Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Hello, many thanks for this module! I am trying to set up a drupal 4.7 installation and am using the 4.7 module found on the wiki. However I think this issue also occurs with the 4.6 module.
Basically, anyone with a LDAP username and password is able to log into drupal (and then act as an authenticated user), even if they do not have an account. (After LDAP authentication the account is created. For example, I have a new installation where the only user is "admin". But after setting up this module I am able to log in with my ldap username (lacinda) and password and a "lacinda" account shows up under the drupal users.) Obviously the ideal fix to this is to limit LDAP authentication to a specific sub-group of users that you wish to have access to the drupal pages. But I do not have control of the LDAP server and cannot create such a group.
Is there a way to check whether such a user exists in the drupal database before allowing the ldap authentication to go through?
Thanks in advance.
Comments
Comment #1
pablobm commentedMaybe this helps: how to filter users.
Comment #2
pablobm commentedI think I can close this now.