Cannot login as Drupal admin when LDAP Authentication is enabled
glennpratt - February 14, 2008 - 00:19
| Project: | NTLM & LDAP Authentication |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
I cannot use my Drupal local admin account and I'm guessing and Drupal local account when this module is enabled. I get a whitescreen when I try to login.
I don't know if this is by design or an error particular to my setup. If by design, then I'd request the option to allow Drupal logins. For now, I'll have to revert to LDAP Auth.
#1
I had much the same issue.
I've managed to get it to work to some degree using mod_auth_sspi.so as we run apache server on a windows box.
I had to do some modification to the code as at no point could I successfully execute a logout call without it automagically logging in again!
Apart from the changes I had to put into place to get it to work under Apache I had to make this fix in the ldap_lookup.user file in this module. I added
case 'logout':$user = drupal_anonymous_user();
drupal_goto("some_random_page");
break;
in the ldap_lookup_user function, somewhere around line 291 (before the default: switch).
I also had to make a relevant change in the ldap_lookup.auth file:
$path = arg(0) . "/" . arg(1);if ((drupal_get_path_alias($path) != "some_random_page") && (strcasecmp($q, 'logout') != 0) && (!$user->uid) && (variable_get('ldap_lookup_enable_ntlm', 0))) {
around line 98.
I also created a page with the path "some_random_page" and put a little php in it:
<?phpuser_login();
?>
Essentially whenever user_logout was being called it would execute correctly and the ldap_lookup_init() code in the ldap_lookup module wouldn't be executed thanks to the '(strcasecmp($q, 'logout') != 0)' check. Unfortunately user_logout would then execute drupal_goto(), sending the user back to the home page where the ldap_lookup_init() code would execute and log them back in again.
My solution is no where near ideal but it does allow us to get users to logout and have the ability to log in again as someone else, and if they choose not to log in at that time the system will log them back in again automatically.
Thanks to the creator for the NTLM feature. With luck I'll find the time to pick it up, run a comb through it, and make it more flexible to be used in more environments and execute appropriately!
Hope this helps!