User A logs in successful against the AD server. User B then logs in successfully on a separate computer. User A looks at his account via the "My Account" link and is now logged in as User B.

Under Servers, we are using a Service Account Bind, AuthName/AccountName is "SAMAccountName", Email Attribute is "UserPrincipalName", Unique User ID Attribute is "dn", Expression for user DN is "cn=%username,%basedn".

Under User, we "Show option on user create form to determine how account conflict is resolved", "Create or Sync to Drupal user anytime a Drupal user account is created or updated. Requires a server with binding method of "Service Account Bind" or "Anonymous Bind", "Associate Drupal Account with the LDAP entry", "Account creation settings at /admin/config/people/accounts/settings do not affect LDAP Associated Drupal accounts", "Do not check for orphaned Drupal accounts".

Authentication settings are "Only LDAP Authentication is allowed except for user 1", "Show disabled email field on usr forms...", and "Update stored email if LDAP email differs at login but don't notify user."

Thanks for any help you can lend!

Comments

More info: In the Admin section, it looks like User 2 in the People list changes from User A to User B any time a new user successfully logs in.

Title:Logged in user has identity changed when another user logs in...LDAP Authentication: Logged in user has identity changed when another user logs in...
Status:Active» Postponed (maintainer needs more info)

Do user A and B have different Drupal UIDs, LDAP PUIDs, and different Drupal usernames?
What happens if you convert user A and user B to drupal accounts and repeat the same process with LDAP disabled?

Can you test against 7.x-2.0-dev please also?

User A was created in Drupal and was then matched up to the corresponding LDAP user entry. User B was never created in Drupal but exists in the LDAP. User A and B have different PUIDs within LDAP. I'll load 7.x-2.0-dev ASAP.

Thanks for your rapid jump on this!

Using the 7.x-2.0-dev did not help. I get the following error now: "Notice: Undefined variable: ldap_authentication_authmap in _ldap_authentication_user_login_authenticate_validate() (line 507 of /usr/share/drupal7/modules/ldap/ldap_authentication/ldap_authentication.inc)."

I also have this problem. Let's say I have only the admin drupal account. When I am trying to log in with an LDAP testing account, it goes in with no problems. When I log out and try to log in with a second LDAP testing account, it logs in, but the username of the first testing account overwrites the second one. The email stays the same. And the error with "Undefined variable: ldap_authentication_authmap" prints out.

Status:Postponed (maintainer needs more info)» Active

I refactored the ldap authentication validation function completely to get more insight into this. It was unwieldy in length and branching. See http://drupalcode.org/project/ldap.git/commitdiff/048aa7423a085548261c7f...

The undefined variable issue is fixed. I still can't reproduce the error. It may be solved, maybe not.

Do you mind trying to reproduce again with http://drupalcode.org/project/ldap.git/snapshot/048aa7423a085548261c7f29...
?

Version:7.x-2.0-beta3» 7.x-2.x-dev

Tried the variable fix - that definitely removed the error message. However, the user issue remains. Here's a list of all the modules I have installed in case there might be a conflict...

Hide Core

Enabled Name Version Description Operations
Aggregator 7.18 Aggregates syndicated content (RSS, RDF, and Atom feeds).
Block 7.18 Controls the visual building blocks a page is constructed with. Blocks are boxes of content rendered into an area, or region, of a web page.Required by: Dashboard (enabled) Help Permissions Configure
Blog 7.18 Enables multi-user blogs. Help
Book 7.18 Allows users to create and organize related content in an outline. Help Permissions Configure
Color 7.18 Allows administrators to change the color scheme of compatible themes.Required by: Stylizer (enabled) Help
Comment 7.18 Allows users to comment on and discuss published content.Requires: Text (enabled), Field (enabled), Field SQL storage (enabled)Required by: Forum (enabled), Tracker (enabled) Help Permissions Configure
Contact 7.18 Enables the use of both personal and site-wide contact forms.
Content translation 7.18 Allows content to be translated into different languages.Requires: Locale (disabled)
Contextual links 7.18 Provides contextual links to perform actions related to elements on a page. Help Permissions
Dashboard 7.18 Provides a dashboard page in the administrative interface for organizing administrative tasks and tracking information within your site.Requires: Block (enabled) Help Permissions Configure
Database logging 7.18 Logs and records system events to the database. Help
Field 7.18 Field API to add fields to entities like nodes and users.Requires: Field SQL storage (enabled), Field (enabled)Required by: Drupal, Field SQL storage (enabled), Field (enabled), Text (enabled), Comment (enabled), Field UI (enabled), File (enabled), Options (enabled), Taxonomy (enabled), Forum (enabled), Image (enabled), Number (enabled), LDAP User Module (enabled), LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP SSO (disabled), List (enabled), Tracker (enabled), XML sitemap taxonomy (disabled) Help
Field SQL storage 7.18 Stores field data in an SQL database.Requires: Field (enabled), Field SQL storage (enabled)Required by: Drupal, Field SQL storage (enabled), Field (enabled), Text (enabled), Comment (enabled), Field UI (enabled), File (enabled), Options (enabled), Taxonomy (enabled), Forum (enabled), Image (enabled), Number (enabled), LDAP User Module (enabled), LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP SSO (disabled), List (enabled), Tracker (enabled), XML sitemap taxonomy (disabled) Help
Field UI 7.18 User interface for the Field API.Requires: Field (enabled), Field SQL storage (enabled) Help
File 7.18 Defines a file field type.Requires: Field (enabled), Field SQL storage (enabled)Required by: Image (enabled) Help
Filter 7.18 Filters content in preparation for display.Required by: Drupal Help Permissions Configure
Forum 7.18 Provides discussion forums.Requires: Taxonomy (enabled), Options (enabled), Field (enabled), Field SQL storage (enabled), Comment (enabled), Text (enabled) Help Permissions Configure
Help 7.18 Manages the display of online help. Help
Image 7.18 Provides image manipulation tools.Requires: File (enabled), Field (enabled), Field SQL storage (enabled) Help Permissions Configure
List 7.18 Defines list field types. Use with Options to create selection lists.Requires: Field (enabled), Field SQL storage (enabled), Options (enabled) Help
Locale 7.18 Adds language handling functionality and enables the translation of the user interface to languages other than English.Required by: Content translation (disabled)
Menu 7.18 Allows administrators to customize the site navigation menu.Required by: XML sitemap menu (disabled) Help Permissions Configure
Node 7.18 Allows content to be submitted to the site and displayed on pages.Required by: Drupal Help Permissions Configure
Number 7.18 Defines numeric field types.Requires: Field (enabled), Field SQL storage (enabled)Required by: Drupal (Field type(s) in use - see Field list), LDAP User Module (enabled), LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP SSO (disabled) Help
OpenID 7.18 Allows users to log into your site using OpenID.
Options 7.18 Defines selection, check box and radio button widgets for text and numeric fields.Requires: Field (enabled), Field SQL storage (enabled)Required by: Taxonomy (enabled), Forum (enabled), List (enabled), XML sitemap taxonomy (disabled) Help
Overlay 7.18 Displays the Drupal administration interface in an overlay. Help Permissions
Path 7.18 Allows users to rename URLs.Required by: Pathauto (enabled) Help Permissions Configure
PHP filter 7.18 Allows embedded PHP code/snippets to be evaluated. Help Permissions
Poll 7.18 Allows your site to capture votes on different topics in the form of multiple choice questions.
RDF 7.18 Enriches your content with metadata to let other applications (e.g. search engines, aggregators) better understand its relationships and attributes.
Search 7.18 Enables site-wide keyword searching. Help Permissions Configure
Shortcut 7.18 Allows users to manage customizable lists of shortcut links. Help Permissions Configure
Statistics 7.18 Logs access statistics for your site.
Syslog 7.18 Logs and records system events to syslog.
System 7.18 Handles general site configuration for administrators.Required by: Drupal Help Permissions Configure
Taxonomy 7.18 Enables the categorization of content.Requires: Options (enabled), Field (enabled), Field SQL storage (enabled)Required by: Drupal (Field type(s) in use - see Field list), Forum (enabled), XML sitemap taxonomy (disabled) Help Permissions Configure
Testing 7.18 Provides a framework for unit and functional testing.
Text 7.18 Defines simple text field types.Requires: Field (enabled), Field SQL storage (enabled)Required by: Drupal (Field type(s) in use - see Field list), Comment (enabled), Forum (enabled), Tracker (enabled) Help
Toolbar 7.18 Provides a toolbar that shows the top-level administration menu items and links from other modules. Help Permissions
Tracker 7.18 Enables tracking of recent content for users.Requires: Comment (enabled), Text (enabled), Field (enabled), Field SQL storage (enabled) Help
Trigger 7.18 Enables actions to be fired on certain system events, such as when new content is created. Help Configure
Update manager 7.18 Checks for available updates, and can securely install or update modules and themes via a web interface. Help Configure
User 7.18 Manages the user registration and login system.Required by: Drupal Help Permissions Configure

Hide Chaos tool suite

Enabled Name Version Description Operations
Bulk Export 7.x-1.2 Performs bulk exporting of data objects known about by Chaos tools.Requires: Chaos tools (enabled)
Chaos tools 7.x-1.2 A library of helpful tools by Merlin of Chaos.Required by: Bulk Export (disabled), Custom rulesets (enabled), Chaos Tools (CTools) AJAX Example (disabled), Custom content panes (enabled), Panels (enabled), Page manager (enabled), Chaos Tools (CTools) Plugin Example (disabled), Views (enabled), Date Views (enabled), LDAP Views (disabled), Panels In-Place Editor (enabled), Mini panels (enabled), Panel nodes (enabled), Stylizer (enabled), Views content panes (enabled), Views Slideshow (disabled), Views Slideshow: Cycle (disabled), Views UI (enabled) Help
Chaos Tools (CTools) AJAX Example 7.x-1.2 Shows how to use the power of Chaos AJAX.Requires: Chaos tools (enabled)
Chaos Tools (CTools) Plugin Example 7.x-1.2 Shows how an external module can provide ctools plugins (for Panels, etc.).Requires: Chaos tools (enabled), Panels (enabled), Page manager (enabled), Advanced help (enabled)
Custom content panes 7.x-1.2 Create custom, exportable, reusable content panes for applications like Panels.Requires: Chaos tools (enabled) Permissions
Custom rulesets 7.x-1.2 Create custom, exportable, reusable access rulesets for applications like Panels.Requires: Chaos tools (enabled) Permissions
Page manager 7.x-1.2 Provides a UI and API to manage pages within the site.Requires: Chaos tools (enabled)Required by: Chaos Tools (CTools) Plugin Example (disabled) Help Permissions
Stylizer 7.x-1.2 Create custom styles for applications such as Panels.Requires: Chaos tools (enabled), Color (enabled) Permissions
Views content panes 7.x-1.2 Allows Views content to be used in Panels, Dashboard and other modules which use the CTools Content API.Requires: Chaos tools (enabled), Views (enabled)

Hide Date/Time

Enabled Name Version Description Operations
Date 7.x-2.6 Makes date/time fields available.Requires: Date API (enabled)Required by: Date All Day (disabled), Date Context (disabled), Date Migration (disabled), Date Repeat Field (disabled), Date Migration Example (disabled), Date Tools (disabled) Help
Date All Day 7.x-2.6 Adds 'All Day' functionality to date fields, including an 'All Day' theme and 'All Day' checkboxes for the Date select and Date popup widgets.Requires: Date API (enabled), Date (enabled)
Date API 7.x-2.6 A Date API that can be used by other modules.Required by: Date (enabled), Date All Day (disabled), Date Context (disabled), Date Migration (disabled), Date Repeat API (enabled), Date Repeat Field (disabled), Date Migration Example (disabled), Date Popup (enabled), Date Tools (disabled), Date Views (enabled)
Date Context 7.x-2.6 Adds an option to the Context module to set a context condition based on the value of a date field.Requires: Date (enabled), Date API (enabled), Context (missing)
Date Migration 7.x-2.6 Provides support for importing into date fields with the Migrate module.Requires: Migrate (missing), Date (enabled), Date API (enabled)Required by: Date Migration Example (disabled)
Date Popup 7.x-2.6 Enables jquery popup calendars and time entry widgets for selecting dates and times.Requires: Date API (enabled) Help Configure
Date Repeat API 7.x-2.6 A Date Repeat API to calculate repeating dates and times from iCal rules.Requires: Date API (enabled)Required by: Date Repeat Field (disabled), Date Migration Example (disabled)
Date Repeat Field 7.x-2.6 Creates the option of Repeating date fields and manages Date fields that use the Date Repeat API.Requires: Date API (enabled), Date (enabled), Date Repeat API (enabled)Required by: Date Migration Example (disabled)
Date Tools 7.x-2.6 Tools to import and auto-create dates and calendars.Requires: Date (enabled), Date API (enabled)
Date Views 7.x-2.6 Views integration for date fields and date functionality.Requires: Date API (enabled), Views (enabled), Chaos tools (enabled)

Hide Fields

Enabled Name Version Description Operations
Link 7.x-1.0 Defines simple link field types.

Hide Lightweight Directory Access Protocol

Enabled Name Version Description Operations
LDAP Authentication Implements LDAP authenticationRequires: LDAP Servers (enabled), LDAP User Module (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled)Required by: AD Common Use Cases (disabled), LDAP SSO (disabled) Help Configure
LDAP Authorization Implements LDAP authorization (previously LDAP Groups)Requires: LDAP Servers (enabled), LDAP User Module (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled)Required by: LDAP Authorization - Drupal Roles (disabled), AD Common Use Cases (disabled), LDAP Authorization - OG (Organic Groups) (disabled)
LDAP Authorization - Drupal Roles Implements LDAP authorization for Drupal rolesRequires: LDAP Authorization (disabled), LDAP Servers (enabled), LDAP User Module (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled)Required by: AD Common Use Cases (disabled)
LDAP Authorization - OG (Organic Groups) Implements LDAP authorization for Organic GroupsRequires: LDAP Authorization (disabled), LDAP Servers (enabled), LDAP User Module (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled), Og (missing)
LDAP Feeds Included feeds fetcher for a generic ldap query and ldap entry parser to turn fetcher data into feeds compatible parser result. Used to automate content creation based on ldap queries.Requires: Feeds (missing), LDAP Servers (enabled), LDAP Query (disabled)
LDAP Help LDAP Help for configuration and reporting issues.Requires: LDAP Servers (enabled), LDAP Test Module (disabled), Entity API (enabled)Required by: AD Common Use Cases (disabled), Provision LDAP Users (disabled)
LDAP Query LDAP Query Builder and Storage for queries used by other ldap modules such as ldap feeds, ldap provision, etcRequires: LDAP Servers (enabled)Required by: LDAP Feeds (disabled), LDAP Views (disabled)
LDAP Servers Implements LDAP Server ConfigurationRequired by: LDAP User Module (enabled), LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), LDAP Test Module (disabled), LDAP Help (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP Query (disabled), LDAP Feeds (disabled), LDAP SSO (disabled), LDAP Views (disabled) Help Configure
LDAP SSO Implements Single Sign On (SSO) LDAP AuthenticationRequires: LDAP Servers (enabled), LDAP Authentication (enabled), LDAP User Module (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled)
LDAP Test Module Module for LDAP module for testing. Only for development and debugging purposes.Requires: LDAP Servers (enabled), Entity API (enabled)Required by: LDAP Help (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled)
LDAP User Module Module for ldap identified users. User may be associated via ldap authentication, ldap authorization, or from account provisioning. Configures synching of ldap entries to drupal user properties, fields and the opposite direction.Requires: LDAP Servers (enabled), Entity API (enabled), Number (enabled), Field (enabled), Field SQL storage (enabled)Required by: LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP SSO (disabled) Help Configure
LDAP Views Implements LDAP integration with ViewsRequires: LDAP Query (disabled), LDAP Servers (enabled), Views (enabled), Chaos tools (enabled)

Hide Mail

Enabled Name Version Description Operations
SMTP Authentication Support 7.x-1.0-beta2 Allow for site emails to be sent through an SMTP server of your choice. Help Permissions Configure

Hide Other

Enabled Name Version Description Operations
Advanced help 7.x-1.0 Allow advanced help and documentation.Required by: Chaos Tools (CTools) Plugin Example (disabled), Advanced help example (disabled) Help Permissions
Advanced help example 7.x-1.0 A example help module to demonstrate the advanced help module.Requires: Advanced help (enabled)
Backup and Migrate 7.x-2.4 Backup or migrate the Drupal Database quickly and without unnecessary data. Help Permissions Configure
Entity API 7.x-1.0-rc3 Enables modules to work with any entity type and to provide entities.Required by: Entity tokens (enabled), LDAP User Module (enabled), LDAP Authentication (enabled), LDAP Authorization (disabled), LDAP Authorization - Drupal Roles (disabled), LDAP Test Module (disabled), LDAP Help (disabled), AD Common Use Cases (disabled), Provision LDAP Users (disabled), LDAP Authorization - OG (Organic Groups) (disabled), LDAP SSO (disabled), Rules (enabled), Rules UI (enabled), Rules translation (disabled), Rules Scheduler (enabled) Help
Entity tokens 7.x-1.0-rc3 Provides token replacements for all properties that have no tokens and are known to the entity API.Requires: Entity API (enabled)Required by: Rules (enabled), Rules UI (enabled), Rules translation (disabled), Rules Scheduler (enabled) Help
Libraries 7.x-2.0 Allows version dependent and shared usage of external libraries.Required by: Views Slideshow: Cycle (disabled)
Pathauto 7.x-1.2 Provides a mechanism for modules to automatically generate aliases for the content they manage.Requires: Path (enabled), Token (enabled) Help Permissions Configure
Token 7.x-1.4 Provides a user interface for the Token API and some missing core tokens.Required by: Pathauto (enabled) Help

Hide Panels

Enabled Name Version Description Operations
Mini panels 7.x-3.3 Create mini panels that can be used as blocks by Drupal and panes by other panel modules.Requires: Panels (enabled), Chaos tools (enabled) Permissions
Panel nodes 7.x-3.3 Create nodes that are divided into areas with selectable content.Requires: Panels (enabled), Chaos tools (enabled) Permissions Configure
Panels 7.x-3.3 Core Panels display functions; provides no external UI, at least one other Panels module should be enabled.Requires: Chaos tools (enabled)Required by: Chaos Tools (CTools) Plugin Example (disabled), Panels In-Place Editor (enabled), Mini panels (enabled), Panel nodes (enabled) Help Permissions Configure
Panels In-Place Editor 7.x-3.3 Provide a UI for managing some Panels directly on the frontend, instead of having to use the backend.Requires: Panels (enabled), Chaos tools (enabled) Configure

Hide Printer, email and PDF versions

Enabled Name Version Description Operations
PDF version 7.x-1.2 Adds the capability to export pages as PDF.Requires: Printer-friendly pages (enabled) Permissions Configure
Printer-friendly pages 7.x-1.2 Adds a printer-friendly version link to content and administrative pages.Required by: Send by email (enabled), PDF version (enabled) Help Permissions Configure
Send by email 7.x-1.2 Provides the capability to send the web page by emailRequires: Printer-friendly pages (enabled) Permissions Configure

Hide Rules

Enabled Name Version Description Operations
Rules 7.x-2.2 React on events and conditionally evaluate actions.Requires: Entity tokens (enabled), Entity API (enabled)Required by: Rules UI (enabled), Rules translation (disabled), Rules Scheduler (enabled) Help Permissions Configure
Rules Scheduler 7.x-2.2 Schedule the execution of Rules components using actions.Requires: Rules (enabled), Entity tokens (enabled), Entity API (enabled) Configure
Rules UI 7.x-2.2 Administrative interface for managing rules.Requires: Rules (enabled), Entity tokens (enabled), Entity API (enabled)

Hide User interface

Enabled Name Version Description Operations
IMCE Wysiwyg API bridge 7.x-1.0 Makes IMCE available as plugin for client-side editors integrated via Wysiwyg API.Requires: IMCE (disabled), Wysiwyg (disabled)
jQuery Update 7.x-2.2 Updates jQuery to jQuery 1.5.2 and jQuery UI 1.8.11. Help Configure
Wysiwyg 7.x-2.2 Allows to edit content with client-side editors.Required by: IMCE Wysiwyg API bridge (disabled)

Hide Views

Enabled Name Version Description Operations
Views 7.x-3.5 Create customized lists and queries from your database.Requires: Chaos tools (enabled)Required by: Date Views (enabled), LDAP Views (disabled), Views content panes (enabled), Views Slideshow (disabled), Views Slideshow: Cycle (disabled), Views UI (enabled) Help Permissions
Views Slideshow 7.x-3.0 Provides a View style that displays rows as a jQuery slideshow. This is an API and requires Views Slideshow Cycle or another module that supports the API.Requires: Views (enabled), Chaos tools (enabled)Required by: Views Slideshow: Cycle (disabled)
Views Slideshow: Cycle 7.x-3.0 Adds a Rotating slideshow mode to Views Slideshow.Requires: Views Slideshow (disabled), Views (enabled), Chaos tools (enabled), Libraries (disabled)
Views UI 7.x-3.5 Administrative interface to views. Without this module, you cannot create or edit your views.Requires: Views (enabled), Chaos tools (enabled) Configure

Hide Webform

Enabled Name Version Description Operations
Webform 7.x-3.18 Enables the creation of forms and questionnaires. Help Permissions Configure

Hide XML sitemap

Enabled Name Version Description Operations
XML sitemap 7.x-2.0-rc2 Creates an XML sitemap conforming to the sitemaps.org protocol.Required by: XML sitemap custom (disabled), XML sitemap engines (disabled), XML sitemap internationalization (disabled), XML sitemap menu (disabled), XML sitemap node (disabled), XML sitemap taxonomy (disabled), XML sitemap user (disabled)
XML sitemap custom 7.x-2.0-rc2 Adds user configurable links to the sitemap.Requires: XML sitemap (disabled)
XML sitemap engines 7.x-2.0-rc2 Submit the sitemap to search engines.Requires: XML sitemap (disabled)
XML sitemap internationalization 7.x-2.0-rc2 Enables multilingual XML sitemaps.Requires: XML sitemap (disabled), I18n (missing)
XML sitemap menu 7.x-2.0-rc2 Adds menu item links to the sitemap.Requires: XML sitemap (disabled), Menu (enabled)
XML sitemap node 7.x-2.0-rc2 Adds content links to the sitemap.Requires: XML sitemap (disabled)
XML sitemap taxonomy 7.x-2.0-rc2 Add taxonomy term links to the sitemap.Requires: XML sitemap (disabled), Taxonomy (enabled), Options (enabled), Field (enabled), Field SQL storage (enabled)
XML sitemap user 7.x-2.0-rc2 Adds user profile links to the sitemap.Requires: XML sitemap (disabled)

Okay, what I've done is uninstall 2.x-dev and install 1.0-beta12. Now the creation of users works perfectly, but downgrading has resulted in an issue where logging in takes the user to a blank page (500 error). I think I've got a better chance of troubleshooting this error than the other one. Not sure if that analysis helps, but it's another benchmark...

[UPDATE] The 500 error was stupid. Checked the logs and it was a conflict between the ldap directory and a backup I had. Removed the backup and no error. Everything is working fine in 1.0-beta12 for me.

Priority:Critical» Normal

Can someone try to replicate this on the current 7.x-2.x-dev?

Status:Active» Postponed (maintainer needs more info)

I have tried and could replicate this on the current 7.x-2.x-dev (and on 7.x-2.0-beta3)
There is only one ldap generated drupal user possible. Every new login overwrites previous user data, apart from data not triggered from ldap (e.g. group, which is not in ldap).
In this context i found, that setting "AccountName attribute" in the server settings to a different value than default (e.g. "uid", which exists in ldap) causes a php error message:

Notice: Undefined index: uid in LdapServer->userUsernameFromLdapEntry() (line 965 of /var/www/drupal-sites/drupal7/panda/modules/ldap/ldap_servers/LdapServer.class.php).

Anyhow, the user is generated and logged in.
I am not sure, if there is a relationship between the routines.....

Priority:Normal» Major
Status:Postponed (maintainer needs more info)» Active

The issue makes the ldap module not usable for me, due to functional, but also for security reasons. Therefore i have changed the prio and the status.

Title:LDAP Authentication: Logged in user has identity changed when another user logs in...LDAP Servers: Logged in user has identity changed when another user logs in...
Priority:Major» Critical
Status:Active» Needs review

I see an obvious bug, that might cause this or at least obfuscate the issue. I've committed the fix: http://drupalcode.org/project/ldap.git/commitdiff/4e4f4b28e57506bc73a901...

And some more checks for unresolved usernames:
http://drupalcode.org/project/ldap.git/commitdiff/e7310d04c9e3b089951661...

Additional checks could be made after any calls to LdapServer::entryToUserEdit() that return conflicted username conditions such as both $account->name and $edit['name'] being empty.

Please try this out; its committed to 7.x-2.x-dev.

Title:LDAP Servers: Logged in user has identity changed when another user logs in...LDAP Authentication: Logged in user has identity changed when another user logs in...
Priority:Critical» Normal
Status:Needs review» Active

I have rechecked with a fresh drupal installation using only ldap module (+ctools +entity) and no problems occured! I will try to find out which combination cause the trouble......

I found the reason for the problem and it is - like in most cases - a layer 8 problem. So the user - ME! - was too stupid. During ldap server module config i came along the parameter:

Persistent and Unique User ID Attribute

The description is:
In some LDAPs, a user's DN, CN, or mail value may change when a user's name changes or for other reasons. In order to avoid creation of multiple accounts for that user or other ambiguities, enter a unique and persistent ldap attribute for users. In cases where DN does not change, enter "dn" here. If no such attribute exists, leave this blank.

And i misunderstood the advice and entered "dn" here. If you do so, you will only get one ldap generated drupal user. Leave that parameter blank and everything is okay (tested with 7.x-2.0-beta3+80-dev)!

So if that is the planned behaviour i suggest to change the ticket status to fixed and close it. :-)

#17. Using dn should not create a problem except if an individual's DN changes. So if using "dn" creates the problem, its still an issue. Thanks for narrowing it down. I will try to replicate it with dn.

Status:Active» Postponed (maintainer needs more info)

Can someone try to replicate this in 7.x-2.x-dev? I cannot even using "dn" as puid.

Status:Postponed (maintainer needs more info)» Fixed

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Version:7.x-2.x-dev» 7.x-2.0-beta5
Status:Closed (fixed)» Active

I am having the same problem in my site.

When two users log in, the second overrides the first user Drupal account. I'm working with the 2.x beta 5 version, maybe the problem persist, but because of the little number of cases I think it belongs from my configuration.

To be sure, when using "dn" in the "Persistent and Unique User ID Attribute" field is it necessary to fill the field "Expression for user DN. Required when "Bind with Users Credentials" method selected."?

In the reports, the user module shows an error since it's enabled, maybe is related to this:

User Fields for LDAP User Module Missing
Fields are added to the Drupal User entity for LDAP User module functionality. These fields should have been created in LDAP User update 7203. The following userfields are missing:
ldap_user_prov_entries instance
ldap_user_last_checked
ldap_user_last_checked instance
ldap_user_ldap_exclude
ldap_user_ldap_exclude instance
Rerun update 7203 to correct this; it will not write over destroy existing fields.

Thank you.

Version:7.x-2.0-beta5» 7.x-2.x-dev

Please only test against -dev; not beta versions.

No luck yet. I am working with an existing site and can't start from scratch though

Base Case
Test: 7.x-2.0-beta5
Result: same as reported in this issue

Test #1
Test: Using 7.x-2.0-beta5 I tried the solution from #17 and removed 'dn' from the 'Persistent and Unique User ID Attribute' field.
Result: The effect this had was to stop new users from being created. I could log in with existing accounts but accounts not already in Drupal where not recognized.

Test #2
Test: dev on top of beta5
$ drush dl ldap --dev
$ drush updb
ldap_authorization module : 7204 - make all schema field names lowercase in ldap server to deal with cronic case sensitivity issues
$ drush cc all
$ drush cron
Result: no change from Base Case

Test #3
Test: disable/enable
$ drush dis ldap_servers
$ drush en ldap_servers, ldap_user, ldap_authentication, ldap_authorization, ldap_authorization_drupal_role, ldap_test, ldap_help

Version:7.x-2.x-dev» 7.x-2.0-beta6

We were still experiencing this issue with LDAP Authentication on our site as well. Removing the "dn" entry under Persistent and Unique User ID Attribute alleviated the problem with user accounts being overwritten, but we're still attempting to delve deeper into why this problem was happening in the first place. It doesn't seem reasonable that the settings under "Persistent and Unique User ID Attribute" should allow the partial overwrite of user accounts. In our case, when attempting to authenticate and create a second user account, the previously created Username (User1) was not being updated, only the associated email was changing from User1's email to User2's. Very weird.

Version:7.x-2.0-beta6» 7.x-2.x-dev
Issue summary:View changes

Status:Active» Postponed (maintainer needs more info)

I ran across this in helping someone with their configuration. To create or update drupal entries, the server configuration needs to both derive a matching username and store a permanent user id. Test a sample user to make sure this is the case and that these derived values are unique. dn is not a good attribute for the unique attribute. cn may be if you never change them for users.

To continue on with this as a bug, the following is needed:

- mappings for username, authname, and permanent user id
- an example of two ldap entries where this conflict occurs (anonymized).

Thanks #17 fixed it for me.... just deleted "dn"