Closed (fixed)
Project:
LDAP integration
Version:
6.x-1.x-dev
Component:
User interface
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
16 Oct 2008 at 10:54 UTC
Updated:
18 May 2012 at 15:40 UTC
Jump to comment: Most recent file
Comments
Comment #1
miglius commentedUser profile syncing with ldap entry happens on the user login. So when the user will log in for the first time, his profile data will be pulled from the ldap server.
Comment #2
wvd_vegt commentedHi,
Thats mainly my point: When I bulk create users I cannot 'already' pull the ldap data.
Comment #3
wvd_vegt commentedHi,
Wrote the following patch. It will update all matching accounts if ldap_authentified is set in the user data,
and also tries to retrieve the DN for user that did not login already. I already used to to retrieve the ldap data of 100+
users before they logged in (so the user view with profile data is already pre-filled).
What is still missing is the same option for ldap_groups.
For those interested, the OutputDebugString() calls is a php extension I wrote for Wamp servers that allows you to dump text to a debug windows like sysinternals dbgview. It will allow one to see what is going on inside drupal code without interrupting page layout or polluting the logging database.
In ldapdata_admin_edit() (ldapdata.admin.inc):
changed into:
In ldapdata_admin_list() (ldapdata.admin.inc):
changed into:
Added the following case to ldapdata_admin_edit_submit() (ldapdata.admin.inc):
in ldapauth.module added:
Comment #4
miglius commentedMaybe #396574: LDAPsync component might do that?
Comment #5
wvd_vegt commentedHi,
Not quite (although a VERY interesting & promising add-on).
The patch I proposed updates all the existing user's profile with ldap data (we had to do some cleaning up in the ldapdata module (seemed the best place). Then we noticed that, although ldapauth retrieves data very often, it only does this for logged in users. Because of some inconsistencies in the ldap data we have to do some mopping up of group mapping and blocking some people who left the department but are still in the directory.
Basically we're happy with the generate a user at first login but want to be able force updates of existing ones. If the LDAPSync where to provide some configuration options to skip new users (not all of our ldap users are allowed to login) or present a checkable list of new users found before adding them, I could surely use it! Another useful option would be a button to update a single user (I now force that by filtering on a UserId in the patch i provided).
As a separate module it would release me from applying the patch every time.
Comment #6
miglius commentedI think that the sync module could be extended with the functionality you need. I would prefer all sync'ing of offline users to be handled by the separate module rather then moving part of functionality to the ldapdata.
Could you describe what you are looking for in the #396574: LDAPsync component issue?
Comment #7
mtndan commentedI can't seem to get this working with the latest stable beta of ldap_integration 6.x
When I click "update all" I don't get the confirm form - just seems like nothing happens. Ideas?
Comment #8
wvd_vegt commentedHi,
Created a (separate) small module that updates all existing lpdap authenticated users with the latest ldap data (or in out case, pulls it through the filters where we mop-up and correct some stale data).
My first version used ' _ldapdata_user_load' but as that is private it needed a small patch in ldapdata.module to make it public.
The attached version used the public ldapdata_user with the 'form' opcode that calls '_ldapdata_user_load' including the wanted $sync=TRUE parameter value.
Maybe it could be added to the ldap_integration module.
Comment #9
jeff.k commentedIs this able to bulk update groups from LDAP as well? Basically resetting membership?
Comment #10
ashtonium commentedSounds like you guys want ldapsync (now committed to HEAD) but with an additional option of only synchronizing existing users (which sounds like a useful option).
There's a patch that adds on ldap data syncing (#867356: ldapsync - synchronize accounts ldapdata as well) and it already does ldap groups syncing.
@wvd_vegt: I think you can manually force an update on a single user by just clicking edit and then re-saving their account. It works for us at least.
Comment #11
cgmonroe commentedLDAP Sync in the latest dev version fixes this. There is now an "update existing users only" option.
For details see: #1475272: 6.x-1.0 Release Candidate 1 Status