Plans for Drupal 5.0?

I didn't start yet, but I guess that will be the next thing as soon as I get the current big bugs fixed.

I'm going to update this module today so that I can evaluate it for use at our company. I'll try to post a patch when I get it running with Drupal 5.0 beta 2.

Justin

Hi, just to keep you updated. There is a working version, created by Justin/datura (see comment #3), but I haven't been able to do anything with it because I am extremely busy this week (last week before my Xmas holidays).

I'll try to do something...

Here's a patch for Drupal-5.0 rc1. Please review and suggest/make changes needed for approval. I have it working with my LDAP and Active Directory servers (with the exception of the earlier issue I submitted about a logic flaw)

In addition to the patch, drupal-5.0-rc1 also requires a ldapauth.info file

# cat ldapauth.info
name = ldapauth
description = "Implements LDAP Authentication"
package = Administration

kreaper

Here's the patch for ldapgroups

ldapgroups.info file:

name = ldapgroups
description = "Integrations LDAP Groups with Drupal Roles"
package = Administration

Hello,

I just attempting to get the patched version working on 5-rc1 and after running the patches and creating the .info files both ldapauth and ldapgroups appear in Modules. But only ldapgroups appears in "Site configuration" ldapauth is missing.

I'm fairly new to drupal so I'm assuming that I have somehow caused the problem. But any assistance that you could provide would be greatly appreciated.

Thanks,
Ken C.

Hi,

It's working for me but I can't see my ldap groups in Drupal roles.
How to sync ldap groups with drupal roles please ?

Thanks a lot.

Binerf

@kcolwell -- I had the same problem initially. It seemed like the module listing was internally cached and the new module did not pickup. I disabled and enabled the module again and it appeared in "Site Configuration".

@Binerf -- Do you have your groups-role mappings in the ldapgroups.conf.php file under ldap_integration/ldap_integration directory ? the patch will only create roles that are explicitly specified in that file.

Hi Kreaper,

I tried enabling and disabling ldapauth but it still doesn't appear in "site configuration"

thanks,
ken c.

Should the above patches be applied to ldap_integration-4.7.x-1.x-dev.tar.gz

or ldap_integration-HEAD.tar.gz?

When applying to 4.7 I get the following:
patch -p 0 patching file ldapauth.module
Reversed (or previously applied) patch detected! Assume -R? [n] Y
Apply anyway? [n] y
Hunk #1 FAILED at 1.
Hunk #4 FAILED at 133.
Hunk #5 FAILED at 147.
Hunk #6 FAILED at 157.
Hunk #7 FAILED at 286.
Hunk #8 FAILED at 356.
Hunk #9 FAILED at 404.
Hunk #10 FAILED at 442.
Hunk #11 succeeded at 504 (offset 43 lines).
Hunk #12 FAILED at 527.
Hunk #13 FAILED at 554.
Hunk #14 FAILED at 569.
11 out of 14 hunks FAILED -- saving rejects to file ldapauth.module.rej

Then when applying the patches to head I get the following:

patch -p 0 patching file ldapauth.module
Reversed (or previously applied) patch detected! Assume -R? [n] y
Hunk #10 FAILED at 346.
Hunk #11 succeeded at 361 (offset -2 lines).
Hunk #12 FAILED at 383.
Hunk #13 succeeded at 408 (offset -3 lines).
Hunk #14 FAILED at 423.
3 out of 14 hunks FAILED -- saving rejects to file ldapauth.module.rej

Have I completely missed the point or is something else wrong?

Thanks,
Ken C.

4.7:
patching file ldapauth.module
Reversed (or previously applied) patch detected!  Assume -R? [n] Y
Apply anyway? [n] y
Hunk #1 FAILED at 1.
Hunk #4 FAILED at 133.
Hunk #5 FAILED at 147.
Hunk #6 FAILED at 157.
Hunk #7 FAILED at 286.
Hunk #8 FAILED at 356.
Hunk #9 FAILED at 404.
Hunk #10 FAILED at 442.
Hunk #11 succeeded at 504 (offset 43 lines).
Hunk #12 FAILED at 527.
Hunk #13 FAILED at 554.
Hunk #14 FAILED at 569.
11 out of 14 hunks FAILED -- saving rejects to file ldapauth.module.rej

HEAD:
$ patch -p 0 <ldapauth.patch 
patching file ldapauth.module
Reversed (or previously applied) patch detected!  Assume -R? [n] y
Hunk #10 FAILED at 346.
Hunk #11 succeeded at 361 (offset -2 lines).
Hunk #12 FAILED at 383.
Hunk #13 succeeded at 408 (offset -3 lines).
Hunk #14 FAILED at 423.
3 out of 14 hunks FAILED -- saving rejects to file ldapauth.module.rej

OK, in my drupal/modules/ldap_integration/ldap_integration/ldapgroups.conf.php:

$GLOBALS['ldap_group_role_mappings'] = array(
        'cn=Admins,ou=groups,dc=mydomain' => 'admins'
);

But in Drupal Roles admin, no new role appears....

@kcolwell - I created the patch from ldap_integration 4.7 version. (may be Binerf can share his info also). I will d/l the HEAD will try to apply the patch and see.

@Binerf - "cn=Admins,ou=groups,dc=mydomain" -- is this a valid DN ? and is the member attribute specified correctly in the ldap configuration ? For AD (for e.g), the member attribute that contains the full DN of the member is memberOf.

@Binerf -- also read this if you don't mind about ldap groups -> roles

http://drupal.org/node/79918

Hello,

I manually applied the patch to 4.7, and by manually I mean I went through the code line by line and made the changes, and now I have ldapauth running on 5-rc1.

Thanks for all of your help!

Ken C.

Attached is a copy of the manually patched module file

@kreaper : yes, "cn=Admins,ou=groups,dc=mydomain" is a valid DN and the member attribute, in this group like the others, is "memberUid" which is a list of users (like "user1", "user2", etc... but not full DN).

And to apply patch on my drupal version (v5), I dl ldap_authentication for drupal 4.7 apply patches with "patch" command.

Downloaded the 4.7 ver and replaced ldapauth.module with the one from kcolwell in comment #19. Created an ldapauth.info file and enabled it.

But I'm getting:

ldap_connect() in Fatal error: Call to undefined function: ldap_connect() in /blah/blah/blah/ldap_integration/LDAPInterface.php on line 64

What did I miss?

@Binerf: Acc to pablo's documentation at http://wiki.pablobm.com/index.php?title=Ldapgroups_configuration, there are TWO ways to extract ldap groups

a) group is specified in user's DN

if your DN is like "uid=binerf,ou=Programmers,ou=People,dc=example,dc=com"
and another user's DN is "uid=sysadmin,ou=SysAdmins,ou=People,dc=example,dc=com"

then using this method will allow us to create and use the two roles called "Programmers" and "SysAdmins"

(Frankly I think this method is retarded - The author is giving a lot of flexibility to users but if the LDAP DS is designed this way -- I wish them luck)

b) each user has attributes defining their groups
(NOTE: it does NOT say that each GROUP has attributes showing its members - which is a Unix LDAP way, whereas option b) is the Active Directory way)

In AD, in each user's DN, there is an multi-valued attribute called "memberOf" that describes the dn of the group
In Unix LDAP, in each group object, there is a multi-valued attribute called "memberUid" that has the username of the member. I do not believe this ldapgroups module is designed to work with Unix LDAP style group memberships...

(of course, pablom, feel free to jump in :) )

In this link, http://wiki.pablobm.com/index.php?title=Ldapgroups_configuration, there are THREE ways to extract ldap groups and not TWO... I'm using the third way :-)

Please disregard my comment #22. Got the same problem on a 4.7 install. Looks like this is my problem

(foot in the mouth) (doh!)

you could use the watchdog() function to display a debug message... and see what it says. do the roles get created in the database at all ?

No role is created in db and how to use watchdog() ?

watchdog - http://drupal.org/node/86124

Also, in the ldapgroups.module around line 177, you could put this debug line and see what you get also..

msg_r("ROLES Captured: $roles);

(i.e. Find the line "//Finally, we grant the role" and stick the line 'msg_r("ROLES CAPTURED: $roles")' above it)

OK thanks for the link.

Here an extract of my in ldapgroups.module:
[...]
// Next, we apply site-specific rules
if (function_exists('ldapgroups_roles_filter')) {
$roles = ldapgroups_roles_filter($roles);
}

msg_r("ROLES CAPTURED: $roles");

// Finally, we grant the roles
foreach ($roles as $role) {
[...]

Then I went to "LDAP Groups" in "Site configuration" and no difference appears.
So I clicked on "Roles" in "User Management" and no difference appears.
What did I forget ?

(THX for your patience)

Looking good so far!

Anyone ported ldapdata.module yet?

if ya want something done... ;-)

Here's a replacement ldapdata.module - it probably needs work, and i'm sure some nice person will make a patch.

I'm getting wierd errors with the ldapgroups stuff tho - anyone made this work with a unix LDAP server?

I have a group called "staff" with a list of memberUid's to which i want to provide a role

cn=staff,ou=Groups,dc=blah,dc=com

so i choose option 3, bung in the "ou=Groups,dc=blah,dc=com" and "memberUid" in the respective boxes.... it gives me a nice:

warning: array_keys() [function.array-keys]: The first argument should be an array in /usr/share/drupal/modules/user/user.module on line 361.
warning: implode() [function.implode]: Bad arguments. in /usr/share/drupal/modules/user/user.module on line 361.
user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 query: SELECT DISTINCT(p.perm) FROM role r INNER JOIN permission p ON p.rid = r.rid WHERE r.rid IN () in /usr/share/drupal/includes/database.mysql.inc on line 16

@Binerf -

did you try to do this ?

Before this piece of code

// Next, we apply site-specific rules
if (function_exists('ldapgroups_roles_filter')) {
$roles = ldapgroups_roles_filter($roles);
}

put this line

msg_r($roles);

and try to login with the LDAP account. On top of the page, you should see debug messages of what roles are detected...

OK, the first access with ldap login says:
* warning: array_keys() [function.array-keys]: The first argument should be an array in /var/www/drupal-5.0-rc2/modules/user/user.module on line 361.
* warning: implode() [function.implode]: Bad arguments. in /var/www/drupal-5.0-rc2/modules/user/user.module on line 361.
* user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 query: SELECT DISTINCT(p.perm) FROM role r INNER JOIN permission p ON p.rid = r.rid WHERE r.rid IN () in /var/www/drupal-5.0-rc2/includes/database.mysql.inc on line 167.

And nothing else with the second access.
But no role appears.

@binerf and @rooey
since both of you seem to have the same error, it is probably ldapgroups.module that is causing this error. There are quite a few postings in the forums that suggests a contrib module to throw that error. Try disabling ldapgroups.module and see if that error returns.

I have had that error initially when I was porting to 5.x but I can't recall what I did to fix it. That'll teach me to keep notes... :(

A related issue: http://drupal.org/node/74023

In either case, I have ldapgroups working for both Active Directory and Unix LDAP.

@Binerf -- if you are not seeing any roles even before the filter is applied, then you should look further up the code logic.

If your ldap group object looks like:

cn=drupal,ou=Group,dc=example,dc=com
...
memberUid: binerf
memberUid: kreaper
memberUid: rooey
...

Then in ldapgroups.module, it is "Strategy 3"
In either case, you can see what groups are even being detected (even before getting into roles)

 // Then, we figure out the appropriate groups
  $groups = _ldapgroups_detect_groups();
  if ($groups === false) {
    // Oh, this means this user didn't even have to be here. Bye!
    return true;
  }

change this to

 // Then, we figure out the appropriate groups
  $groups = _ldapgroups_detect_groups();
msg_r($groups);
  if ($groups === false) {
    // Oh, this means this user didn't even have to be here. Bye!
    return true;
  }

That msg_r() is a debug routine. That can be deleted later. With this, do you see any groups detected at all ?

OK, the strategy 3 is which that I use in my openldap.
I put
// Then, we figure out the appropriate groups
$groups = _ldapgroups_detect_groups();
msg_r($groups);
if ($groups === false) {
// Oh, this means this user didn't even have to be here. Bye!
return true;
}
in modules/ldap_integration/ldapgroups.module but nothing appears.
Is seems that this script is not used by my drupal installation but I've configured this module in "Administration -> Site configuration -> LDAP Groups"

The fact that you are seeing in the Admin section and are able to provide config options is a reason to believe that it will be used by drupal. assuming your ldap auth works right ?

Yes, ldap auth works fine.

Guys, thanks for all the effort you are putting on this. I'm sorry I haven't been helping to put this together, but I haven't been able to. In fact I don't think I will be making any new updates for a long time, so I'm abandoning the maintenance of this module.

This module is now declared orphaned. Thanks to all who gave me any help or feedback. If any of you feels like taking over, please do so. Do not hesitate to contact me if you need any help. I'll still be here to make the transition as smooth as possible.

Again: thanks, and thanks, and thanks. And apologies.

@Binerf

To confirm that your ldapgroups.module is not really being used, put some msg_r("blah ..."); debug messages at various points of the ldapgroups_user_login() function...

@kreaper

hey buddy - thanks for your help with this one.

It's odd, i've been following the same issue as binerf, I can't get any debug messages out either.

Do you have a copy of ldapgroups.module you can post, so we can diff them?

Roo.

Interestingly, changing:

if ( ! _ldapauth_is_ldap_login_only($name)) {
to
if ( _ldapauth_is_ldap_login_only($name)) {

lets drupal find the roles required and kills all errors, but of course, stops local authentication from working.

We'll keep digging & try to build a patch.

Here's the thing with my port. I also needed authentication from multiple LDAP/AD servers and I pretty much re-did the whole module shortly after posting the patch for ldapauth and ldapgroups for 5.0. My module also requires a new table to be installed (cause to host multiple server configs and to have ldapgroups mapped accordingly). I have drupal authenticating against 3 AD forests and 1 Unix LDAP server with this one (for my work).

What you may have to do if you adopt my codebase is the following (the tar ball is attached)

a) uninstall the old module
b) remove the module entry from the system table
if you do a "SELECT name FROM system", you will see entries for ldapauth, ldapgroups or ldap_integration. You'll have to delete that entry (DELETE FROM system WHERE name = 'ldapauth' for e.g) and
c) install this module. It will create the table and the new module.

There is no guarantee that my codebase will be accepted into drupal CVS (actually pablo said he is no longer supporting the ldap module :( ). But you can atleast extract the ldapgroups.module code out of it and undo any sql changes :)

Oh, hey! I like this approach - I assume additional LDAP instances can be configured for failover etc?

It seems to work really well too.

Do you use the automatic LDAP groups to roles for each user? It didn't set mine automagically.

What sort of scale are you using this on anyway?

We're in the process of re-designing our corporate intranet from Drupal 4.6 single instance to 5.0 multi-site/replication/nightmare... Traditionally we used webserver_auth in conjuction with our own custom LDAP/drupal API's that were horribly hard-coded.

Oh, hey! I like this approach - I assume additional LDAP instances can be configured for failover etc?

It seems to work really well too.

Do you use the automatic LDAP groups to roles for each user? It didn't set mine automagically.

What sort of scale are you using this on anyway?

We're in the process of re-designing our corporate intranet from Drupal 4.6 single instance to 5.0 multi-site/replication/nightmare... Traditionally we used webserver_auth in conjuction with our own custom LDAP/drupal API's that were horribly hard-coded.

additional LDAP instances can be configured. it will simply check them in order (TODO -- ability to rearrange the order). You can activate and deactivate them individually.

ldapgroups config has to be set for each one of them. If you go into ldapgroups settings, you will see the list of ldap servers and you can set the group config in there.

What sort of scale are you using this on anyway?

?? you mean unix tabstop ? (set it to 2)

We're in the process of re-designing our corporate intranet from Drupal 4.6 single instance to 5.0 multi-site/replication/nightmare... Traditionally we used webserver_auth in conjuction with our own custom LDAP/drupal API's that were horribly hard-coded.

yea -- I had to come up with this cause we just went thru a merger and I now have 3 ADs and 2 LDAPs :) LOL!

So did the groups work ? I take it that you downloaded the module and installed it ?

No, the roles aren't set automatically - but it does find them :s Any ideas?

By scale I meant scale of service - how many users/what for etc?

I've got a real old corporate directory thing that I hacked together before... I'm hoping to build solid add-ons to compliment this module, instead of specific hard-coded stuff.

Roo.

allrighty then, i've found the problem, i also had your customized ldapgroups.conf.php file..

all sorted now.

I'll begin work on making LDAPdata work again ^^

Once again - this is a great improvement upon the previous version.

It'll be helpful if you can port the ldapdata.module to work with this database-based module. We would have a complete module port with all new features.

I am not sure if you noticed that I also took a patch from one of the issues so that the LDAP DN entry is available in the user settings.. that should help in some cases.

If I change:
if ( ! _ldapauth_is_ldap_login_only($name)) {
to
if ( _ldapauth_is_ldap_login_only($name)) {

That works for me.
I'm going to test deeper.

@kreaper

yes, the DN will certainly be a good thing!

Will take a look at ldapdata.

Roo.

Hi,

I would like to know if it's possible to change user password with drupal admin page if this user is in LDAP ?

Thank you.

I think the ldapdata.module allows that. @rooey volunteered to port that to the new codebase and post it when available.
right rooey ? :)

So it looks like we've got some good (i.e. working) patches here. What's blocking these from being released for 5.x?

If a user changes his password in drupal "user edit form", the password is changed in drupal (ie in drupal's db) but not in ldap and after, this user can use both passwords, old and new one.
Where's the bug please and how to correct it ?

Thanks

I'm sorry but where could I found this option "Changes in account fields will be mapped to LDAP attributes and back" in drupal V5 please ?

Hi,

Pablo directed me to this thread. (Thanks Pablo).
I've downloaded the module as kreaper posted it (since this is a brand new 5.0 install and i like the approach of having mutliple LDAPs).
i've never worked with drupal or the ldap module for that matter, but i'm trying to implement it so drupal can act as our company intranet.
the thing is, when i'm trying to login using a LDAP user, i just get the laconic log error "Login attempt failed for t1: .", so i don't even know if drupal is trying to use my LDAP (Active Directory in my case).
so first question, i can i debug that the LDAP module is even used? (I've changed the setting to check only the LDAP and not drupal user base and still got the same error log).
2nd question, there is only a set for baseDN, but what about the actual search base? E.g. my basedn is "DC=blabla,DC=com", but since i have several entities under the base, in order to actually search users i have to use "OU=users,OU=blabla HQ,DC=blabla,DC=com". so where do i input this information?

any help will be greatly appreciated.

Thanks.

I've been tinkering with kreaper's code for a db driven multi ldap setup for a day or two and I can't make it authenticate to our AD. I've inserted error messages everyone that I can think of and everything seems ok except that login is not allowed to the drupal site.

So, I went back and used the previous patch posted by kreaper to the 4.7 version of auth and groups and authentication is allowed however I'm also getting:

warning: array_keys() [function.array-keys]: The first argument should be an array in \drupal-5.0\modules\user\user.module on line 361.
warning: implode() [function.implode]: Bad arguments. in \drupal-5.0\modules\user\user.module on line 361.
user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 query: SELECT DISTINCT(p.perm) FROM role r INNER JOIN permission p ON p.rid = r.rid WHERE r.rid IN () in \drupal-5.0\includes\database.mysqli.inc on line 151.

I've tried this with ldapgroups disabled and enabled with the same results. Subsequent logins past the first work fine, but groups never get setup and neither does data mapping. Rooey's patch for ldapdata gives me a proper admin interface that sees the profile.module fields that I've added but doesn't seem to be mapping when told to map an attribute to a profile field.

All in all I can not get any existing code to work on 5.0. I'm using MySQL 5.0.27 with PHP 5.1.4 authenticating to Win 2003 AD. I'm currently using kreaper's patch to 4.7 for auth and groups and Rooey's patch for data. Any advise would be appreciated.

Also, anyone you planning on taking ownership of this module now that Pablo has orphaned it?

I am reading through this thread, downloaded 4.7 module and tried to use it with patches provided here on Drupal 5. The module just doesnt show up in the modules administration. Am I missing something.

Kreaper, with respect to your comments in #42, I have a few questions:

If I have a brand-new 5.0 setup, are there any caveats -- preparatory steps I need to take -- or does the guidance in #42 only apply to existing Drupal 4.x installations?

I do not foresee requirement for multiple LDAP, but if module can meet everyone's needs, so much the better. Do you foresee being able to follow up with any more development?

What are obstacles to getting your changes in CVS? Must a maintainer step forward? Who might be a candidate for that duty? (wink, wink :)

I had LDAP integration working with Webserver_auth under 4.7, but not in production. I want to officially launch Drupal, but at this point it makes sense to wait until 5.0-related LDAP/auth issues are sorted out.

@Binerf (#55) -- I have not looked at mapping ldap attrs yet -- so rooey is your best bet.

@sagyvolkov(#56) -- make sure that the module is enabled and settings are populated. Once you enabled the module, go into Site Configuration and there is place to put multiple basedn

@presleyd -- Have you completely removed the old module ? I would remove all of the old ldap_integration modules and re-install this once. See comment #42

Also, there are numerous postings with regards to this error in drupal. You may want to check them out

\drupal-5.0\modules\user\user.module on line 361.
warning: implode() [function.implode]: Bad arguments. in \drupal-5.0\modules\user\user.module on line 361.
user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 query: SELECT DISTINCT(p.perm) FROM role r INNER JOIN permission p ON p.rid = r.rid WHERE r.rid IN () in \drupal-5.0\includes\database.mysqli.inc on line 151.

@artiststranger -- I have seen that as well -- its got to do with drupal caching. I would disable the module, install the patch and re-enable it.

@geste -- if you have never installed any previous versions of drupal, then no need to do #42 -- just install it as any other module.

A few folks have approached me to maintain this module. So let me ask this group a few questions

a) How much time is typically needed ?
b) I can only support 5.0 version and above (pre-5.0 with the old design is just too time consuming for me).
would that be acceptable ?

c) need co-maintainers -- who wants to step in and join forces ?

kreaper

@kreaper (#60) : so if you don't map ldap attrs in drupal, is it possible for an user to change his password in ldap ? In my mind, this role is played by attrs mapping, isn't it ?

Hello,

iam new to drupal, coming from Joomla.

Having read all this...iam really suprised how you guys work..great.

First part :

Still have problems...i have activated the module..setted up a server, activated him, entered all the details..
but on login ( i set LDAP login only ) he is not even contacting the server ( iam running him in deug mode )..so this is to fix for me.
Iam using your current version of post #42...hopefully i get this running this night..guess you guys want answer at this time :)

Part two :

I would step in as a "helper" to develop on the LDAP module, as i will need it for an upcoming project with drupal anyway.
What i would work on first is, a 2rd authentication method.
We got 1. anonymous, 2. "fixed user" who has global read right to catch for the user to auth
i dont like both.

What i want to include is, making a simple bind with the user, which is currently trying to login.
A mask with an template like :
cn=[username],ou=Users,dc=example,dc=com
and a password field would be req then..the rest is just a simple bind, nothing more.

Second thing is the "password change" thingy..we should not, in any way, store ANY user passwords in cleartext..this maybe okay for some, which are meaning there DB is "safe", but this is just b***s**** for the user, which password you store..The admin can build his own "password manager" out of it.
My solve : 3 field on pw change : old, new, new-repeat.
Nothing new...but here we auth with the old password, write in the new one, done. No cleartext password needed.

What are yo thinking guys ?
I dont know..but reading this thread..seeing how you guys trying to get all this running and cooparating..great.
It forces me to help, if i can and iam needed.

Best regard

Mayer

Hello!

I`ve worked a bit and after i got confused all the way, i finally worked out something.

Short things first :

- I added some addtional information while editing/adding server and corrected redirections after errors
- i added some more description and some 2 new fields in the db, later more
- small bug that the port was not printed in the admin interface, while it has been saved correctly

Important: If you try testing LDAP-Login with the SuperAdmin(uid=1) the Module will ALWAYS use local auth with drupal, no LDAP!! It will ignore your "LDAP only Settings"! So take a other user..I added a warning message for that kind of behavoir..to save people time..i had to spent :)

Ok to my post above :

After i added the new auth type to the admin interface...i searched for the code to customize ( auth ).
After some research(uid=1), some basic drupal understanding i recognised, that the description of the "default auth" is not correct.

The process of authentication starts by establishing an anonymous connection to the LDAP directory and looking up for the user on it. Once this user is found, LDAP authentication is performed on them.

This is not completely right or easy to missunderstand. The module is not searching for the user, anonymously and when it finds him, it gives permission to login. It more binds ( auth ) to the server ( what is a similar prozess..but not for the ACLs in LDAP). So before that bind..no serches are done..so its no "anonymous search"...
I recognised that, because that kind of anonymous search is forbidden on my server, only anonymous auth is allowed

This is my ACL for that

access to attrs=userpassword
       by self       write
       by anonymous  auth
       by group.exact="cn=SupAdmins,ou=IntranetUser,dc=gds1,dc=de"      write

So in my eyes, that description should be changed, better corrected. I added a new "auth type" (Method 1) for that "first bind, then serach" as "default" in the admin interface..but changed nothing at the auth-code as its using that anyway.

In addition there is a Method 2: ( old one ) with that "Single user With global password read rights" which have been there before.

---

The next confusing step was, what ldapgroup is using for searching for the groups in the DB. Is it using the current user..or when method 2 is selected, the "global reader" ? We should really clear that out, before people fail because of there server ACLs and that confusing "how is auth, read, write handeled" ? And i think we should, in any case, give the Admin the possibilty to define diffrent "Single Global Reader User" for Auth and Group search, because its not stupid making the groups not readable to everyone..just to a single user which opporates only for that reason. Or in case, method 1 is chosen, but the normal user has no read access to his group ( what is not that stupid ), the "Single Global Reader User" of LDAP-Group should do the job then.

To clear it all out:

Auth Methods for : Ldapauth:

@kreaper Yes I've tried with a fresh install of drupal 5.0 several times now. I install the module in sites/all/modules, it shows up in Site Building->Modules. I enable it. Seems fine. Go to Site Configuration -> LDAP Auth and setup my server. Same values as I use with the 4.7 version. (I also noticed that the port number does not redisplay when you open that servers configuration, but I keep putting it in because if I save the config with it blank it does indeed wipe out the value in the db).... Everything looks fine, but when I try to login with any LDAP account I'm denied. It looks like the 4.7 version but something is different under the hood (besides just storing the servers in a table) because I'm using the exact values I used in 4.7 and it still works fine. I setup a new 4.7 install just to make sure I wasn't doing something there that I was forgetting in 5.0

I am having the same experience like #64. Who was able to get this working on Drupal 5 ?
I tried to download module from here but to no avail.
Can someone post step by step instructions and download links. Please.

All

Currently this project is orphaned. However, have no (well, not too much atleast) worries. scafmac and I are going to take a shot at maintaining this module. This thread is becoming to unwieldy to follow. So I am thinking of doing this:

a) create a 5.0 branch and field 5.0 issues there
b) start a joint documentation page.

-- atleast for starters.

Please hold off on your patches and questions till scafmac and I get a chance to see where all the stuff is and get organized. We are also looking for volunteers for documentation/maintenance etc -- so please join!
Clearly there is a lot of demand for this project ...

I fixed up several bugs with the 5.0 port and created a new branch DRUPAL-5. The download package should be available soon (next time the packaging cron runs on drupal). With that said, please start posting your bugs and patches under the new branch..

The 5.0 Branch and code is now available for download and testing. Also, HEAD now represents nightly commits, as it should. Please download the new code and submit bugs, bug fixes and issues to the appropriate version-ed queue.

This issue is now tagged as fixed and is marked for closing.

kreaper,

OK, so this thread may be closing, but I just want to say THANK YOU!

Jim

you are welcome. collaborative development is cool!

I think the ldapdata.module allows that. @rooey volunteered to port that to the new codebase and post it when available.
right rooey ? :)

Yep, that is, if it's still needed, I got tied up on other stuff, but I have my trusty assistant looking at it.

Do you still need it?

I haven't checked the "official" module yet.