LDAP groups and roles synchronization don't work
ashledombos - March 23, 2009 - 17:53
| Project: | LDAP integration |
| Version: | 6.x-1.x-dev |
| Component: | Miscellaneous |
| Category: | bug report |
| Priority: | normal |
| Assigned: | miglius |
| Status: | closed |
| Issue tags: | ldapgroups |
Jump to:
Description
LDAP authentication and datas modules works perfectly, however group module doesn't work.
There is no synchronization.
Roles were already existing, can it be a problem ?
Here is, as an attachment, a screenshot of my configuration.
Thanks for help.
| Attachment | Size |
|---|---|
| mdvfr2.png | 90.88 KB |
#1
#2
The roles were created before, ldapgroups configuration, can it be a problem ?
#3
You have a vertical bar at the end of the last mapping line, which shouldn't be there.
It doesn't matter if roles were existing. Should work in both cases when roles already were in the system or were not (in the later case a role will be created).
A roles are mapped and granted on the user's login. Can you install a devel module and show $user object's ldap related properties?
#4
You have a vertical bar at the end of the last mapping line, which shouldn't be there.
It doesn't matter if roles were existing. Should work in both cases when roles already were in the system or were not (in the later case a role will be created).
A roles are mapped and granted on the user's login. Can you install a devel module and show $user object's ldap related properties?
#5
You have a vertical bar at the end of the last mapping line, which shouldn't be there.
It doesn't matter if roles were existing. Should work in both cases when roles already were in the system or were not (in the later case a role will be created).
A roles are mapped and granted on the user's login. Can you install a devel module and show $user object's ldap related properties?
#6
>>You have a vertical bar at the end of the last mapping line, which shouldn't be there.
Oh in fact it is just the text cursor, not a vertical bar :)
>>A roles are mapped and granted on the user's login. Can you install a devel module and show $user object's ldap related properties?
OK, i will install http://drupal.org/project/devel and then tell you
#7
#8
I am not sure to understand how devel works
I connected with an account that belong to an ldap group called "membres" so i should have been add in the "membres" role.
Here what i have got while connecting :
http://pastebin.ca/1370547
Is this what you asked for ?
#9
Not really, you have posted a sql log. There should be a "Dev load" tab next to user's view and edit tabs which prints out user's object.
Can you paste her the DN of the the user you're logging as and the corresponding LDAP entry for this user in the LDAP members group?
#10
Here is all that mention ldap here
data (String, 1096 characters )a:26:{s:17:"ldap_authentified";b:1;s:7:"ldap_dn";s:52:"uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org";s:11:"ldap_config";s:1:"1";s:5:"block";a:1:{s:10:"aggregator";a:7:{s:6:"feed-7";i:1;s:6:"feed-1";i:1;s:6:"feed-3";i:1;s:6:"feed-4";i:1;s:6:"feed-2";i:1;s:6:"feed-5";i:1;s:6:"feed-6";i:1;}}s:13:"form_build_id";s:37:"form-8dea5a5d0e8be501279eea7a3c387c50";s:17:"ldap_drupal_roles";a:0:{}s:7:"contact";i:1;s:10:"xmppclient";a:1:{s:3:"jid";s:22:"xxx@xxx.xxx";}s:14:"picture_upload";s:0:"";s:14:"picture_delete";i:0;s:17:"messaging_default";s:6:"simple";s:27:"notifications_send_interval";s:5:"43200";s:18:"notifications_auto";i:0;s:17:"fckeditor_default";s:1:"t";s:21:"fckeditor_show_toggle";s:1:"f";s:28:"fckeditor_show_fieldnamehint";s:1:"t";s:15:"fckeditor_popup";s:1:"f";s:14:"fckeditor_skin";s:6:"silver";s:17:"fckeditor_toolbar";s:14:"DrupalFiltered";s:16:"fckeditor_expand";s:1:"t";s:15:"fckeditor_width";s:4:"100%";s:14:"fckeditor_lang";s:2:"fr";s:19:"fckeditor_auto_lang";s:1:"f";s:14:"queue_messages";s:1:"0";s:8:"gravatar";i:0;s:29:"taxonomy_image_disable_images";i:0;}
ldap_authentified (Boolean) TRUE
ldap_dn (String, 52 characters )
uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org
ldap_config (String, 1 characters ) 1
ldap_drupal_roles (Array, 0 elements)
roles (Array, 2 elements)
2 (String, 18 characters ) authenticated user
3 (String, 6 characters ) admins
The corresponding ldap entry is "memberUid" but there is no mention about member groups in dev load tab.
#11
I can see that $user->ldap_drupal_roles is an empty array which means that user's LDAP groups are not detected.
Can you paste here the part of the LDAP entry cn=membres,ou=groupes.... which reference the user uid=ashledombos? In which format is it? Does it have a full user DN?
#12
the group dn is :
cn=membres,ou=groupes,dc=mandrivafr,dc=orgobjectClass: posixGroup
objectClass: top
gidNumber: 10007
description: members of the association
cn: membres
memberUid: MarcFrederic
memberUid: alibe
memberUid: alkiros
memberUid: ashledombos
and the user dn is
uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=orguid: ashledombos
userPassword: {md5}UsbjuDp4awU9A8/MBixHPw==
telephoneNumber: 0169258557
title: bla
mobile: 0667314953
facsimileTelephoneNumber: xxxxxxxxxxxx
homePhone: xxxxxxxxxxxxx
givenName: Jadot
sn:; Raphaël
cn: ashledombos_test Ash Compte de test
mail: xxx@xxx.xxx
orgMandrivafrNationalite: fr
homePostalAddress: une adresse au hasard
orgMandrivafrPGPKeyID: A2546A46
labeledURI: http://hodo.free.fr
orgMandrivafrDistributionPrincipale: Mandriva 2009
description: test
objectClass: inetOrgPerson
objectClass: orgMandrivafrUtilisateur
objectClass: top
The ldap is openldap over linux.
thanks a lot for your help :)
#13
I think I have trace the bug and fixed it in the development version. Could you please test if it works with dev (or cvs) version?
#14
yes i will test just now
#15
Oooops ! doesn't work, and furthermore i can't connect with a user : i have got :
Acces DeniedSorry, unrecognized username or password.
#16
You may need to run upgrade.php script, depends when it was last you have checked out the code. Could you check if all table columns are created in the ldapauth database table by comparing them with the *install file schema definitions. If some column is missing you should reinstall the ldap* modules to make sure all columns are created.
#17
sidname
status
server
port
tls
encrypted
basedn
user_attr
mail_attr
binddn
bindpw
ldapdata_binddn
ldapdata_bindpw
ldapdata_rwattrs
ldapdata_roattrs
ldapdata_mappings
ldapgroups_in_dn
ldapgroups_dn_attribute
ldapgroups_attrldapgroups_in_attr
ldapgroups_as_entries
ldapgroups_entries ldapgroups_entries_attribute
login_php
filter_php
ldapdata_attrs
ldapdata_filter_php ldapgroups_mappings
ldapgroups_mappings_filter
ldapgroups_filter_php
ldapgroups_groups
weight
the only thing i did not see from ldapauth.install is indexes
#18
This looks correct. Can you doublecheck the ldapauth configuration since this module is responsible for users login. Also can you click the "Test" button in the ldapauth settings for the particular ldap server to make sure your credentials are all right.
#19
All seems OK
while testing in authentication module i have :
Authentication with the LDAP server for the dn uid=drupal,ou=System Accounts,dc=mandrivafr,dc=org and saved password succeeded.here is mysql request while testing : http://pastebin.ca/1372032
Authentication mode : Mixed mode.
User conflict resolve procedure : Associate local account with the LDAP entry
Do not store users' passwords during sessions : UNCHECKED
Sync LDAP password with the Drupal password : CHECKED
Nom (key=name, weight=0) : Mandrivafr
Serveur LDAP : localhost
LDAP port 389
Use Start-TLS : no
Store passwords in encrypted form : yes
Base DNs : ou=utilisateurs,dc=mandrivafr,dc=org
UserName attribute : uid
Email attribute : mail
DN for non-anonymous search :
uid=drupal,ou=System Accounts,dc=mandrivafr,dc=org
Do you need ldap log ?
#20
LDAP log might be useful. Can you login directly to ldap as uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org with it's password?
#21
Is anybody else having problem with authentication with the dev release?
#22
Here is the ldap log, sorry to have been long, i had to wait the middle of the night for not having other people connecting at the same time :
Mar 27 02:27:48 ariane slapd[2519]: conn=5307 fd=28 ACCEPT from IP=127.0.0.1:37131 (IP=127.0.0.1:389)Mar 27 02:27:48 ariane slapd[2519]: conn=5307 op=0 BIND dn="uid=drupal,ou=System Accounts,dc=mandrivafr,dc=org" method=128
Mar 27 02:27:48 ariane slapd[2519]: conn=5307 op=0 BIND dn="uid=drupal,ou=System Accounts,dc=mandrivafr,dc=org" mech=SIMPLE ssf=0
Mar 27 02:27:48 ariane slapd[2519]: conn=5307 op=0 RESULT tag=97 err=0 text=
Mar 27 02:27:48 ariane slapd[2519]: conn=5307 op=1 SRCH base="ou=utilisateurs,dc=mandrivafr,dc=org" scope=2 deref=0 filter="(uid=ashledombos)"
Mar 27 02:27:48 ariane slapd[2519]: conn=5307 op=1 ENTRY dn="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org"
Mar 27 02:27:48 ariane slapd[2519]: conn=5307 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 27 02:27:48 ariane slapd[2519]: conn=5307 op=2 UNBIND
Mar 27 02:27:48 ariane slapd[2519]: conn=5307 fd=28 closed
Mar 27 02:27:48 ariane slapd[2519]: conn=5308 fd=28 ACCEPT from IP=127.0.0.1:37132 (IP=127.0.0.1:389)
Mar 27 02:27:48 ariane slapd[2519]: conn=5308 op=0 BIND dn="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org" method=128
Mar 27 02:27:48 ariane slapd[2519]: conn=5308 op=0 BIND dn="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org" mech=SIMPLE ssf=0
Mar 27 02:27:48 ariane slapd[2519]: conn=5308 op=0 RESULT tag=97 err=0 text=
Mar 27 02:27:48 ariane slapd[2519]: conn=5309 fd=31 ACCEPT from IP=127.0.0.1:37133 (IP=127.0.0.1:389)
Mar 27 02:27:48 ariane slapd[2519]: conn=5309 op=0 BIND dn="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org" method=128
Mar 27 02:27:48 ariane slapd[2519]: conn=5309 op=0 RESULT tag=97 err=53 text=unauthenticated bind (DN with no password) disallowed
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 fd=32 ACCEPT from IP=127.0.0.1:37134 (IP=127.0.0.1:389)
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=0 BIND dn="" method=128
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=0 RESULT tag=97 err=0 text=
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=1 SRCH base="cn=membres,ou=groupes,dc=mandrivafr,dc=org" scope=2 deref=0 filter="(memberUid=uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org)"
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=1 SRCH attr=memberUid
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=2 SRCH base="cn=membres,ou=groupes,dc=mandrivafr,dc=org" scope=2 deref=0 filter="(memberUid=ashledombos)"
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=2 SRCH attr=memberUid
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text=
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=3 SRCH base="cn=ca,ou=groupes,dc=mandrivafr,dc=org" scope=2 deref=0 filter="(memberUid=uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org)"
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=3 SRCH attr=memberUid
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=3 SEARCH RESULT tag=101 err=32 nentries=0 text=
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=4 SRCH base="cn=ca,ou=groupes,dc=mandrivafr,dc=org" scope=2 deref=0 filter="(memberUid=ashledombos)"
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=4 SRCH attr=memberUid
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=4 SEARCH RESULT tag=101 err=32 nentries=0 text=
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=5 SRCH base="cn=admins,ou=groupes,dc=mandrivafr,dc=org" scope=2 deref=0 filter="(memberUid=uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org)"
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=5 SRCH attr=memberUid
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=5 SEARCH RESULT tag=101 err=32 nentries=0 text=
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=6 SRCH base="cn=admins,ou=groupes,dc=mandrivafr,dc=org" scope=2 deref=0 filter="(memberUid=ashledombos)"
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=6 SRCH attr=memberUid
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=6 SEARCH RESULT tag=101 err=32 nentries=0 text=
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 op=7 UNBIND
Mar 27 02:27:48 ariane slapd[2519]: conn=5310 fd=32 closed
Mar 27 02:27:48 ariane slapd[2519]: conn=5309 op=1 UNBIND
Mar 27 02:27:48 ariane slapd[2519]: conn=5309 fd=31 closed
Mar 27 02:27:48 ariane slapd[2519]: conn=5311 fd=31 ACCEPT from IP=127.0.0.1:37135 (IP=127.0.0.1:389)
Mar 27 02:27:48 ariane slapd[2519]: conn=5311 op=0 BIND dn="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org" method=128
Mar 27 02:27:48 ariane slapd[2519]: conn=5311 op=0 RESULT tag=97 err=53 text=unauthenticated bind (DN with no password) disallowed
Mar 27 02:27:49 ariane slapd[2519]: conn=5308 op=1 UNBIND
Mar 27 02:27:49 ariane slapd[2519]: conn=5308 fd=28 closed
Mar 27 02:27:49 ariane slapd[2519]: conn=5311 op=1 UNBIND
Mar 27 02:27:49 ariane slapd[2519]: conn=5311 fd=31 closed
Mar 27 02:28:00 ariane slapd[2519]: conn=5312 fd=28 ACCEPT from IP=127.0.0.1:37136 (IP=127.0.0.1:389)
Mar 27 02:28:00 ariane slapd[2519]: conn=5312 op=0 BIND dn="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org" method=128
Mar 27 02:28:00 ariane slapd[2519]: conn=5312 op=0 BIND dn="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org" mech=SIMPLE ssf=0
Mar 27 02:28:00 ariane slapd[2519]: conn=5312 op=0 RESULT tag=97 err=0 text=
Mar 27 02:28:00 ariane slapd[2519]: conn=5312 op=1 SRCH base="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org" scope=0 deref=0 filter="(objectClass=*)"
Mar 27 02:28:00 ariane slapd[2519]: conn=5312 op=1 ENTRY dn="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org"
Mar 27 02:28:00 ariane slapd[2519]: conn=5312 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 27 02:28:00 ariane slapd[2519]: conn=5312 op=2 UNBIND
Mar 27 02:28:00 ariane slapd[2519]: conn=5312 fd=28 closed
Mar 27 02:28:00 ariane slapd[2519]: conn=5313 op=0 BIND dn="uid=nssldap,ou=System Accounts,dc=mandrivafr,dc=org" method=128
Mar 27 02:28:00 ariane slapd[2519]: conn=5313 op=0 BIND dn="uid=nssldap,ou=System Accounts,dc=mandrivafr,dc=org" mech=SIMPLEssf=0
Mar 27 02:28:00 ariane slapd[2519]: conn=5313 op=0 RESULT tag=97 err=0 text=
Mar 27 02:28:00 ariane slapd[2519]: conn=5313 op=1 SRCH base="dc=mandrivafr,dc=org" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=apache))"
Mar 27 02:28:00 ariane slapd[2519]: conn=5313 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Mar 27 02:28:00 ariane slapd[2519]: conn=5313 fd=28 ACCEPT from IP=127.0.0.1:37137 (IP=127.0.0.1:389)
Mar 27 02:28:00 ariane slapd[2519]: conn=5313 op=2 SRCH base="dc=mandrivafr,dc=org" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=apache))"
Mar 27 02:28:00 ariane slapd[2519]: conn=5313 op=2 SRCH attr=gidNumber
Mar 27 02:28:00 ariane slapd[2519]: conn=5313 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Mar 27 02:28:01 ariane slapd[2519]: conn=5314 fd=31 ACCEPT from IP=127.0.0.1:37138 (IP=127.0.0.1:389)
Mar 27 02:28:01 ariane slapd[2519]: conn=5314 op=0 BIND dn="uid=nssldap,ou=System Accounts,dc=mandrivafr,dc=org" method=128
Mar 27 02:28:01 ariane slapd[2519]: conn=5314 op=0 BIND dn="uid=nssldap,ou=System Accounts,dc=mandrivafr,dc=org" mech=SIMPLEssf=0
Mar 27 02:28:01 ariane slapd[2519]: conn=5314 op=0 RESULT tag=97 err=0 text=
Mar 27 02:28:01 ariane slapd[2519]: conn=5314 op=1 SRCH base="dc=mandrivafr,dc=org" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=root))"
Mar 27 02:28:01 ariane slapd[2519]: conn=5314 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Mar 27 02:28:01 ariane slapd[2519]: conn=5314 op=2 SRCH base="dc=mandrivafr,dc=org" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=root))"
Mar 27 02:28:01 ariane slapd[2519]: conn=5314 op=2 SRCH attr=gidNumber
Mar 27 02:28:01 ariane slapd[2519]: conn=5314 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Mar 27 02:28:01 ariane slapd[2519]: conn=5314 fd=31 closed (connection lost)
#23
Looks like a password is not sent:
Mar 27 02:27:48 ariane slapd[2519]: conn=5309 fd=31 ACCEPT from IP=127.0.0.1:37133 (IP=127.0.0.1:389)Mar 27 02:27:48 ariane slapd[2519]: conn=5309 op=0 BIND dn="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org" method=128
Mar 27 02:27:48 ariane slapd[2519]: conn=5309 op=0 RESULT tag=97 err=53 text=unauthenticated bind (DN with no password) disallowed
Could you disable ldapgroups and ldapdata leaving only the ldapauth module and try login then? We would see if ldapauth itself works.
#24
Ok I did it and also deactivated ldap provisionning, here is my ldap log :
Mar 27 19:02:35 ariane slapd[2519]: conn=10036 fd=17 ACCEPT from IP=127.0.0.1:48064 (IP=127.0.0.1:389)Mar 27 19:02:35 ariane slapd[2519]: conn=10036 op=0 BIND dn="uid=drupal,ou=System Accounts,dc=mandrivafr,dc=org" method=128
Mar 27 19:02:35 ariane slapd[2519]: conn=10036 op=0 BIND dn="uid=drupal,ou=System Accounts,dc=mandrivafr,dc=org" mech=SIMPLEssf=0
Mar 27 19:02:35 ariane slapd[2519]: conn=10036 op=0 RESULT tag=97 err=0 text=
Mar 27 19:02:35 ariane slapd[2519]: conn=10036 op=1 SRCH base="ou=utilisateurs,dc=mandrivafr,dc=org" scope=2 deref=0 filter="(uid=ashledombos)"
Mar 27 19:02:35 ariane slapd[2519]: conn=10036 op=1 ENTRY dn="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org"
Mar 27 19:02:35 ariane slapd[2519]: conn=10036 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 27 19:02:35 ariane slapd[2519]: conn=10036 op=2 UNBIND
Mar 27 19:02:35 ariane slapd[2519]: conn=10036 fd=17 closed
Mar 27 19:02:35 ariane slapd[2519]: conn=10037 fd=17 ACCEPT from IP=127.0.0.1:48065 (IP=127.0.0.1:389)
Mar 27 19:02:35 ariane slapd[2519]: conn=10037 op=0 BIND dn="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org" method=128
Mar 27 19:02:35 ariane slapd[2519]: conn=10037 op=0 BIND dn="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org" mech=SIMPLE ssf=0
Mar 27 19:02:35 ariane slapd[2519]: conn=10037 op=0 RESULT tag=97 err=0 text=
Mar 27 19:02:36 ariane slapd[2519]: conn=10037 op=1 UNBIND
Mar 27 19:02:36 ariane slapd[2519]: conn=10037 fd=17 closed
Mar 27 19:02:42 ariane slapd[2519]: conn=10038 fd=17 ACCEPT from IP=127.0.0.1:48066 (IP=127.0.0.1:389)
Mar 27 19:02:42 ariane slapd[2519]: conn=10038 op=0 BIND dn="uid=nssldap,ou=System Accounts,dc=mandrivafr,dc=org" method=128
Mar 27 19:02:42 ariane slapd[2519]: conn=10038 op=0 BIND dn="uid=nssldap,ou=System Accounts,dc=mandrivafr,dc=org" mech=SIMPLE ssf=0
Mar 27 19:02:42 ariane slapd[2519]: conn=10038 op=0 RESULT tag=97 err=0 text=
Mar 27 19:02:42 ariane slapd[2519]: conn=10038 op=1 SRCH base="dc=mandrivafr,dc=org" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=apache))"
Mar 27 19:02:42 ariane slapd[2519]: conn=10038 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Mar 27 19:02:42 ariane slapd[2519]: conn=10038 op=2 SRCH base="dc=mandrivafr,dc=org" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=apache))"
Mar 27 19:02:42 ariane slapd[2519]: conn=10038 op=2 SRCH attr=gidNumber
Mar 27 19:02:42 ariane slapd[2519]: conn=10038 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
#25
So it worked, didn't it?
#26
In fact i deactivated ldapgroup, ldapdata and ldapprovisionning, so i can't say it worked :)
#27
What I meant was, were you able to authenticate with all those modules but ldapauth disabled? If yes, can you enable them one by one to see which of them causes problems on your setup?
#28
OK i understand, i do that
#29
BTW the only problem was on group syncing, i never had problem with authentication.
#30
I reactivated modules one after the other, and after having reactivated ldapgroups,
[ashledombos@ariane ~]$ sudo tail -f /var/log/ldap/ldap.log | egrep -v "SRCH|SEARCH|ACCEPT|closed|ENTRY|err=0"
[...]
Mar 28 02:54:30 ariane slapd[6840]: conn=1116 op=0 BIND dn="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org" method=128
Mar 28 02:54:30 ariane slapd[6840]: conn=1116 op=0 RESULT tag=97 err=53 text=unauthenticated bind (DN with no password) disallowed
Mar 28 02:54:30 ariane slapd[6840]: conn=1117 op=0 BIND dn="" method=128
Mar 28 02:54:30 ariane slapd[6840]: conn=1117 op=7 UNBIND
Mar 28 02:54:30 ariane slapd[6840]: conn=1116 op=1 UNBIND
Mar 28 02:54:30 ariane slapd[6840]: conn=1118 op=0 BIND dn="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org" method=128
Mar 28 02:54:30 ariane slapd[6840]: conn=1118 op=0 RESULT tag=97 err=53 text=unauthenticated bind (DN with no password) disallowed
[...]
But it s strange, why should authentication works and not groups syncing ?
#31
Maybe drupal try to read groups as a guest ?
#32
Try unchecking the "Do not store users' passwords during sessions" under the ldapauth configuration.
#33
This option was already unchecked, however as a test i checked it, and i still have the same output
Mar 28 14:48:06 ariane slapd[6840]: conn=4243 op=0 BIND dn="uid=ashledombos,ou=utilisateurs,dc=mandrivafr,dc=org" method=128Mar 28 14:48:06 ariane slapd[6840]: conn=4243 op=0 RESULT tag=97 err=53 text=unauthenticated bind (DN with no password) disallowed
The group module try to connect again without giving a password ?
In my ldap conf, my user "ashledombos" has all rights (create modify delete groups and users)
#34
subscribe
#35
I have noticed in ldapauth code that a password is saved to the session after the login hook is executed (and ldapgroups looks for it). I have change the code to make sure that password is saved to the session before the login hook is fired. Please test if this also solved this issue.
#36
It works!!!!!! \o/ \o\ /o/ \o\ \o/ !!!!!!
#37
Thanks a lot, i made severall tests and all seems ok !
#38
#39
Automatically closed -- issue fixed for 2 weeks with no activity.