Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Hi everyone.
Perhaps my setup is a bit odd, but this is an issue that affects several of our sites.
Our LDAP directory has some fields that are protected unless authenticating using the user's own credentials. This has been configured this way to protect the users privacy. As an example, users in our LDAP directory have an ID field. This field is available to the user themselves but shouldn't be available to anyone else.
When any user views a user profile, the ldapdata module calls the _ldapdata_user_form function which forces a refresh of the user's field data by calling _ldapdata_user_load($user, TRUE). This fails because the module no longer has the users's credentials to authenticate with and is now using anonymous lookup. When this happens, the profile value is cleared and the data is lost.
In my site config I've chosen 'When user logs in. (Use when LDAP rarely changes.)' under Synchronize LDAP data with Drupal profiles. The ldapdata_user_form function is not respecting this setting. I've resolved this by changing the _ldapdata_user_load call in the _ldapdata_user_form function to _ldapdata_user_load($user, FALSE); (on line 152 of ldapdata.module).
Is this an appropriate change to make? I'm not sure why the sync absolutely has to happen here.
Thanks!
Comments
Comment #1
johnbarclay CreditAttribution: johnbarclay commentedSeems like a good change. This use case is resolved in the drupal 7 version of ldap. Seems like a pretty common use case where FERPA or other privacy regulations exist.
Comment #1.0
doana CreditAttribution: doana commentedGrammar