We're using ldap_integration for authentication and not storing passwords in the database. There seems to be an issue with the gallery module on first login and when attempting to run a user sync with the gallery2 database.

I've reported this bug there as well, but as I was writing it I was thinking that it might actually require changing the ldap_integration module as well.

The error seems to come from this bit of code in the gallery_user.inc file in the gallery module:

        case GALLERY_MAP_USER_EXISTS:
          // Update user (Drupal -> G2)
          $ret = GalleryEmbed::updateUser($user->uid,
                  array('username' => $user->name,
                        'fullname' => $fullname,
                        'email' => $user->mail,
                        'language' => gallery_get_language($user),
                        'hashedpassword' => $pass,
                        'hashmethod' => 'md5'));
          if ($ret) {
            gallery_error(t('Error updating Gallery user'), $ret);
            return FALSE;
          }
          break;

which attempts to pass a password to the Gallery2 updateUser function. On initial login the account is correctly created in the gallery database here:

        case GALLERY_MAP_USER_DOES_NOT_EXIST:
          // Create new user
          if (!$user->uid)
            return FALSE;
          $ret = GalleryEmbed::createUser($user->uid,
                  array('username' => $user->name,
                        'email' => $user->mail,
                        'fullname' => $fullname,
                        'language' => gallery_get_language($user),
                        'hashedpassword' => $pass,
                        'hashmethod' => 'md5'));
          if ($ret) {
            gallery_error(t('Error creating Gallery user'), $ret);
            return FALSE;
          }
          list($ret, $g2_user) = GalleryCoreApi::loadEntityByExternalId($user->uid, 'GalleryUser');
          if ($ret) {
            gallery_error(t('Error loading newly created Gallery user'), $ret);
            return FALSE;
          }
          break;

but when the module comes back around to update a user it errors. My reasoning for thinking this might be an ldap_integration error is that I'm seeing a similar issue when the user logs in. There's an initial bind to the directory that works, and then a second attempt (I'm unsure why) that fails. I tested by looking at the dn and passwords that ldap_integration is trying to use and the first time it uses the real password but the second time it's using the drupal_password(20) value which obviously fails.

Is there some way you can think of to use the original password for the second bind, or to store that password temporarily and use it for all future authentication while the user is still logged in?

Comments

abhisheknagar’s picture

abhisheknagar commented
Version: 5.x-1.x-dev » 6.x-1.0-alpha2

when gallery2 is integrated and passwords are not stored in db then the gallery2 integration fails i.e. my ldap users are unable to login to gallery

johnbarclay’s picture

johnbarclay commented
Status: Active » Closed (won't fix)