Fields mapped with LDAP profile are locked even if the site is configured in mixed mode and the account is not an LDAP account.

CommentFileSizeAuthor
ldap-profile-dont-lock-non-ldap.patch609 bytesfearlsgroove

Comments

johnbarclay’s picture

johnbarclay commented
Status: Needs review » Needs work

I don't use ldap profile, but does this patch lock and unlock based on individual fields? I believe that would be the desired way to do it; locking only ldap profile populated fields for ldap identified users.

Also I think its best not to check for the $form_state['user']->data['ldap_authentication'] but use a more general function to figure out if the profile data is from ldap. If the profile module is designed to work with ldap_authentication only, it probably needs some work so it can be triggered by ldap_authorization and ldap_feeds.

fearlsgroove’s picture

fearlsgroove commented
Status: Needs work » Needs review

No not based on individual fields, but instead based on whether or not the profile is an LDAP profile. If it's not an LDAP record, it shouldn't do anything, which is what this patch does.

The module already appears to rely on ldap authentication information to fetch the sid and DN. See in hook_user_login:

if (is_array($account->data) && array_key_exists("ldap_authentication", $account->data)) {
    $authdata = $account->data["ldap_authentication"];
    if (array_key_exists('init', $authdata)) {
      $authinit = $authdata['init'];
      if (isset($auth_conf->servers[$authinit['sid']])) {
        $server = $auth_conf->servers[$authinit['sid']];
        $ldapuser = TRUE;
        if (array_key_exists('dn', $authinit)) {
          $dn = $authinit['dn'];
        }
      }
    }
  }

Creating a more robust way of attaching a DN to an account seems a worthy goal, but as far as I can tell it doesn't currently exist in the suite, and would definitely expand the scope of this small fix considerably.

johnbarclay’s picture

johnbarclay commented
Status: Needs review » Fixed

I committed this. Yeah I would love to get dn and sid as fields in the user entity. Would help with a number of integration issues including feeds.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.