core trigger page redirect upon login stops group/role mapping [#674114]

Hi All

I currently installed the latest version of the LDAP module and enabled auth, groups and data and set them up as i have done many times before for other sites. When i logged in as two diferent users the groups that user belonged to became drupal roles and all was good in the world. I then had to mod some permissions and uninstall some other modules (Mollom, ACL) I then tried logging in with another user and now I cannot get LDAP Auth to map groups to roles. I have cleared caches, ran update.php and also completely uninstalled LDAP modules and reinstalled and checked all database tables and still it wont work.

the network is a windows server 2003 Domain and im using memberOf in the LDAP group attributes option and as i said all that was fine. users can login so its not authentication just simply connecting to get the group info.

I have also made sure the search account has the correct permissions to access all the data within AD.

Any help would be great as I have stripped most of the hairs on my head trying to resolve this and im hoping some clever Drupal users and some clean eyes in the morning will help put me right.

Comments

Comment #1

game commented 7 January 2010 at 15:41

Im still struggling with this issue, could anyone give me a breakdown of how this module works and which tables it creates and uses as this may help me troubleshoot. Also any troubleshooting tips would be great... Im going greyer by the day :-)

Comment #2

game commented 11 January 2010 at 10:18

Category:

support

» bug

after much more testing I can only assume this is a bug. Today I copied the site to a completely seperate server and domain and resetup LDAP auth and groups so I could do some heavy testing and still I have the same issue, im currently uninstalling all modules one by one to see if a module is causing this issue. I will post back as soon as I have found something but once again any help would be great :-)

I have also posted on http://drupal.org/node/411234 which outlines some other information

Thanks again community

Comment #3

game commented 11 January 2010 at 15:08

Status:

Active

» Closed (fixed)

Hi All

after 3 days of trying to sort out this issue i have finally resolved it and found it is potentially a bug as groups were not being mapped because a trigger had been set to redirect the user to the home page when logging in. It seemed this was kicking in as soon as the user was authenticated and not completing the group > role process.

anyways I thought this was worth a mention and also help anyone else who has had this happen.

Comment #4

game commented 12 January 2010 at 10:24

Component:	Miscellaneous	» Code
Priority:	Critical	» Normal
Status:	Closed (fixed)	» Active

Having spoken to other users of the LDAP module we all felt this was worth a good mention and not just brushing over so I am going to make this thread active again as this could limit some users who require redirect triggers and LDAP.

Comment #5

verta commented 13 January 2010 at 20:33

I have gotten this working finally on IIS using 6.x-1.0-beta2 against our Active Directory and here's what did the trick:

In Admin, Configure, LDAP, Groups, edit your configured server, and

under Group By Attribute, check the box for "Groups are specified by LDAP attributes" and enter the attribute

memberOf

My suggestion is to add this to the text in this configuration screen, after "If the groups are stored in the user entries, along with the rest of their data, then enter here a list of attributes which may contain them."

Might help someone out in the future.

Comment #6

elimuir commented 27 April 2010 at 19:40

Confirmation that steps provided by Verta (#5) worked.

I had the same problem.... LDAP users were able to log in, but their roles were not being assigned from Active Directory.

Comment #7

mecvo1984 commented 21 July 2010 at 19:20

Comment #8

jzornig commented 26 August 2010 at 03:59

I have the same behaviour as described in #3. if I have a trigger redirect users on login to a landing page the LDAP group mapping and the OG LDAP Group mapping (I'm using both of these) fail to work. Removing the trigger fixes it. I'd really like a solution that lets me do a redirect on login that doesn't interfere with LDAP Group mapping to Roles and OG Groups.

Comment #9

jzornig commented 30 August 2010 at 05:43

I tried using Rules rather than Trigger and the LDAP mapping works correctly when there is a page redirect on user login.

Comment #10

verta commented 30 August 2010 at 14:08

I have used Login Destination with good results so far. Role mapping is working OK, and it's a little more lightweight than Rules.

Comment #11

WorldFallz commented 7 October 2010 at 21:02

Title:	Groups stopped mapping to roles	» core trigger page redirect upon login stops group/role mapping
Version:	6.x-1.0-beta2	» 6.x-1.x-dev

Just found this issue after wasting hours trying to figure this out. Updating title so hopefully others will find it easier. Also, I can confirm rules does work to avoid the problem-- even when the "Immediately issue the page redirect" option is checked.

Comment #12

johnbarclay commented 3 August 2011 at 01:46

Category:	bug	» support
Status:	Active	» Closed (won't fix)

Since ldap groups is granting roles during the hook_user() where $op = 'login', it should work fine. The other modules must be redirecting or otherwise breaking hook_user() process. So this won't be fixed.

One workaround for those who must use some of these modules is in the system table, give the offending module a higher weight than ldapgroups.

core trigger page redirect upon login stops group/role mapping