Prevent user registration if username exists in LDAP directory [#865598]

Is there any way to prevent new users from registering accounts with usernames which exist in the LDAP directory? In mixed mode, the default behavior is to allow them to register, so that when the LDAP user tries to login, they are blocked by the local account.

My current solution idea is to hack the Email Registration module so that 1) All new users can only register/login using email address, and 2) [the hack] Those new users have a prefix added to their "username" entry in the database, to assure no conflicts with LDAP usernames.

However, I'd like to avoid having to patch contributed modules. Is there a better way?

Comments

Comment #1

feedbackloop CreditAttribution: feedbackloop commented 27 July 2010 at 16:45

What I ended up doing was adding some jQuery into a block and set it to only be "visible" on user/register:

drupal_add_js('$(document).ready(function() {
		$("#edit-name-wrapper").hide();
		$("#user-register").submit(function() { $("#edit-name").val($("#edit-mail").val()); });
	});', 'inline');

This hides the username field and then, just before form submit, copies the text in the email field over to the username field. Apparently Drupal lets you use "@" and other symbols in usernames.

While I'll probably use this, I'm still curious if there's a way to do it which actually checks against the LDAP directory and then denies registration if there's a match. Anyone?

Comment #2

kapayne CreditAttribution: kapayne commented 3 August 2010 at 17:26

Hi, and thanks very much for the php snippet - I'm trying to do something similar and I think it'll be very useful. I did try to set this up but I may be missing something. I set up the block and set it visible only on the user/register page but it removed the user name on the login block - leaving only he password field, locking out all users because they can't specify any username. I had the email registration module enabled and that may have caused problems, but it seems like the php should only remove the username field on the registration page, not the login. Any ideas?

Comment #3

kapayne CreditAttribution: kapayne commented 3 August 2010 at 19:27

Disabling email registration did allow this to work on the dupal side but I can't get the ldap provisioning to work. I can get it to create a user with the cn=mail but it also creates an additional drupal user.