I tried to add the Drupal administrator role to certain Active Directory accounts. When doing so I get this message:

Warning: array_values() expects parameter 1 to be array, null given in SimpleLdapRole->save() (line 219 of /var/www/mysite/sites/all/modules/simple_ldap/simple_ldap_role/SimpleLdapRole.class.php).

SimpleLdapException: Invalid syntax in SimpleLdap::ldap_add() (line 316 of /var/www/mysite/sites/all/modules/simple_ldap/SimpleLdap.class.php).

Let me know if you need any additional information.
Thanks.

Comments

emsearcy’s picture

Issue summary: View changes

I encountered this as well immediately upon activating simple_ldap_role and pointing it to the OU of my groups. My hypothesis without looking into the code was that simple_ldap was trying to provision the "administrator" role to LDAP and failing (it didn't get created in LDAP, in any case). The "administrator" role was also removed from all the users that had it... The error kept showing up, too.

As soon as I added a matching "administrator" role to LDAP, the error went away.

I am using groupOfNames for my groups, and am in read/write mode, with user provisioning working correctly.

I wonder if it would be helpful to have an "group exclusion list" for groups that are "native" to Drupal and are not managed by LDAP, similar to how uid=1 is excluded from being synced to LDAP. Perhaps upon activating the simple_ldap_role module, this could be initialized to all the current setting of the "administrator" role -- variable_get('user_admin_role') -- or maybe even all roles in use on the site, to avoid unexpected interactions with LDAP or Drupal user roles, before the user has had a chance to really get the module configured correctly?