LDAP module attempts to bind to my directory and do a serachRequest on the DN of the logged-in user on each page view. I have non-anonymous binds configured under Advanced configuration at admin/settings/ldap/ldapauth/edit/1, so it should be binding using that account.

Hitting Test confirms that the non-anonymous account is correctly configured.

I am also monitoring TCP communications with Wireshark and can confirm that the actual LDAP messages support everything I wrote above.

Comments

aren cambre’s picture

aren cambre commented
Title: Uses anon binds when non-anonymous seach is configured » Uses anon binds even when non-anonymous seach is configured

Clarification on above: the per-page view LDAP queries are being done with an anonymous bind.

miglius’s picture

miglius commented

I don't think that ldapauth module binds to the LDAP server on each page load. ldapdata might do so. Can you disable ldapdata module to confirm it? Also, what is your settings for "Synchronizing options" in the ldapdata configuration?

miglius’s picture

miglius commented
Status: Active » Postponed (maintainer needs more info)
aren cambre’s picture

aren cambre commented
Status: Postponed (maintainer needs more info) » Closed (works as designed)

Disabling ldapdata does stop that from happening, and entering an account into ldapdata's "Advanced configuration" fixes it. I noticed two other issues, however, and I'll open separately as to not confuse this one.