I've found that every once in a while a user cannot change their password through the Drupal account form. If you change their password you get the standard success message, but when you try to login with the new password you get the unrecognized name/password error.

If I go into the LDap server with something like JXplorer and change the password manually in there, the problem goes away.

This doesn't happen with all users, but it is an issue that occasionally pops up and is quite annoying for the clients. Can anyone tell me what would be causing this?



cgmonroe’s picture

Hmm, a lot of possibilities here and it depends on your site settings:

First question: In the advanced section of the ldapdata configuration for the server, have you defined a "master" dn / password?

If you are not doing this, then the module will try to login to LDAP when it updates info in with the user's credentials stored in the session. The problem here could be:

- The user does not have rights on the LDAP server to modify their attributes (or password)
- The user's ldap session info has become corrupt somehow.

Tests for this:

  • Check the watchdog log for messages like: User update: user %name's data could not be updated in the LDAP directory"
  • Can this user normally change their password? If yes, probably has rights to change it.
  • Can the user change their password if they log out and back on again (with old password)? This would indicate the session was getting corrupt.

Another possibility for this is that they are changing their password twice without re-logging in. So the first password change is being recorded, then the second password change is failing because the password in the session does not match the new password on LDAP. This will not happen if you're using the "master" dn.

One thing that might be causing this is that some browsers (Chrome for example) may "autofill" the password fields with info from the past. So, if someone changes a profile setting (e.g. new image, or the like) their browse may also be changing the password for them as well. This could lead to problem changing the password.

Below this, you get into possible network and ldap response problems. There are a lot of valid "errors" that the code currently hides because all the LDAP calls get wrapped with a void_error_handler() (in LDAPInterface). However, the modify attributes code may not be wrapped in this.

Check the php error logs to see if there are any LDAP related errors.

An alternative is to add your own debugging code to the void_error_handler method in the LDAPInterface class to write out the ldap error information somewhere.

That's all I can think of right now with the information supplied.

Good luck.

swickham’s picture

Sorry, I found a temporary fix for this and was able to put this issue on the back burner for a bit while I worked on some other stuff. I'm back to trying to solve it again.

Something I've found is what users were affected by the issue I detailed above. This was affecting only users that existed before I installed the LDAP server and modules. Anyone who signed up for the site after the installation would not be affected by the issue.

I've also found a new one that relates to previously existing users. If I try to update their username, Drupal will update it in its database, but LDAP maintains the old value. However, new users will update across both platforms fine.

This seems like a RTFM type question because I swear I must be missing something obvious and simple here since no one else seems to have this problem.

Any advice?


swickham’s picture

Following up on this. It seems the reason for not syncing this change up with the LDAP server is these pre-existing users don't exist in the 'authmap' table.

I'm looking into why they didn't get put in there in the first place, but doing a simple insert of the relevant details fixes the problem.