I'm currently using the latest dev branch of ldap_integration and its associated modules in conjunction with the latest dev branch of the CAS module, and have noticed that upon logging in via CAS, the user's role is removed, but only so long as the LDAP database is not available.

I have tried disabling CAS completely and was able to reproduce the problem simply by logging in to Drupal. Additionally, I procured similar results using both LDAP and Drupal as the user repository.

Comments

johnbarclay’s picture

johnbarclay commented
Status: Needs work » Needs review

The workflow of ldapgroups is to remove all the roles then reassign them. So if ldap server isn't available it will remove the roles. This is by design.

Are you proposing it leave the roles alone if it cannot connect to the ldap server?

Does CAS and ldap groups work toghether? My understanding was that ldap groups did not work without ldap auth.

cgmonroe’s picture

cgmonroe commented
Status: Needs review » Fixed

The latest -dev version contains some extra checks before roles are changed. One of these is to verify that an LDAP error did not occur. If an error occurs getting groups (e.g. can't contact ldap server), nothing is changed.

For details see: #1475272: 6.x-1.0 Release Candidate 1 Status

Status: Fixed » Closed (fixed)
Issue tags: -ldap authentication, -cas, -drupal roles

Automatically closed -- issue fixed for 2 weeks with no activity.

Issue tags: +ldap authentication, +cas, +drupal roles

Restoring issue tags, see #2125755: System messages removed all issue tags during D7 upgrade.