I have set up LDAP mappings to push custom field values from Drupal to OpenLDAP. However, when a user logs in, I get the following errors (in this case I'm creating a new user called testingldap).
LDAP entry for testingldap cannot be created on auth_yln_info. Proposed DN: uid=testingldap,ou=users,dc=yln,dc=info)
LDAP server auth_yln_info exception: Could not add entry "uid=testingldap,ou=users,dc=yln,dc=info": Undefined attribute typeI've double and triple checked the token names and format names. I'm doing the same thing in Drupal 7 (with a slight difference in the token names) so I feel confident the problem isn't on OpenLDAP's end. (And I tried getting logs on the LDAP server but they didn't return anything useful.) A screenshot of the mappings is attached.
Do you know what I should be looking for with the error "undefined attribute type"? Is there a way I can get more precise error info?
Thank you!
| Comment | File | Size | Author |
|---|---|---|---|
| #3 | ldap mappings 2.PNG | 15.79 KB | chanelwheeler |
| ldap mappings.PNG | 34.86 KB | chanelwheeler |
Show commandsStart within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
changes
Comments
Comment #2
grahlHi
ldap_add has failed, "Undefined attribute type" comes from the server, you are not sending a proper mapping to it. Most likely, you are missing the correct objectclass, but without any information on your actual mappings it's not really possible to help, please consider asking your directory maintainer on how to construct an object in your directory.
Comment #3
chanelwheeler commentedI am the directory maintainer. I've stripped the mappings down to the minimum required by the LDAP server.
If I modify an existing user that's already in the LDAP database, LDAP is correctly updated. If I create a new user in Drupal, then I get the Undefined attribute type error. Note that I'm using the same settings as on Drupal 7 and I've never had a problem there.
Is there a way to see the string that's being sent to the LDAP server?
Comment #4
grahlHi
In the first row you have a compound field and need to use the brackets. For the last two you don't necessarily, can you please try using the actual field selector there instead of user tokens?
If that also fails, can you please try setting a fixed value in the mapping and creating a user? (I'm trying to narrow down where your issue is coming from, I can't reproduce it on my setup.)
Comment #5
chanelwheeler commentedI replaced the user tokens with the actual fields and got the same result. Putting in static values, I discovered something new. If I log in as a user that already exists in the LDAP db, sn and cn get updated and Drupal doesn't throw any errors. If I log in as a user that isn't in the LDAP db, then Drupal throws the undefined attribute type error and the user isn't created in LDAP. Does that help reveal anything?
Comment #6
grahlThanks for the feedback, looking at that in the debugger I can see that the token replacement on the entry building has a bug and does not correctly set the objectClass index.
Comment #7
grahlComment #9
grahlHi chanelwheeler
Can you give the attached MR a try? When I set that up locally I had some issues with redundant account creation and I'd like to know if you do too. If so, that might be a follow-up issue.
The attached fix should fix the problem but still needs a test case.
Comment #10
chanelwheeler commentedHow do I install that? I usually use composer.
Comment #11
grahlHi chanelwheeler
You can use composer-patches to integrate patches with composer. The merge request can be added by passing a .patch to the MR and using it as a patch file: https://git.drupalcode.org/project/ldap/-/merge_requests/20.patch
Of course you can also download it and apply it manually with patch for local testing. See also: https://www.drupal.org/docs/develop/git/using-git-to-contribute-to-drupa...
Comment #12
zterry95 commentedTested and this patch works for me.
https://git.drupalcode.org/project/ldap/-/merge_requests/20.patch
Comment #13
oturpin commentedHi,
I am actually using LDAP module : Machine name: ldap_user Version : 8.x-4.6
I encountered this issue and applied 20.patch with success.
I can read that this patch have been merged in september 2021 => is there any regression ?
What is the exact version which was merged with that patch in 2021 ?
Thx
Comment #15
input commentedMR !20 seems to work. I have a similar mapping to @chanelwheeler
However in my current setup now the ldap add seems to be triggered up to three time.
From the logs:
server ldap_server exception: Could not add entry "uid=30006,ou=xxxx,dc=xxxx,dc=xxxx,dc=xxxx": Already existsDifficult to say if this is related to the changes.