Next release

I also think a new official 6.x release is now ready to succeed 1.0-alpha2. The current dev code is definitely more stable than alpha2.

Aren, as you can see at http://drupal.org/project/developers/15109, I don't belong to this module's developers. As that list shows, the only person currently maintaining it is miglius - all the others have not been active for one year or longer.

It seems that miglius' time on this module is also very limited, so all we can do is to hope seeing progress by him or someone joins to work with him.

Following are the issues I would like to solve before a new release. Some of them are duplicates, some I cannot reproduce. I would appreciate the help in testing as I will tackle those issues.

#272087: Does LDAP Integration sync a user's groups upon each login
#375635: Wrong datatype warning appears
#380348: Value of E-mail field gets deleted from DB
#324732: Webserver authentication
#368731: Changing Email address via LDAP Data deletes value in database
#376984: Improving LDAP caching
#323978: Ldap users are all anonymous
#355697: "LDAP UI Options" does not save options
#289212: _ldapdata_user_login from ldapdata never updates the mail field in the users table
#371564: E-Mail Address required when editing user
#357363: Base DN not allowed to be empty, but IBM Lotus Domino LDAP stores groups in root of tree
#353949: can not select more than 10 attributes in ldap data
#354672: Ldap data don't read "mail" attribute
#318182: LDAP User Added to Drupal User List?
#317554: Data module won't update ldap data
#295147: LDAP doesn't assign role 'authenticated user'

Make LDAP Group to Role mapping configurable via web interface
http://drupal.org/node/318174

This wasn't on the list for the next release. Is there any way of getting it in? Would it help if I maintained the groups module separately?

For the testing process, we might want to use the ldap help module export our testing configurations. http://drupal.org/node/353036

The issues I listed here are relatively small isolated ones, however the issue you're referring to, #318174: Make LDAP Group to Role mapping configurable via web interface is rather a rewrite of the groups module instead. I'm not convinced that OOP should be used for this case.

If anybody could help in testing the patches attached to the issues above, that would speed up the new release.

Those should also go into a next release:

#401414: Link to LDAP server on admin view of user pages is wrong
#318174: Make LDAP Group to Role mapping configurable via web interface

Excellent! But what about releasing an beta1 first that includes all the efforts you have already done after alpha2?

Since I lot of changes going into this release, I'm planning about next alpha.

I uninstalled and tested this version on Microsoft Active Directory LDAP on Drupal 6.10.

- The authentication part worked well.

- the "test" button doesn't retain your ldap configuration data. It clears it out and gives you an error. It should either say "save and test" and do both or say "test (but save your data first); whichever you're looking for.

- The ldap groups fails when mapping based on "Groups are specified by LDAP attributes" or "Groups exist as LDAP entries where a multivalued attribute contains the members' CNs". It also introduces case sensitivity which I believe is a bad thing. I believe the fundamental problem here is the ldap_groups field in the ldap_auth table. I don't see how the groups can be known ahead of time with either of these configurations. I've tried both of these methods with and without filtering.

Yeah - great progress now going on. It seems that currently there are only 2 open issues (#376984: Improving LDAP caching and #324732: Webserver authentication) holding on the next release.

Not sure if #324732: Webserver authentication will make it to the release. I see a potential problems if admin user with uid=1 is being authenticated against ldap.

One more issue which I want to include:
#405464: Move functionality from the *config* files to a GUI

Agreed. Let's keep the webserver auth stuff outside unless the UID 1 problem gets handled as you already do it (very well) in your code.

Thank you for the improvements and fixes, miglius. I have a feature request: encrypt the anonymous bind password. Thanks.

@kassissieh, can you open a separate issue for your request as this issue is more meant for collecting the changes. Also, please be more specific like to encrypt where? In the database? What kind of encryption, etc.

Some more to the list:
#409104: LDAPgroups SQL syntax error
#409126: LDAP groups: needs to allow for blank groups list
#409116: LDAP groups: need case-insensitive ldapgroups_dn_attribute comparison
#411190: Create a dragable LDAP servers list

Yes great job! It now works mostly fine for me on OpenLDAP (slapd)! But I would be happy, if #400278: Cannot change Common name could also make it into the release. I think, that is quite basic functionality.

Here's another one:
#411234: LDAP groups and roles synchronization don't work

Still some more...

#417900: Role names are truncated DNs instead of CNs
#417892: ldapgroups "Group by entry" breaks when CN has commas
#418334: ldapdata doesn't use user's DN/pass pair

Hi,

I recently installed the alpha2-version and it has the problem of being unable to save the global configuration options because of the switch being based on the text value of the submit buttons. (For the record, I am using the Dutch Translation).

Is there a purposeful reason not to use the id-values (which are unique and static) on the buttons (e.g. edit-submit / edit-reset) to overcome this issue? I looked into the discussion regarding this problem which was closed due to not being able to reproduce so I had a shot at fixing it myself. I changed the #value to #id plus the respective cases and this seems to work nicely. If I knew how to 'patch' something I would submit it :D

#355697: "LDAP UI Options" does not save options

Btw, I am using ldap_auth only on a corporate setup with a Windows 2003 Active Directory so if needed Ill be willing to help test maybe a stable release? (to whatever extend the administrator in question will let me off course).

with regards,

Kristian

#428034: Group mapping grabs username instead of Group
#417896: "Group by attribute" causes error
#210023: TLS failure results in an unsecured connection <- please test this patch
#429186: unable to map AD Group to Role with Filtering, looking for support help.

Here goes some more:

#435808: Add LDAP server doesn't save
#442794: spaces are stripped from LDAP groups but not from group mappings
#447486: AD Creates Extra Array Level for Groups
#448252: On main page of admin/settings/ldapauth settings are not saved
#431858: Unnecessary LDAP query upon account delete

Hi miglius,

It is great you have resolved many issues lately.

Any plan to release another alpha version soon?

Regards,
Chin

Yes, we have used the dev release for our testing and it is working fine in our environment. None of the unresolved issues affected us.

The first Drupal site in our company is going live very soon. We are a bit uncomfortable using a nightly snapshot build in our production site.

There are several open issues I would like to be resolved in this release:
#210023: TLS failure results in an unsecured connection I have uploaded a patch for testing but received no feedback. Thinking of committing that patch anyways.
#417892: ldapgroups "Group by entry" breaks when CN has commas
#324732: Webserver authentication I have no way to test it so not sure about this one either.

Also not sure if following contrib modules are ready to be included in the release:
#396574: LDAPsync component
#353036: LDAP Help Module doesn't show up....
it looks that those modules still are in active development.

This being my first module, I'm not sure at what point it's ready for release. One issue is that we're not getting the level of community testing required to move the module along. The comment thread suggests that only two people have this running in test or production environments. We're pretty much stuck until more people help out with this.

#396574: LDAPsync component

Richard

The help module should not be included. To finish it I need the other parts to be done.

I just tested ldap_integration (version 6.x-1.0-alpha2) in my corporate environment, it works like a charm. I didn't test the optional modules (groups and data), but at least the base functionality works for me.

This thread has been quiet for a while now, but still no news of a new release. Is LDAP Integration going to get a new version any time soon?

In 2 days it is exactly one year after the last alpha release. Maybe this is the time to go for a new alpha ;-)

A beta1 was released today...

HURRAY!

Thanks a lot. Working great!

I to can test successfully allowing all members of a domain access to the site and automatically creating account names based on their user name in AD but when I try to restrict by group I get an error,

"Access denied

* warning: array_intersect() [function.array-intersect]: Argument #1 is not an array in /opt/lampp/htdocs/modules/ldap_integration/ldapgroups.module on line 89.
* Sorry, unrecognized username or password. Have you forgotten your password?

You are not authorized to access this page. "

I have made sure this file ldapgroups.module is read and write, restarted XAMPP, tested with different users and groups. When I log in with the correct password for a user I get the above error but when I log in with an incorrect password I get

"Access denied
Sorry, unrecognized username or password. Have you forgotten your password?
You are not authorized to access this page. "

So it looks like the request from the site is hitting active directory finding an account within the specified group but when accepted not being processed by the LDAP module itself properly..

What can be done aside from making changes to ldapgroups.module?

group syntax is

CN=group,OU=security Group,OU=admin,DC=something,DC=something,DC=com,DC=au

Is this correct as it is not specified with that feature.

Please assist

Thanks.

You are posting your request into an inappropriate ticket.

My apologies, I am struggling to find how to resolve this, any ideas where I should be going and posting?

Why not creating an own ticket for it?

I was holding off on the help module until the beta was out. Now I can get it working again since LDAP is more stable. I forget if miglius wants it as part of this module distribution or not but we can sort that out later.

I tested the beta on Windows 2008 Server with IIS 7 and Microsoft Active Directory and both ldap authentication and group mapping and filtering worked fine.