Unable to authenticate after Drupal 5.8 update
realityloop - July 10, 2008 - 06:25
| Project: | LDAP integration |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | patch (code needs work) |
Description
Since updating to Drupal 5.8 on my development site I am no longer able to authenticate any ldap users.
#1
More Information:
If I delete the user and attempt to log in again it works and recreates the user.
If I then grant the newly created user some roles they take effect.
Once I log out, I can't log back in.
#2
Confirmed here as well; I traced my authentication path to ensure it returns 'true' from my hook_auth() implementation.
The code for my auth module can be found here:
http://www.mozdev.org/source/browse/custom/src/drupal/mozdevauth/
#3
Whoops; didn't realize this was on the ldap project. This should probably be moved to the drupal project.
#4
Attached is a patch that restores access for me.
#5
It appears that revision 1.745.2.27 (issue#165642) according to the commit log was the culprit.
#6
That's revision 1.745.2.27 of user.module in the DRUPAL-5 branch.
#7
I guess you are trying to authenticate without using a "@server" part.
There is nothing wrong in the Drupal Core code here, it is the way it should be. It looks like LDAP Integration uses several unsupported hacks to change the behavior of Drupal Core authentication, and those may rely on previously broken behavior of the
user_authenticate()function.I'm reassigning that issue to LDAP Integration for further study.
#8
Same problem, but the patch didn't work here.
#9
This looks like it's supposed to be a valid execution path; it was certainly one up until Drupal 5.8. Why would you try to auth against each module and then throw away the result if you find a matching user?
#10
Well, I quickly looked at the LDAP integration code from the CVS, there is a whole section there named
4. Login process hacks, that seems to completely bypassuser_authenticate()(by calling_ldapauth_user_authenticate()).This is obviously completely unsupported, and that's why I reassigned that issue to the LDAP integration queue.
@silfreed: it looks like your issue is a different one. The loop through auth modules is meant for registering new users, not for authenticating existing ones that should already be in the authmap. Your issue is you are trying to perform a remote authentication without a proper server part, while that's not properly supported. Please open a new ticket against Drupal core for that.
#11
I don't have a CVS working copy here with me, but here's my solution:
Index: .../ldap_integration/ldapauth.module===================================================================
--- .../ldap_integration/ldapauth.module (revision 191)
+++ .../ldap_integration/ldapauth.module (working copy)
@@ -599,6 +599,12 @@
&& !call_user_func('ldapauth_user_filter', $ldapauth_ldap->retrieveAttributes($dn))) {
continue;
}
+
+ $registered_user = user_load(array('name' => $name));
+ if ($registered_user->uid) {
+ $GLOBALS['user'] = $registered_user;
+ }
+
return true;
}
return false;
Definitely a hack, but so is the rest of the module. It sorely needs a rewrite.
#12
#13
@Damien the hook_auth() API documentation doesn't make it sound like @server should be required for an external auth hook to be called, and indeed that is how I'm using it. With the modifications made to drupal 5.8 I'm going to have to resort to hacks just like the ldap auth module is forced to. Regardless of whether this was a bug or not, it now affects functionality that was depended upon by several API users.
#14
I didn't mean to change those values.
#15
#11 worked for me
I've created a patch file against 5.x-1.x-dev
#16
@realityloop: this solution is wrong:
_ldapauth_save_user()is already there to deal with login and registering the user.Could you check if
ldapauth_login_validate()is even called on your installation?#17
After playing around a bit more, I can log in via LDAP just fine with the current 5.x-1.x-dev version and Drupal 5.8.
I threw a
drupal_set_message()intoldapauth_login_validate()and it is running.#18
I just created a patch from #11 post..
What method should we be using?
#19
He means this:
Index: .../ldap_integration/ldapauth.module===================================================================
--- .../ldap_integration/ldapauth.module (revision 191)
+++ .../ldap_integration/ldapauth.module (working copy)
@@ -599,6 +599,9 @@
&& !call_user_func('ldapauth_user_filter', $ldapauth_ldap->retrieveAttributes($dn))) {
continue;
}
+
+ _ldapauth_save_user($name, $pass);
+
return true;
}
return false;
Which is better than the previous patch. I didn't see that function during my first skim through the code.
But as I said in my last post, my site seems to be authenticating LDAP users without any changes to 5.x-1.x-dev. I'm not sure that this is actually a problem with the module.
#20
cpugeniusmv: Thanks I've changed over to the method you posted in #19, and it's working, The issues some of us are experiencing may be related to different brands of ldap repository, mine is a Sun ONE Directory Server..
#21
Updated patch using method from #19
On further testing this doesn't work on my system (error: User already exists), reverted to #11
#22
Thanks, folks. The patch at #11 works for me; authenticating against MS Active Directory, pre-existing users. #19 also worked, btw.
Ver 5.x-1.3
Oddly, have another site on the same host (not using multi-site) that works fine with the existing code. Rather mystifying.