I'm using an OpenLDAP server with bind method "Bind with Users Credentials". This works fine for provisioning Drupal user accounts when LDAP account already exists.

However, when that user edits his profile in Drupal and saves, Drupal cannot bind to the LDAP server, because it no longer has that's user's password to use for binding. In LdapServer::bind(), I don't see an option for hooking in to supply the proper DN and password for binding.

What do you recommend for injecting the binding DN and password after trying to synch to LDAP after Drupal user account is updated by that user?

CommentFileSizeAuthor
#1 ldap-persistent_binding-2225795-1.patch952 byteskrisahil
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

krisahil’s picture

krisahil CreditAttribution: krisahil commented
FileSize
ldap-persistent_binding-2225795-1.patch952 bytes

I patched ldap_server module, and provided a sandbox project to address this.

The patch stores the credentials passed to bind() method, so that early functions can pass the correct credentials. The sandbox project modifies the user edit form to require the current user's LDAP password. A validation handler then passes the user's DN and LDAP password to bind(). This ensures that the correct bind credentials are available when ldap_user_user_update() tries to push updated data to LDAP server.

Sandbox project: https://drupal.org/sandbox/krisahil/2227439

krisahil’s picture

krisahil CreditAttribution: krisahil commented
Status: Active » Needs review
larowlan’s picture

larowlan
Location 🇦🇺🏝.au GMT+10
CreditAttribution: larowlan at PreviousNext commented
Status: Needs review » Closed (outdated)

no update for > 12 months - closing