Posted by chrisbert91 on November 7, 2009 at 12:33am
| Project: | LDAP integration |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | johnbarclay |
| Status: | active |
Issue Summary
I installed the LDAP Integration modules today and successfully set up Drupal to allow authentication through LDAP. That worked beautifully. However, I want to be able to limit who can log in to the site based on the user's Group. When I try to limit automatic account creation by group, no one is able to get in, even users who are in that group. I know that Drupal is able to see my groups because it creates roles with the group names if I remove the restriction.
I'm not sure if this is a bug or something I'm doing wrong, but I figured I'd report and see what you guys think.
Comments
#1
I have the same kind of problem. I want to limit automatic account creation to only certain LDAP groups. That said, if a user already has an account, she should not be denied access by this setting. Yet, what happens is that the user is denied access but the account is created nonetheless. I tried to have a look at the code to see if I could come up with a simple fix but I have not had any success so far.
Either this is a bug or the form field labelling is misleading: currently this doesn't limit account creation but user access.
Any help appreciated.
#2
I have come up with this patch to solve my problem. It is not very elegant and I am sure it would benefit a lot from a review by the developers team. But it does the job for me. Essentially, it adds two more settings: a checkbox in ldapauth to enable or disable account creation globally; and a textfield in ldapgroups that accepts a list of groups for which account creation is allowed. I hope I have not introduced bugs in the code.
Comments are welcome.
Christian.
#3
Removed implementation of hook_enable and hook_disable in ldapgroups.module since they were leftovers from an earlier development phase.
#4
I too am seeing the same thing. I am building an Intranet for my school district and ideally, I want to map roles to AD groups for all users EXCEPT users in a particular group (ie. students). When enabling the aforementioned setting, everybody seems to get denied, yet the user is still added into Drupal. Christian, so far I assume you're latest patch seems to be correcting the problem and happily working? Any advice/thoughts from the admins on this issue?
#5
Hi zmather,
I have been using the patch for three months now and it does exactly what I want. I can't guarantee that it will work with a different setup but I am fairly confident it will behave. Let me know if you experience any problem.
#6