently.

I did try commenting it out but no success.

A new user pulled from a LDAP Group still is set up as an authenticated user with no
connect to their intended Role

THXaTON

scafmac’s picture

scafmac commented

The ldapgroups_roles_filter is only used if you want to filter some groups. Since you don't want to filter out any groups, comment out the function completely! Do this first...

Now make sure you have only one check box checked and it is the correct 1 for your AD configuration on the ldap groups admin page - admin/settings/ldapgroups/. You will need to either figure out which of the three configurations you are using, or ask someone that knows how your AD server is configured.

Once you do that, you will need the AD test user to log out and then in again. And if you have ldap integration configured to try authenticating against Drupal first, delete any Drupal test users (if it was created). I'm not sure off-hand how ldap groups works when it is set to check Drupal first. It wouldn't surprise me if it only checked roles for users that authenticated against ldap. So by deleting the Drupal user, it will be forced to authenticate against ldap and ensure ldap groups runs.

If these steps do not work, post all configuration choices from the ldap groups admin page along with a careful description of the AD schema where groups are stored. Check the Drupal log & web server logs after a fresh test user login.

scafmac’s picture

scafmac commented

Also, I just discovered a fix for a bug that prevents roles from being assigned on initial login didn't make it into 5.x-1.3. So to test if that is the problem log your test users in twice. Login once, then logout, then login again - check if roles were created & assigned as expected. http://drupal.org/node/171092 for reference or to manually patch...

That patch will be in the next bug fix release.

johnbarclay’s picture

johnbarclay commented
Status: Active » Closed (won't fix)

Closing 5.x issues to clean out issue queue.