QUESTION: Why remove "Request Password" link?
ANSWER: So internal users logging in with their LDAP account don't get the option to change the password.

But what about the rest, i still want external users to be able to create accounts and request new passwords.

Cant we allow users to request a new password, but if there account is associated with an LDAP account then just display a user configurable) message?

This is a problem for me because i want to add the ability for LDAP users to login to our external website, but i don't want to loose any functionality (creating accounts, requesting new passwords) for external non LDAP users.

CommentFileSizeAuthor
#5 ldapauth_61beta2_01.patch2.13 KBAnonymous (not verified)

Comments

peter panes’s picture

Category: feature » bug

Actually i think this is a bug because, i only have two choices as follows:

Allows LDAP users to change their password, except it doesn't work.
Hide change password fields for LDAP Users, but then non LDAP users cant create new accounts or request new passwords.

Is there something I'm missing or is this how its supposed to work?

shadybar’s picture

We're having the same issue with accommodating public users and employees. Has there been any movement with this issue?

verta’s picture

subscribing

bwinett’s picture

subscribing

Anonymous’s picture

Assigned: Unassigned »
Status: Active » Patch (to be ported)
StatusFileSize
new2.13 KB

I made this patch to solve the problem, hope it is usefull

johnbarclay’s picture

in the ldap project for drupal 7, I tried to do this in the theming and form level and it became a pain. Some of it worked better in the menu layer. (Below is the code I used to hide/show the password reset link.) For example, by changing the access callback for the user/password link, I can show or hide the link and the form based on whether ldap exclusive or mixed mode is selected.

Here are the use cases and behavior I'm looking at for user forms and link alterations in ldap for drupal 7. I would welcome feedback in the project/ldap issue queue

================================================
User Forms User Interface (UFUI) Tests
================================================
setup:

1. Toggle email user interface options on admin/config/people/ldap/authentication
  EMAIL=hide
  EMAIL=disable

2. Toggle register accounts account settings at admin/config/accounts/settings
  REGACCT.admin
  REGACCT.visitors
  REGACCT.visitors_w_approv

3. Try with 4 types of users:  
  anon = anonymous user
  user1 = authenticated user 1
  drupal = authenticated drupal user
  ldap = authenticated ldap user
-------------------------
Tests and Desired Results
-------------------------
Edit User Profile Form (/user/NN/edit), form id = user_profile_form
-------------------------
LDAP_authen.user_profile_form.user1.password -- result: password fields and email address fields visible
LDAP_authen.user_profile_form.drupal.password -- result: password fields visible
LDAP_authen.user_profile_form.ldap.password -- result: password fields hidden


LDAP_authen.user_profile_form.EMAIL=allow.* email field functions -- result: email field visible for all users
LDAP_authen.user_profile_form.EMAIL=hide.ldap email field hidden -- result: email field hidden for ldap users
LDAP_authen.user_profile_form.EMAIL=disable.ldap -- result: email field disabled but visible for ldap users

-------------------------
User Logon block and logon forms (/user ), form_id = user_login_block and form_id = user_login
-------------------------

LDAP_authen.login_forms.MM.anon  -- result: visible request new password link
LDAP_authen.login_forms.EM.anon  -- result: hidden link or link to ldap help page

** note:  Create new account link available based on user settings at admin/config/accounts/settings
and not controlled by ldap module at all.

-------------------------
Password Reset/Request New Form (user/password), form id = user_pass
-------------------------
LDAP_authen.reset.anon -- result: form visible from url for all anonymous users
LDAP_authen.reset.anon.EM  -- result: warning if ldap exclusive mode saying only works/available for user 1/admin and link to user ldap help page if link exists
LDAP_authen.reset.ldap.validation.ldap -- result: validation error thrown if resetting password of ldap authenticated user
LDAP_authen.reset.validation.user1 -- result: successfully able to reset password.

-------------------------
User Register Form (user/register), form id = user_register_form
- controlled by admin/config/accounts/settings and not affected by ldap modules.
 /**
 * Implements hook_menu_alter().
 * since menu items are cached, only useful to add or alter callbacks
 * for ldap authentication driven menu items.
 */
function ldap_authentication_menu_alter(&$items) {
  require_once('ldap_authentication.inc');
  $items['user/password']['access callback'] = 'ldap_authentication_show_reset_pwd';
  $auth_conf = ldap_authentication_get_valid_conf();
  if (@$auth_conf->ldapUserHelpLinkUrl) {
    $items['user/ldaphelp'] = array(
      'title' => $auth_conf->ldapUserHelpLinkText,
      'page callback' => 'ldap_authentication_redirect_to_ldap_help',
      'access callback' => 'ldap_authentication_show_ldap_help_link',
      'type' => MENU_LOCAL_TASK,
      'file' => 'ldap_authentication.inc',
    );
  } 
}

function ldap_authentication_show_reset_pwd($user = NULL) {
  
  if (!$user) {
    global $user;
  }
  $auth_conf = ldap_authentication_get_valid_conf();
  if (current_path() == 'user/password' || $user->uid == 1 || !$auth_conf) {
    return TRUE;
   // always show at user/passwordurl. otherwise user 1 will not be able to reset password.
   // LDAP_authen.login_forms.MM.user1, LDAP_authen.login_forms.EM.user1
  }
  
  if ($user->uid == 0) {
    // hide reset password for anonymous users if ldap only authentication, otherwise show
    // LDAP_authen.login_forms.MM.anon, LDAP_authen.login_forms.EM.anon
    return ($auth_conf->authenticationMode != LDAP_AUTHENTICATION_EXCLUSIVE);
  } 
  else {
    // authenticated user.  hide if ldap authenticated otherwise show.
    // LDAP_authen.login_forms.EM.ldap, LDAP_authen.login_forms.EM.drupal,
    // LDAP_authen.login_forms.MM.drupal, LDAP_authen.login_forms.MM.ldap
    return (!ldap_authentication_ldap_authenticated($user));
  }
    
}
did1979’s picture

Hello,
I am on a drupal 6.20 verion, with the uptodate ldapauth module.

how works your patch. I tried to install it but nothing changes.

johnbarclay’s picture

Status: Patch (to be ported) » Fixed

This is committed (patch on #5).

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.