at LdapServer->deriveEmailFromEntry($ldap_entry) {...} on line #815: the function returns the value from array $ldap_entry whichs key is mapped to the LDAP record entry for email address. While this key is in lower case, the function looks up for a camelcase name that is stored in $this->mail_attr (here: userPrincipalName vs. userprincipalname). Therefor the function returns an empty value - the login procedure fails with the following error message:
"Another user already exists in the system with the same email address ...", new users cannot log in.
As a workaround I changed line 815 from
return @$ldap_entry[$this->mail_attr][0];
to
return @$ldap_entry[strtolower($this->mail_attr)][0];
and it works fine.
Comments
Comment #1
johnbarclay CreditAttribution: johnbarclay commentedthanks. this is committed. I did it a little differently because I'm trying to run all the case conversions through a single function. More for accounting and change management than anything. Here's the line:
return @$ldap_entry[ldap_server_massage_text($this->mail_attr, 'attr_name', LDAP_SERVER_MASSAGE_QUERY_ARRAY)][0];
Comment #3
arnested CreditAttribution: arnested commentedI am reopening this issue and changing the version to 7.x-2.x-dev as I see this problem on the 2.x series as well (using userPrincipalName for mail attribute).
Comment #4
johnbarclay CreditAttribution: johnbarclay commentedDoes this problem still exist in the current 7.x-2.x-dev?
Comment #5
johnbarclay CreditAttribution: johnbarclay commentedAnyone still running across this in the 7.x-2.x branch. This has simpletest coverage, but not sure how compete it is.
Comment #6
johnbarclay CreditAttribution: johnbarclay commented