User A logs in successful against the AD server. User B then logs in successfully on a separate computer. User A looks at his account via the "My Account" link and is now logged in as User B.

Under Servers, we are using a Service Account Bind, AuthName/AccountName is "SAMAccountName", Email Attribute is "UserPrincipalName", Unique User ID Attribute is "dn", Expression for user DN is "cn=%username,%basedn".

Under User, we "Show option on user create form to determine how account conflict is resolved", "Create or Sync to Drupal user anytime a Drupal user account is created or updated. Requires a server with binding method of "Service Account Bind" or "Anonymous Bind", "Associate Drupal Account with the LDAP entry", "Account creation settings at /admin/config/people/accounts/settings do not affect LDAP Associated Drupal accounts", "Do not check for orphaned Drupal accounts".

Authentication settings are "Only LDAP Authentication is allowed except for user 1", "Show disabled email field on usr forms...", and "Update stored email if LDAP email differs at login but don't notify user."

Thanks for any help you can lend!

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

gwfran’s picture

More info: In the Admin section, it looks like User 2 in the People list changes from User A to User B any time a new user successfully logs in.

johnbarclay’s picture

Title: Logged in user has identity changed when another user logs in... » LDAP Authentication: Logged in user has identity changed when another user logs in...
Status: Active » Postponed (maintainer needs more info)

Do user A and B have different Drupal UIDs, LDAP PUIDs, and different Drupal usernames?
What happens if you convert user A and user B to drupal accounts and repeat the same process with LDAP disabled?

Can you test against 7.x-2.0-dev please also?

gwfran’s picture

User A was created in Drupal and was then matched up to the corresponding LDAP user entry. User B was never created in Drupal but exists in the LDAP. User A and B have different PUIDs within LDAP. I'll load 7.x-2.0-dev ASAP.

Thanks for your rapid jump on this!

gwfran’s picture

Using the 7.x-2.0-dev did not help. I get the following error now: "Notice: Undefined variable: ldap_authentication_authmap in _ldap_authentication_user_login_authenticate_validate() (line 507 of /usr/share/drupal7/modules/ldap/ldap_authentication/ldap_authentication.inc)."

nlozovan’s picture

I also have this problem. Let's say I have only the admin drupal account. When I am trying to log in with an LDAP testing account, it goes in with no problems. When I log out and try to log in with a second LDAP testing account, it logs in, but the username of the first testing account overwrites the second one. The email stays the same. And the error with "Undefined variable: ldap_authentication_authmap" prints out.

gwfran’s picture

Status: Postponed (maintainer needs more info) » Active
johnbarclay’s picture

I refactored the ldap authentication validation function completely to get more insight into this. It was unwieldy in length and branching. See http://drupalcode.org/project/ldap.git/commitdiff/048aa7423a085548261c7f...

The undefined variable issue is fixed. I still can't reproduce the error. It may be solved, maybe not.

Do you mind trying to reproduce again with http://drupalcode.org/project/ldap.git/snapshot/048aa7423a085548261c7f29...
?

johnbarclay’s picture

Version: 7.x-2.0-beta3 » 7.x-2.x-dev
gwfran’s picture

Tried the variable fix - that definitely removed the error message. However, the user issue remains. Here's a list of all the modules I have installed in case there might be a conflict...

Hide Core

Enabled Name Version Description Operations
Aggregator 7.18 Aggregates syndicated content (RSS, RDF, and Atom feeds).
Block 7.18 Controls the visual building blocks a page is constructed with. Blocks are boxes of content rendered into an area, or region, of a web page.
Required by: Dashboard (enabled)
Help Permissions Configure
Blog 7.18 Enables multi-user blogs. Help
Book 7.18 Allows users to create and organize related content in an outline. Help Permissions Configure
Color 7.18 Allows administrators to change the color scheme of compatible themes.
Required by: Stylizer (enabled)
Help
Comment 7.18 Allows users to comment on and discuss published content.
Requires: Text (enabled), Field (enabled), Field SQL storage (enabled)
Required by: Forum (enabled), Tracker (enabled)
Help Permissions Configure
Contact 7.18 Enables the use of both personal and site-wide contact forms.
Content translation 7.18 Allows content to be translated into different languages.
Requires: Locale (disabled)
Contextual links 7.18 Provides contextual links to perform actions related to elements on a page. Help Permissions
Dashboard 7.18 Provides a dashboard page in the administrative interface for organizing administrative tasks and tracking information within your site.
Requires: Block (enabled)
Help Permissions Configure
Database logging 7.18 Logs and records system events to the database. Help
Field 7.18 Field API to add fields to entities like nodes and users.
Requires: Field SQL storage (enabled), Field (enabled)
Required by: Drupal, Field SQL storage (enabled), Field (enabled), Text (enabled), Comment (enabled), Field UI (enabled), File (enabled), Options (enabled), Taxonomy (enabled), Forum (enabled), Image (enabled), Number (enabled), LDAP User Module (enabled), LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP SSO (disabled), List (enabled), Tracker (enabled), XML sitemap taxonomy (disabled)
Help
Field SQL storage 7.18 Stores field data in an SQL database.
Requires: Field (enabled), Field SQL storage (enabled)
Required by: Drupal, Field SQL storage (enabled), Field (enabled), Text (enabled), Comment (enabled), Field UI (enabled), File (enabled), Options (enabled), Taxonomy (enabled), Forum (enabled), Image (enabled), Number (enabled), LDAP User Module (enabled), LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP SSO (disabled), List (enabled), Tracker (enabled), XML sitemap taxonomy (disabled)
Help
Field UI 7.18 User interface for the Field API.
Requires: Field (enabled), Field SQL storage (enabled)
Help
File 7.18 Defines a file field type.
Requires: Field (enabled), Field SQL storage (enabled)
Required by: Image (enabled)
Help
Filter 7.18 Filters content in preparation for display.
Required by: Drupal
Help Permissions Configure
Forum 7.18 Provides discussion forums.
Requires: Taxonomy (enabled), Options (enabled), Field (enabled), Field SQL storage (enabled), Comment (enabled), Text (enabled)
Help Permissions Configure
Help 7.18 Manages the display of online help. Help
Image 7.18 Provides image manipulation tools.
Requires: File (enabled), Field (enabled), Field SQL storage (enabled)
Help Permissions Configure
List 7.18 Defines list field types. Use with Options to create selection lists.
Requires: Field (enabled), Field SQL storage (enabled), Options (enabled)
Help
Locale 7.18 Adds language handling functionality and enables the translation of the user interface to languages other than English.
Required by: Content translation (disabled)
Menu 7.18 Allows administrators to customize the site navigation menu.
Required by: XML sitemap menu (disabled)
Help Permissions Configure
Node 7.18 Allows content to be submitted to the site and displayed on pages.
Required by: Drupal
Help Permissions Configure
Number 7.18 Defines numeric field types.
Requires: Field (enabled), Field SQL storage (enabled)
Required by: Drupal (Field type(s) in use - see Field list), LDAP User Module (enabled), LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP SSO (disabled)
Help
OpenID 7.18 Allows users to log into your site using OpenID.
Options 7.18 Defines selection, check box and radio button widgets for text and numeric fields.
Requires: Field (enabled), Field SQL storage (enabled)
Required by: Taxonomy (enabled), Forum (enabled), List (enabled), XML sitemap taxonomy (disabled)
Help
Overlay 7.18 Displays the Drupal administration interface in an overlay. Help Permissions
Path 7.18 Allows users to rename URLs.
Required by: Pathauto (enabled)
Help Permissions Configure
PHP filter 7.18 Allows embedded PHP code/snippets to be evaluated. Help Permissions
Poll 7.18 Allows your site to capture votes on different topics in the form of multiple choice questions.
RDF 7.18 Enriches your content with metadata to let other applications (e.g. search engines, aggregators) better understand its relationships and attributes.
Search 7.18 Enables site-wide keyword searching. Help Permissions Configure
Shortcut 7.18 Allows users to manage customizable lists of shortcut links. Help Permissions Configure
Statistics 7.18 Logs access statistics for your site.
Syslog 7.18 Logs and records system events to syslog.
System 7.18 Handles general site configuration for administrators.
Required by: Drupal
Help Permissions Configure
Taxonomy 7.18 Enables the categorization of content.
Requires: Options (enabled), Field (enabled), Field SQL storage (enabled)
Required by: Drupal (Field type(s) in use - see Field list), Forum (enabled), XML sitemap taxonomy (disabled)
Help Permissions Configure
Testing 7.18 Provides a framework for unit and functional testing.
Text 7.18 Defines simple text field types.
Requires: Field (enabled), Field SQL storage (enabled)
Required by: Drupal (Field type(s) in use - see Field list), Comment (enabled), Forum (enabled), Tracker (enabled)
Help
Toolbar 7.18 Provides a toolbar that shows the top-level administration menu items and links from other modules. Help Permissions
Tracker 7.18 Enables tracking of recent content for users.
Requires: Comment (enabled), Text (enabled), Field (enabled), Field SQL storage (enabled)
Help
Trigger 7.18 Enables actions to be fired on certain system events, such as when new content is created. Help Configure
Update manager 7.18 Checks for available updates, and can securely install or update modules and themes via a web interface. Help Configure
User 7.18 Manages the user registration and login system.
Required by: Drupal
Help Permissions Configure


Hide Chaos tool suite

Enabled Name Version Description Operations
Bulk Export 7.x-1.2 Performs bulk exporting of data objects known about by Chaos tools.
Requires: Chaos tools (enabled)
Chaos tools 7.x-1.2 A library of helpful tools by Merlin of Chaos.
Required by: Bulk Export (disabled), Custom rulesets (enabled), Chaos Tools (CTools) AJAX Example (disabled), Custom content panes (enabled), Panels (enabled), Page manager (enabled), Chaos Tools (CTools) Plugin Example (disabled), Views (enabled), Date Views (enabled), LDAP Views (disabled), Panels In-Place Editor (enabled), Mini panels (enabled), Panel nodes (enabled), Stylizer (enabled), Views content panes (enabled), Views Slideshow (disabled), Views Slideshow: Cycle (disabled), Views UI (enabled)
Help
Chaos Tools (CTools) AJAX Example 7.x-1.2 Shows how to use the power of Chaos AJAX.
Requires: Chaos tools (enabled)
Chaos Tools (CTools) Plugin Example 7.x-1.2 Shows how an external module can provide ctools plugins (for Panels, etc.).
Requires: Chaos tools (enabled), Panels (enabled), Page manager (enabled), Advanced help (enabled)
Custom content panes 7.x-1.2 Create custom, exportable, reusable content panes for applications like Panels.
Requires: Chaos tools (enabled)
Permissions
Custom rulesets 7.x-1.2 Create custom, exportable, reusable access rulesets for applications like Panels.
Requires: Chaos tools (enabled)
Permissions
Page manager 7.x-1.2 Provides a UI and API to manage pages within the site.
Requires: Chaos tools (enabled)
Required by: Chaos Tools (CTools) Plugin Example (disabled)
Help Permissions
Stylizer 7.x-1.2 Create custom styles for applications such as Panels.
Requires: Chaos tools (enabled), Color (enabled)
Permissions
Views content panes 7.x-1.2 Allows Views content to be used in Panels, Dashboard and other modules which use the CTools Content API.
Requires: Chaos tools (enabled), Views (enabled)


Hide Date/Time

Enabled Name Version Description Operations
Date 7.x-2.6 Makes date/time fields available.
Requires: Date API (enabled)
Required by: Date All Day (disabled), Date Context (disabled), Date Migration (disabled), Date Repeat Field (disabled), Date Migration Example (disabled), Date Tools (disabled)
Help
Date All Day 7.x-2.6 Adds 'All Day' functionality to date fields, including an 'All Day' theme and 'All Day' checkboxes for the Date select and Date popup widgets.
Requires: Date API (enabled), Date (enabled)
Date API 7.x-2.6 A Date API that can be used by other modules.
Required by: Date (enabled), Date All Day (disabled), Date Context (disabled), Date Migration (disabled), Date Repeat API (enabled), Date Repeat Field (disabled), Date Migration Example (disabled), Date Popup (enabled), Date Tools (disabled), Date Views (enabled)
Date Context 7.x-2.6 Adds an option to the Context module to set a context condition based on the value of a date field.
Requires: Date (enabled), Date API (enabled), Context (missing)
Date Migration 7.x-2.6 Provides support for importing into date fields with the Migrate module.
Requires: Migrate (missing), Date (enabled), Date API (enabled)
Required by: Date Migration Example (disabled)
Date Popup 7.x-2.6 Enables jquery popup calendars and time entry widgets for selecting dates and times.
Requires: Date API (enabled)
Help Configure
Date Repeat API 7.x-2.6 A Date Repeat API to calculate repeating dates and times from iCal rules.
Requires: Date API (enabled)
Required by: Date Repeat Field (disabled), Date Migration Example (disabled)
Date Repeat Field 7.x-2.6 Creates the option of Repeating date fields and manages Date fields that use the Date Repeat API.
Requires: Date API (enabled), Date (enabled), Date Repeat API (enabled)
Required by: Date Migration Example (disabled)
Date Tools 7.x-2.6 Tools to import and auto-create dates and calendars.
Requires: Date (enabled), Date API (enabled)
Date Views 7.x-2.6 Views integration for date fields and date functionality.
Requires: Date API (enabled), Views (enabled), Chaos tools (enabled)


Hide Fields

Enabled Name Version Description Operations
Link 7.x-1.0 Defines simple link field types.


Hide Lightweight Directory Access Protocol

Enabled Name Version Description Operations
LDAP Authentication Implements LDAP authentication
Requires: LDAP Servers (enabled), LDAP User Module (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled)
Required by: AD Common Use Cases (disabled), LDAP SSO (disabled)
Help Configure
LDAP Authorization Implements LDAP authorization (previously LDAP Groups)
Requires: LDAP Servers (enabled), LDAP User Module (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled)
Required by: LDAP Authorization - Drupal Roles (disabled), AD Common Use Cases (disabled), LDAP Authorization - OG (Organic Groups) (disabled)
LDAP Authorization - Drupal Roles Implements LDAP authorization for Drupal roles
Requires: LDAP Authorization (disabled), LDAP Servers (enabled), LDAP User Module (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled)
Required by: AD Common Use Cases (disabled)
LDAP Authorization - OG (Organic Groups) Implements LDAP authorization for Organic Groups
Requires: LDAP Authorization (disabled), LDAP Servers (enabled), LDAP User Module (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled), Og (missing)
LDAP Feeds Included feeds fetcher for a generic ldap query and ldap entry parser to turn fetcher data into feeds compatible parser result. Used to automate content creation based on ldap queries.
Requires: Feeds (missing), LDAP Servers (enabled), LDAP Query (disabled)
LDAP Help LDAP Help for configuration and reporting issues.
Requires: LDAP Servers (enabled), LDAP Test Module (disabled), Entity API (enabled)
Required by: AD Common Use Cases (disabled), Provision LDAP Users (disabled)
LDAP Query LDAP Query Builder and Storage for queries used by other ldap modules such as ldap feeds, ldap provision, etc
Requires: LDAP Servers (enabled)
Required by: LDAP Feeds (disabled), LDAP Views (disabled)
LDAP Servers Implements LDAP Server Configuration
Required by: LDAP User Module (enabled), LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), LDAP Test Module (disabled), LDAP Help (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP Query (disabled), LDAP Feeds (disabled), LDAP SSO (disabled), LDAP Views (disabled)
Help Configure
LDAP SSO Implements Single Sign On (SSO) LDAP Authentication
Requires: LDAP Servers (enabled), LDAP Authentication (enabled), LDAP User Module (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled)
LDAP Test Module Module for LDAP module for testing. Only for development and debugging purposes.
Requires: LDAP Servers (enabled), Entity API (enabled)
Required by: LDAP Help (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled)
LDAP User Module Module for ldap identified users. User may be associated via ldap authentication, ldap authorization, or from account provisioning. Configures synching of ldap entries to drupal user properties, fields and the opposite direction.
Requires: LDAP Servers (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled)
Required by: LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP SSO (disabled)
Help Configure
LDAP Views Implements LDAP integration with Views
Requires: LDAP Query (disabled), LDAP Servers (enabled), Views (enabled), Chaos tools (enabled)


Hide Mail

Enabled Name Version Description Operations
SMTP Authentication Support 7.x-1.0-beta2 Allow for site emails to be sent through an SMTP server of your choice. Help Permissions Configure


Hide Other

Enabled Name Version Description Operations
Advanced help 7.x-1.0 Allow advanced help and documentation.
Required by: Chaos Tools (CTools) Plugin Example (disabled), Advanced help example (disabled)
Help Permissions
Advanced help example 7.x-1.0 A example help module to demonstrate the advanced help module.
Requires: Advanced help (enabled)
Backup and Migrate 7.x-2.4 Backup or migrate the Drupal Database quickly and without unnecessary data. Help Permissions Configure
Entity API 7.x-1.0-rc3 Enables modules to work with any entity type and to provide entities.
Required by: Entity tokens (enabled), LDAP User Module (enabled), LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), LDAP Test Module (disabled), LDAP Help (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP SSO (disabled), Rules (enabled), Rules UI (enabled), Rules translation (disabled), Rules Scheduler (enabled)
Help
Entity tokens 7.x-1.0-rc3 Provides token replacements for all properties that have no tokens and are known to the entity API.
Requires: Entity API (enabled)
Required by: Rules (enabled), Rules UI (enabled), Rules translation (disabled), Rules Scheduler (enabled)
Help
Libraries 7.x-2.0 Allows version dependent and shared usage of external libraries.
Required by: Views Slideshow: Cycle (disabled)
Pathauto 7.x-1.2 Provides a mechanism for modules to automatically generate aliases for the content they manage.
Requires: Path (enabled), Token (enabled)
Help Permissions Configure
Token 7.x-1.4 Provides a user interface for the Token API and some missing core tokens.
Required by: Pathauto (enabled)
Help


Hide Panels

Enabled Name Version Description Operations
Mini panels 7.x-3.3 Create mini panels that can be used as blocks by Drupal and panes by other panel modules.
Requires: Panels (enabled), Chaos tools (enabled)
Permissions
Panel nodes 7.x-3.3 Create nodes that are divided into areas with selectable content.
Requires: Panels (enabled), Chaos tools (enabled)
Permissions Configure
Panels 7.x-3.3 Core Panels display functions; provides no external UI, at least one other Panels module should be enabled.
Requires: Chaos tools (enabled)
Required by: Chaos Tools (CTools) Plugin Example (disabled), Panels In-Place Editor (enabled), Mini panels (enabled), Panel nodes (enabled)
Help Permissions Configure
Panels In-Place Editor 7.x-3.3 Provide a UI for managing some Panels directly on the frontend, instead of having to use the backend.
Requires: Panels (enabled), Chaos tools (enabled)
Configure


Hide Printer, email and PDF versions

Enabled Name Version Description Operations
PDF version 7.x-1.2 Adds the capability to export pages as PDF.
Requires: Printer-friendly pages (enabled)
Permissions Configure
Printer-friendly pages 7.x-1.2 Adds a printer-friendly version link to content and administrative pages.
Required by: Send by email (enabled), PDF version (enabled)
Help Permissions Configure
Send by email 7.x-1.2 Provides the capability to send the web page by email
Requires: Printer-friendly pages (enabled)
Permissions Configure


Hide Rules

Enabled Name Version Description Operations
Rules 7.x-2.2 React on events and conditionally evaluate actions.
Requires: Entity tokens (enabled), Entity API (enabled)
Required by: Rules UI (enabled), Rules translation (disabled), Rules Scheduler (enabled)
Help Permissions Configure
Rules Scheduler 7.x-2.2 Schedule the execution of Rules components using actions.
Requires: Rules (enabled), Entity tokens (enabled), Entity API (enabled)
Configure
Rules UI 7.x-2.2 Administrative interface for managing rules.
Requires: Rules (enabled), Entity tokens (enabled), Entity API (enabled)


Hide User interface

Enabled Name Version Description Operations
IMCE Wysiwyg API bridge 7.x-1.0 Makes IMCE available as plugin for client-side editors integrated via Wysiwyg API.
Requires: IMCE (disabled), Wysiwyg (disabled)
jQuery Update 7.x-2.2 Updates jQuery to jQuery 1.5.2 and jQuery UI 1.8.11. Help Configure
Wysiwyg 7.x-2.2 Allows to edit content with client-side editors.
Required by: IMCE Wysiwyg API bridge (disabled)


Hide Views

Enabled Name Version Description Operations
Views 7.x-3.5 Create customized lists and queries from your database.
Requires: Chaos tools (enabled)
Required by: Date Views (enabled), LDAP Views (disabled), Views content panes (enabled), Views Slideshow (disabled), Views Slideshow: Cycle (disabled), Views UI (enabled)
Help Permissions
Views Slideshow 7.x-3.0 Provides a View style that displays rows as a jQuery slideshow. This is an API and requires Views Slideshow Cycle or another module that supports the API.
Requires: Views (enabled), Chaos tools (enabled)
Required by: Views Slideshow: Cycle (disabled)
Views Slideshow: Cycle 7.x-3.0 Adds a Rotating slideshow mode to Views Slideshow.
Requires: Views Slideshow (disabled), Views (enabled), Chaos tools (enabled), Libraries (disabled)
Views UI 7.x-3.5 Administrative interface to views. Without this module, you cannot create or edit your views.
Requires: Views (enabled), Chaos tools (enabled)
Configure


Hide Webform

Enabled Name Version Description Operations
Webform 7.x-3.18 Enables the creation of forms and questionnaires. Help Permissions Configure


Hide XML sitemap

Enabled Name Version Description Operations
XML sitemap 7.x-2.0-rc2 Creates an XML sitemap conforming to the sitemaps.org protocol.
Required by: XML sitemap custom (disabled), XML sitemap engines (disabled), XML sitemap internationalization (disabled), XML sitemap menu (disabled), XML sitemap node (disabled), XML sitemap taxonomy (disabled), XML sitemap user (disabled)
XML sitemap custom 7.x-2.0-rc2 Adds user configurable links to the sitemap.
Requires: XML sitemap (disabled)
XML sitemap engines 7.x-2.0-rc2 Submit the sitemap to search engines.
Requires: XML sitemap (disabled)
XML sitemap internationalization 7.x-2.0-rc2 Enables multilingual XML sitemaps.
Requires: XML sitemap (disabled), I18n (missing)
XML sitemap menu 7.x-2.0-rc2 Adds menu item links to the sitemap.
Requires: XML sitemap (disabled), Menu (enabled)
XML sitemap node 7.x-2.0-rc2 Adds content links to the sitemap.
Requires: XML sitemap (disabled)
XML sitemap taxonomy 7.x-2.0-rc2 Add taxonomy term links to the sitemap.
Requires: XML sitemap (disabled), Taxonomy (enabled), Options (enabled), Field (enabled), Field SQL storage (enabled)
XML sitemap user 7.x-2.0-rc2 Adds user profile links to the sitemap.
Requires: XML sitemap (disabled)

gwfran’s picture

Okay, what I've done is uninstall 2.x-dev and install 1.0-beta12. Now the creation of users works perfectly, but downgrading has resulted in an issue where logging in takes the user to a blank page (500 error). I think I've got a better chance of troubleshooting this error than the other one. Not sure if that analysis helps, but it's another benchmark...

[UPDATE] The 500 error was stupid. Checked the logs and it was a conflict between the ldap directory and a backup I had. Removed the backup and no error. Everything is working fine in 1.0-beta12 for me.

johnbarclay’s picture

Priority: Critical » Normal

Can someone try to replicate this on the current 7.x-2.x-dev?

johnbarclay’s picture

Status: Active » Postponed (maintainer needs more info)
u.kurilla’s picture

I have tried and could replicate this on the current 7.x-2.x-dev (and on 7.x-2.0-beta3)
There is only one ldap generated drupal user possible. Every new login overwrites previous user data, apart from data not triggered from ldap (e.g. group, which is not in ldap).
In this context i found, that setting "AccountName attribute" in the server settings to a different value than default (e.g. "uid", which exists in ldap) causes a php error message:

Notice: Undefined index: uid in LdapServer->userUsernameFromLdapEntry() (line 965 of /var/www/drupal-sites/drupal7/panda/modules/ldap/ldap_servers/LdapServer.class.php).

Anyhow, the user is generated and logged in.
I am not sure, if there is a relationship between the routines.....

u.kurilla’s picture

Priority: Normal » Major
Status: Postponed (maintainer needs more info) » Active

The issue makes the ldap module not usable for me, due to functional, but also for security reasons. Therefore i have changed the prio and the status.

johnbarclay’s picture

Title: LDAP Authentication: Logged in user has identity changed when another user logs in... » LDAP Servers: Logged in user has identity changed when another user logs in...
Priority: Major » Critical
Status: Active » Needs review

I see an obvious bug, that might cause this or at least obfuscate the issue. I've committed the fix: http://drupalcode.org/project/ldap.git/commitdiff/4e4f4b28e57506bc73a901...

And some more checks for unresolved usernames:
http://drupalcode.org/project/ldap.git/commitdiff/e7310d04c9e3b089951661...

Additional checks could be made after any calls to LdapServer::entryToUserEdit() that return conflicted username conditions such as both $account->name and $edit['name'] being empty.

Please try this out; its committed to 7.x-2.x-dev.

u.kurilla’s picture

Title: LDAP Servers: Logged in user has identity changed when another user logs in... » LDAP Authentication: Logged in user has identity changed when another user logs in...
Priority: Critical » Normal
Status: Needs review » Active

I have rechecked with a fresh drupal installation using only ldap module (+ctools +entity) and no problems occured! I will try to find out which combination cause the trouble......

u.kurilla’s picture

I found the reason for the problem and it is - like in most cases - a layer 8 problem. So the user - ME! - was too stupid. During ldap server module config i came along the parameter:

Persistent and Unique User ID Attribute

The description is:
In some LDAPs, a user's DN, CN, or mail value may change when a user's name changes or for other reasons. In order to avoid creation of multiple accounts for that user or other ambiguities, enter a unique and persistent ldap attribute for users. In cases where DN does not change, enter "dn" here. If no such attribute exists, leave this blank.

And i misunderstood the advice and entered "dn" here. If you do so, you will only get one ldap generated drupal user. Leave that parameter blank and everything is okay (tested with 7.x-2.0-beta3+80-dev)!

So if that is the planned behaviour i suggest to change the ticket status to fixed and close it. :-)

johnbarclay’s picture

#17. Using dn should not create a problem except if an individual's DN changes. So if using "dn" creates the problem, its still an issue. Thanks for narrowing it down. I will try to replicate it with dn.

johnbarclay’s picture

Status: Active » Postponed (maintainer needs more info)

Can someone try to replicate this in 7.x-2.x-dev? I cannot even using "dn" as puid.

johnbarclay’s picture

Status: Postponed (maintainer needs more info) » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

pabloroberto27’s picture

Version: 7.x-2.x-dev » 7.x-2.0-beta5
Status: Closed (fixed) » Active

I am having the same problem in my site.

When two users log in, the second overrides the first user Drupal account. I'm working with the 2.x beta 5 version, maybe the problem persist, but because of the little number of cases I think it belongs from my configuration.

To be sure, when using "dn" in the "Persistent and Unique User ID Attribute" field is it necessary to fill the field "Expression for user DN. Required when "Bind with Users Credentials" method selected."?

In the reports, the user module shows an error since it's enabled, maybe is related to this:

User Fields for LDAP User Module Missing
Fields are added to the Drupal User entity for LDAP User module functionality. These fields should have been created in LDAP User update 7203. The following userfields are missing:
ldap_user_prov_entries instance
ldap_user_last_checked
ldap_user_last_checked instance
ldap_user_ldap_exclude
ldap_user_ldap_exclude instance
Rerun update 7203 to correct this; it will not write over destroy existing fields.

Thank you.

johnbarclay’s picture

Version: 7.x-2.0-beta5 » 7.x-2.x-dev

Please only test against -dev; not beta versions.

chrowe’s picture

No luck yet. I am working with an existing site and can't start from scratch though

Base Case
Test: 7.x-2.0-beta5
Result: same as reported in this issue

Test #1
Test: Using 7.x-2.0-beta5 I tried the solution from #17 and removed 'dn' from the 'Persistent and Unique User ID Attribute' field.
Result: The effect this had was to stop new users from being created. I could log in with existing accounts but accounts not already in Drupal where not recognized.

Test #2
Test: dev on top of beta5
$ drush dl ldap --dev
$ drush updb
ldap_authorization module : 7204 - make all schema field names lowercase in ldap server to deal with cronic case sensitivity issues
$ drush cc all
$ drush cron
Result: no change from Base Case

Test #3
Test: disable/enable
$ drush dis ldap_servers
$ drush en ldap_servers, ldap_user, ldap_authentication, ldap_authorization, ldap_authorization_drupal_role, ldap_test, ldap_help

JustJenFelice’s picture

Version: 7.x-2.x-dev » 7.x-2.0-beta6

We were still experiencing this issue with LDAP Authentication on our site as well. Removing the "dn" entry under Persistent and Unique User ID Attribute alleviated the problem with user accounts being overwritten, but we're still attempting to delve deeper into why this problem was happening in the first place. It doesn't seem reasonable that the settings under "Persistent and Unique User ID Attribute" should allow the partial overwrite of user accounts. In our case, when attempting to authenticate and create a second user account, the previously created Username (User1) was not being updated, only the associated email was changing from User1's email to User2's. Very weird.

johnbarclay’s picture

Version: 7.x-2.0-beta6 » 7.x-2.x-dev
Issue summary: View changes
johnbarclay’s picture

Status: Active » Postponed (maintainer needs more info)

I ran across this in helping someone with their configuration. To create or update drupal entries, the server configuration needs to both derive a matching username and store a permanent user id. Test a sample user to make sure this is the case and that these derived values are unique. dn is not a good attribute for the unique attribute. cn may be if you never change them for users.

To continue on with this as a bug, the following is needed:

- mappings for username, authname, and permanent user id
- an example of two ldap entries where this conflict occurs (anonymized).

nielsvoo’s picture

Thanks #17 fixed it for me.... just deleted "dn"

stevecory’s picture

How to reproduce this problem:

1) An end user, Edgar Kelly, chooses a username of ekelly.
2) Edgar selects "Create new account” with Username: ekelly and Email address: edgar.kelly@nih.org
3) After being prompted by email, the administrator edits the user profile from Blocked to Active.
4) The Drupal server sends email to edgar.kelly@nih.org with a set password link.

Note: The LDAP User to Drupal User Relationship has:
Base DNs for LDAP users, groups, and other entries. ("ou=people,dc=unc, dc=edu")
AuthName attribute (uid)
Email attribute (mail)
Expression for user DN. Required when "Bind with Users Credentials" method selected. (ou=people,dc=unc, dc=edu)

Also, The Password Reset Landing Page (PRLP) module is installed and active

5) Edgar signs on with his password & confirmation.
6) The LDAP module checks the server in the configuration and matches the username.
7) The Firstname, Lastname and Email are modified to "Erin", "Kelly", " ekelly@unc.edu" which is what is on the server in the configuration.

What should the settings be to avoid the email with the change password link getting sent?

generalredneck’s picture

So I'm another one that has had this problem. If you want to team up, I can reproduce this issue on a site I'm working on for a client. If you want I can do evening and weekends for getting together and we can do a hangout or join.me or something. #17 worked for me too. I may take a crack at seeing what the down low is. Frankly the module only queries for dn mail samaccountname memberof (last one after a patch). So if you want an email with some of these items I can send it your way as I doubt you will got mailing these 3 test users that my client has. If you need other parameters, that's cool too. I can give you a list of what I have accessable and my settings and we can go from there. I'll give you a heads up if I find out the cause before then as well.

Satyanath Shankaran’s picture

I am facing the same issue. I have created 3 users in LDAP and only admin in Drupal. I have set the settings same as the first poster. When I login as one user it works fine. When I login as second user and go to My Account I get first users details. Now when I log out and login as third user and go to My Account I get the second user details. This continues. So the My account shows the previous user rather than the current one. I have also given dn as the puid. I have not yet changed it. But will try changing.

I am using LDAP authentication module version 7.x-2.0-beta8.

If you need any help in debugging this issue I can help. Unfortunately with this issue the LDAP module is unusable for me.

UPDATE: I am pasting some portion of the log which shows the username change. You can see in the log that the user name used to log in is mahesh (cn = mahesh). but later it changes to cn=satyanath and even the session is opened for satyanath. I further put in lot of debug messages and narrowed down the issue to the statement. In this the username changes to satyanath. The drupal account value at the time of this call is proper.

$drupal_account = user_save($drupal_account, $user_edit, 'ldap_user');

This is under section VI A in the code.

Log follows:

2015-07-15T06:14:06.396604+00:00 pfiserver slapd[10434]: conn=1210 op=1 SRCH base="ou=people,dc=pfiacademy,dc=net" scope=2 deref=0 filter="(cn=mahesh)"
2015-07-15T06:14:06.396766+00:00 pfiserver slapd[10434]: conn=1210 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
2015-07-15T06:14:06.401163+00:00 pfiserver slapd[10434]: conn=1210 op=2 BIND anonymous mech=implicit ssf=0
2015-07-15T06:14:06.401330+00:00 pfiserver slapd[10434]: conn=1210 op=2 BIND dn="cn=mahesh,ou=people,dc=pfiacademy,dc=net" method=128
2015-07-15T06:14:06.401469+00:00 pfiserver slapd[10434]: conn=1210 op=2 BIND dn="cn=mahesh,ou=people,dc=pfiacademy,dc=net" mech=SIMPLE ssf=0
2015-07-15T06:14:06.401602+00:00 pfiserver slapd[10434]: conn=1210 op=2 RESULT tag=97 err=0 text=
2015-07-15T06:14:06.401998+00:00 pfiserver slapd[10434]: conn=1210 op=3 UNBIND
2015-07-15T06:14:06.402151+00:00 pfiserver slapd[10434]: conn=1210 fd=17 closed
2015-07-15T06:14:06.404997+00:00 pfiserver drupal: http://www.pfiacademy.net/courses|1436940846|ldap_authentication|117.192.181.149|http://www.pfiacademy.net/courses/node?destination=node|http://www.pfiacademy.net/courses/|0||mahesh : Authentication result id=0 auth_result=6 (Success.)
2015-07-15T06:14:06.412058+00:00 pfiserver drupal: http://www.pfiacademy.net/courses|1436940846|ldap_server|117.192.181.149|http://www.pfiacademy.net/courses/node?destination=node|http://www.pfiacademy.net/courses/|0||ldap_search() call: base_dn: ou=people,dc=pfiacademy,dc=net,#012filter = (cn=satyanath),#012attributes: dn,mail,,cn,#012attrsonly = 0,#012sizelimit = 0,#012timelimit = 0,#012deref = ,#012scope = 3
2015-07-15T06:14:06.412643+00:00 pfiserver slapd[10434]: conn=1211 fd=17 ACCEPT from IP=[::1]:49529 (IP=[::]:389)
2015-07-15T06:14:06.413001+00:00 pfiserver slapd[10434]: conn=1211 op=0 BIND dn="cn=Manager,dc=pfiacademy,dc=net" method=128
2015-07-15T06:14:06.413324+00:00 pfiserver slapd[10434]: conn=1211 op=0 BIND dn="cn=Manager,dc=pfiacademy,dc=net" mech=SIMPLE ssf=0
2015-07-15T06:14:06.413471+00:00 pfiserver slapd[10434]: conn=1211 op=0 RESULT tag=97 err=0 text=
2015-07-15T06:14:06.413903+00:00 pfiserver slapd[10434]: conn=1211 op=1 SRCH base="ou=people,dc=pfiacademy,dc=net" scope=2 deref=0 filter="(cn=satyanath)"
2015-07-15T06:14:06.414059+00:00 pfiserver slapd[10434]: conn=1211 op=1 SRCH attr=dn mail 1.1 cn
2015-07-15T06:14:06.414192+00:00 pfiserver slapd[10434]: conn=1211 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
2015-07-15T06:14:06.463703+00:00 pfiserver drupal: http://www.pfiacademy.net/courses|1436940846|ldap_server|117.192.181.149|http://www.pfiacademy.net/courses/node?destination=node|http://www.pfiacademy.net/courses/|0||ldap_search() call: base_dn: ou=people,dc=pfiacademy,dc=net,#012filter = (cn=satyanath),#012attributes: dn,mail,,cn,#012attrsonly = 0,#012sizelimit = 0,#012timelimit = 0,#012deref = ,#012scope = 3
2015-07-15T06:14:06.464582+00:00 pfiserver slapd[10434]: conn=1211 op=2 SRCH base="ou=people,dc=pfiacademy,dc=net" scope=2 deref=0 filter="(cn=satyanath)"
2015-07-15T06:14:06.464766+00:00 pfiserver slapd[10434]: conn=1211 op=2 SRCH attr=dn mail 1.1 cn
2015-07-15T06:14:06.464911+00:00 pfiserver slapd[10434]: conn=1211 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
2015-07-15T06:14:06.496200+00:00 pfiserver drupal: http://www.pfiacademy.net/courses|1436940846|user|117.192.181.149|http://www.pfiacademy.net/courses/node?destination=node|http://www.pfiacademy.net/courses/|44||Session opened for satyanath.
2015-07-15T06:14:06.504182+00:00 pfiserver drupal: http://www.pfiacademy.net/courses|1436940846|ldap_server|117.192.181.149|http://www.pfiacademy.net/courses/node?destination=node|http://www.pfiacademy.net/courses/|44||ldap_search() call: base_dn: ou=people,dc=pfiacademy,dc=net,#012filter = (cn=satyanath),#012attributes: dn,mail,,cn,#012attrsonly = 0,#012sizelimit = 0,#012timelimit = 0,#012deref = ,#012scope = 3
2015-07-15T06:14:06.504781+00:00 pfiserver slapd[10434]: conn=1211 op=3 SRCH base="ou=pe

sashkernel’s picture

Removing "DN" fixed my issue. I had exact same problem as #5

  • johnbarclay committed 4e4f4b2 on 8.x-3.x
    Issue #1899336: Error in account_name_attr code where AccountName...
  • johnbarclay committed e7310d0 on 8.x-3.x
    Issue #1899336: follow up with more error catching
    
khu’s picture

Ran into same issue when entering dn as puid.

Upon investigation it turns out that the function responsible for retrieving puid from ldap entry assumes the attribute set is multi-valued, which then returns the first char of the DN string when DN is set as the puid attr.

This causes all ldap users to have the same puid ("c") which then overwrite each other's user account data.

Patch attached to account for single-valued ldap attr set as puid attr.

khu’s picture

Status: Postponed (maintainer needs more info) » Needs review

Status: Needs review » Needs work

The last submitted patch, 34: ldap_servers-fix_for_single_value_puid_attr-1899336-34.patch, failed testing.

grahl’s picture

Status: Needs work » Needs review

  • grahl committed ca882f0 on 7.x-2.x authored by khu
    Issue #1899336 by khu: LDAP Authentication:  Logged in user has identity...
grahl’s picture

Status: Needs review » Fixed

Wow, thanks for tracking that down khu.

Committing this without verification since the description is clear, problem is known and real and side-effects are basically non-existing.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.