Hi you all. I've tried to find information about that on other support and bug threads and I'm afraid I haven't found a solutions. I've installed very succesfully the LDAP integration module using 5.x-1.3.

The problem is that it doesn't import all the groups we have created for the set of users we allow to login to our drupal. I think that the reason is that the field "ldap_group_entries" which the module "ldapgroups" add to the table "ldapauth" is defined as "varchar(255)". That's the reason that it truncates the list of groups we have defined on our LDAP environment and we expect to import as roles on drupal. This field is too short and it's only allowing us to import the first 5 groups out of just 8 (we're not trying to import hundreds of groups as an stress test ;-).

I've set the priority as critical since my impression is that the problem is not difficult to solve and it makes the ldapgroups.module useless, unless you only have grouped your user list on just a few groups.

Any idea?

Comments

jorditr’s picture

jorditr commented

Well, I've made some testing which verifies my first idea.

We've used the last "Groups exist as LDAP entries where a multivalued attribute contains the members' CNs" option onto the LDAP groups admin page since it's the way our customer is using its LDAP server. Also that user is defining LDAP groups as "cn=Nameofgroup,ou=Groups,dc=uplevel,dc=upperlevel,dc=toplevel" since it's the complete LDAP group path definition. It makes long lines for every group definition and thus a long text.

I've managed to enter all the information changing the definition of the field "ldap_group_entries" I've mentioned on the previous entry from "varchar(255)" to "varchar(1024)". I don't know if that's the best way to solve it, at least it has worked.

It has worked so consistently that the next time we have logged some users drupal has upgraded the table of roles with the ones on low positions on the list that were not saved previously. That's good news :-)

imrook’s picture

imrook commented
Title: It can't import all groups » LDAP group entries value truncated
Version: 5.x-1.3 » 5.x-1.x-dev

I too ran into this problem on a site with over a dozen LDAP entries mapping to Drupal roles. 255 characters won't hold very many LDAP dn's. I took at look at how Drupal core handles settings like block visibility and they use the data type 'text' instead of 'varchar'. From the MySQL documentation, this should provide up to 2^16 bytes of storage. http://dev.mysql.com/doc/refman/5.0/en/blob.html While I can see that being exhausted as well, it's a big improvement over 255 and the update is easy and non-destructive:

ALTER TABLE ldapauth MODIFY ldap_group_entries text;

This change should probably be made to all the multi-line config settings as well. If folks support this change, I'll roll a patch.

imrook’s picture

imrook commented
Priority: Critical » Major
Status: Active » Closed (won't fix)

It looks like the D6 version of the module does indeed use 'text.' Since my last customer using this module is currently migrating to D6, I won't be supplying a patch. As D5 is approaching end of life now with the recent release of D7, there's probably no point in working on this old version--setting to won't fix. Currently, upgrading from 5 to 6 doesn't fix the problem without uninstalling, reinstalling and reconfiguring the ldapgroups module. I have submitted a patch at #1021892: Upgrade from 5 to 6 does not work properly that makes the upgrade work better.