I installed the LDAP Integration modules today and successfully set up Drupal to allow authentication through LDAP. That worked beautifully. However, I want to be able to limit who can log in to the site based on the user's Group. When I try to limit automatic account creation by group, no one is able to get in, even users who are in that group. I know that Drupal is able to see my groups because it creates roles with the group names if I remove the restriction.

I'm not sure if this is a bug or something I'm doing wrong, but I figured I'd report and see what you guys think.

CommentFileSizeAuthor
#3 ldap-integration-autocreation-2.patch14.52 KBchristian_m
#2 ldap-integration-autocreation.patch14.95 KBchristian_m

Comments

christian_m’s picture

christian_m commented

I have the same kind of problem. I want to limit automatic account creation to only certain LDAP groups. That said, if a user already has an account, she should not be denied access by this setting. Yet, what happens is that the user is denied access but the account is created nonetheless. I tried to have a look at the code to see if I could come up with a simple fix but I have not had any success so far.

Either this is a bug or the form field labelling is misleading: currently this doesn't limit account creation but user access.

Any help appreciated.

christian_m’s picture

christian_m commented
StatusFileSize
new ldap-integration-autocreation.patch14.95 KB

I have come up with this patch to solve my problem. It is not very elegant and I am sure it would benefit a lot from a review by the developers team. But it does the job for me. Essentially, it adds two more settings: a checkbox in ldapauth to enable or disable account creation globally; and a textfield in ldapgroups that accepts a list of groups for which account creation is allowed. I hope I have not introduced bugs in the code.

Comments are welcome.

Christian.

christian_m’s picture

christian_m commented
StatusFileSize
new ldap-integration-autocreation-2.patch14.52 KB

Removed implementation of hook_enable and hook_disable in ldapgroups.module since they were leftovers from an earlier development phase.

zachatharsis’s picture

zachatharsis commented

I too am seeing the same thing. I am building an Intranet for my school district and ideally, I want to map roles to AD groups for all users EXCEPT users in a particular group (ie. students). When enabling the aforementioned setting, everybody seems to get denied, yet the user is still added into Drupal. Christian, so far I assume you're latest patch seems to be correcting the problem and happily working? Any advice/thoughts from the admins on this issue?

christian_m’s picture

christian_m commented

Hi zmather,

I have been using the patch for three months now and it does exactly what I want. I can't guarantee that it will work with a different setup but I am fairly confident it will behave. Let me know if you experience any problem.

johnbarclay’s picture

johnbarclay commented
Version: 6.x-1.0-beta2 » 6.x-1.x-dev
Assigned: Unassigned » johnbarclay
cgmonroe’s picture

cgmonroe commented
Status: Active » Fixed

The latest -dev version has added Group Access Rules support. This allows you to define a set of group based rules to allow or deny folks in a wide variety of ways. E.g., deny a group but allow existing folks to log in, and the like. In addition there are several hooks that can be used to handle site specific situations via 3rd party modules.

For details see: #1475272: 6.x-1.0 Release Candidate 1 Status

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.