i need some suggestion in implementing the LDAP authenticatoin in mixed mode but i want to do it this way

if LDAP authentication fails then i would like to use local drupal account .

please guide me if this can be done.

Thanks

Comments

Renee S’s picture

Renee S commented

subscribe

Renee S’s picture

Renee S commented
Category: support » bug

Just did a dig through the database. At the moment, something weird is happening. I had mixed mode turned on, and it was storing passwords and mode=0 for all users. I turned on LDAP only, however, and passwords of new user accounts created through LDAP login are still having their passwords set. They are also mode=0.

Oddly, even when LDAP Only mode is on, it's using the Drupal password stored in the DB - I tried changing it for a user to see what would happen, and it did not allow the login (rather than checking against LDAP first, just said "Try again.") Not sure if this is desired behaviour.

Basically, I want it to check the LDAP first, and THEN check local - I have a few local users I want for various things who aren't in our LDAP. There used to be a way to set how this worked, but changing mode=0 to mode=1 doesn't do it. Checked this to bug report because, looking at the code, it seems that it should be using mode and checking LDAP. It just isn't.

johnbarclay’s picture

johnbarclay commented
Assigned: Unassigned » johnbarclay
cgmonroe’s picture

cgmonroe commented
Version: 6.x-1.0-beta2 » 6.x-1.x-dev
Status: Active » Closed (works as designed)

RE: the first two parts of #2 - I can't duplicate this in the current dev.. re-open if this is not fixed.

RE: Order of login testing - Not sure this is applicable either now because the process is:

New LDAP User - No matching id / Drupal id with password not matching LDAP

Drupal local fails -> LDAP tried -> Success so account marked as ldap authenticated created/password synced

Log on again -> account found -> account marked ldap id -> local login skipped -> LDAP authentication tried.

Local Drupal User - No LDAP entry

Drupal Local succeeds -> done

There is no real difference between doing local first and local last... unless for some reason your existing users have logged in locally and set the password to match the LDAP password before logging via LDAP. If you're converting from local to LDAP, you can easily do a bulk password change on all effected users to force the LDAP authentication next login time.

Renee S’s picture

Renee S commented

As long as it tries both, it's fine. The bug was that it wasn't. I'll download the new release and give it a whirl!

Renee S’s picture

Renee S commented

(dup. argh)