Directory information viewed within user profile [#401570]

Comment #1

arnd commented 14 March 2009 at 08:31

As admin I can see the dn and the server ( I have only 1), but cannot edit the dn. As normal user I cannot. There is only one permission related to LDAP integration: administer ldap modules. I don't know, what it does, but it doesn't help here.

Log in or register to post comments

Comment #2

miglius commented 14 March 2009 at 10:51

The DN can be viewed but cannot be edited. This is because on login the code loops through all configured ldap servers and tries to authenticate the user. Once authenticated the DN is saved in users data just for reference which ldap server has authenticated the user last time.

Log in or register to post comments

Comment #3

presleyd commented 14 March 2009 at 20:02

In my case I need to move some of my users to authenticate to my first directory because of the data I'm fetching with ldapdata. This data isn't in the second directory but even if the passwords are different, once they are successful on this second directory the only way I can move them back to the first is to edit them in the user table? Didn't it used to be editable? Is there any way to get this back if so? Does this seem like a silly use case?

Log in or register to post comments

Comment #4

miglius commented 14 March 2009 at 20:47

Make your preferable ldap server first. Then a user will authenticate against it and never hit the second server.

Log in or register to post comments

Comment #5

presleyd commented 16 March 2009 at 15:20

The reason I noticed in the first place is that the first server went through some downtime and the user authenticated to the second and now can't get back to the first.