LDAP Authorization: Username case sensitivity different for authentication and authorization with groups as entries setting

Thanks. This is fix was applied in beta10. There are still case sensitivity issues in beta10 I'm working through in 7.x-1.x-dev.

(Bracking and me work for the same association, on the same LDAP/Drupal setup)

We have updated our configuration, but unfortunately some part of the patch broke all our role mapping. On log in all LDAP-granted roles are revoked, and we cannot seem to get them back, no matter what we do. We've tried applying the patch in http://drupal.org/node/1607024 , but that does not help.

I'm afraid we cannot pinpoint what exactly broke our setup either, nothing in the config changed (that we know of), but of course, during the debugging process we have been trying a lot of different options. Once we know if this has been fixed, we'll post here, but now we are very interested in any hints as to what exactly changed.

Here's what I think off the top of my head. beta10 removed the roles from the users, but perhaps not the user->data array so its not trying to add them back. I would return your settings to their original state and treat it as a bug.

First, Try the following:

query the db with select name, cast(data as char(1000)) from users

deserialize the array (I use http://unserialize.net/).

If a user has no groups, the ldap_authorizations part of the array should be an empty array.

array (
  'ldap_authentication' => 
  array (
    'init' => 
    array (
      'sid' => 'uiuc_ad',
      'dn' => 'CN=jbarclay,OU=Campus Accounts,...',
      'mail' => 'jbarclay....',
    ),
  ),
  'ldap_authorizations' => 
  array (
    'drupal_role' => 
    array (
      'administrator' => 
      array (
        'date_granted' => 1338243353,
      ),
      'administrator2' => 
      array (
        'date_granted' => 1338243353,
      ),
      'administrator3' => 
      array (
        'date_granted' => 1338243353,
      ),
      'campus1' => 
      array (
        'date_granted' => 1338243353,
      ),
      'campus2' => 
      array (
        'date_granted' => 1338243353,
      ),
      'campus3' => 
      array (
        'date_granted' => 1338243353,
      ),
    ),
    'og_group' => 
    array (
      'node:10:5' => 
      array (
        'date_granted' => 1338243353,
      ),
    ),
  ),
)

We checked one of the problematic users. There were roles associated in the data attribute, but we couldn't delete the user from the Drupal UI, and removing in MySQL did not work as expected. The user could still log in, but no roles were assigned at any point. In the users table, there were only a few users, and it seemed that it was only those who had non-LDAP assigned roles. We are not sure what happened to the other users (most of whom have LDAP roles and could log in). Anyone who logs in seems to keep the roles they have, and no changes in LDAP propogate to Drupal anymore.

More help is welcome, but it seems that for our release (planned this Monday, fairly hard deadline) we will have to drop Drupal roles support.

This origin of this problem is unclear, but the symptons indicate the roles our out of synch with the $user->data authorizations. The code needs to be more robust and alter the actual authorizations when they are out of synch. I'm moving this to 7.x-1.x-dev.

This seems like a duplicate of #1607024: authorization drupal role not mapping roles because of case mismatch.. I'm closing this as a duplicate. Follow up in #1607024: authorization drupal role not mapping roles because of case mismatch. for any case sensitivity issues in authorization.

Can anyone give me any suggestion, how to make the username case sensitive for default user login?