LDAP User: If no 'mail' value is derived, attempted Drupal login fails with "user already exists with the same email address" [#1885752]

Arguably it's a sys admin error to tell the Drupal LDAP module to use the 'mail' attribute but have the LDAP server misconfigured to not expose that attribute, especially if Drupal7 requires an e-mail address for each user (does it?). However, in such a situation, Drupal could give a more informative error message.

Offending code seems to be in module/ldap/ldap_authentication/ldap_authentication.inc:

if (!$account_exists) {
if ($account_with_same_email = user_load_by_mail($ldap_user['mail'])) {
...
drupal_set_message(t('Another user already exists in the system with the same email address. You should contact the system administrator in order to solve this conflict.'), 'error');

It seems, when $ldap_user['mail'] is empty, user_load_by_mail() returns a valid object, leading to the confusing login failure message.

Does Drupal7 itself, or at least the LDAP module, require a unique e-mail address for each Drupal user? Depending on what is allowed, or what can be configured, the code should behave accordingly, and the failure messages should be informative.

Comments

Comment #1

johnbarclay CreditAttribution: johnbarclay commented 13 January 2013 at 04:14

The bad error message is a bug and needs to be fixed.

Email address is required in drupal so should be provided if drupal accounts are being created in the authentication process. There are some related issues to this, such as #1321258: LDAP Authentication: Allow entering of email on initial logon before acct created and editing of email afterward

Comment #2

johnbarclay CreditAttribution: johnbarclay commented 30 January 2013 at 01:23

Version:

7.x-2.0-beta3

» 7.x-2.x-dev

Comment #3

johnbarclay CreditAttribution: johnbarclay commented 11 February 2013 at 01:01

Title:	If LDAP has no 'mail' value, attempted Drupal login fails with "user already exists with the same email address"	» LDAP User: If no 'mail' value is derived, attempted Drupal login fails with "user already exists with the same email address"
Status:	Active	» Needs review

This is a special case that needed to be resolved in the provisionDrupalAccount function in ldap user. If its not done after the drupal alter there (drupal_alter('ldap_entry', $ldap_user, $params);) the validation is done before other modules have a chance to provide an email. I also moved duplicate emails checking here for the same reason.

This is committed to 7.x-2.x-dev.

Comment #4

johnbarclay CreditAttribution: johnbarclay commented 7 March 2013 at 22:42

Status:

Needs review

» Fixed

Comment #5

21 March 2013 at 22:50

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Comment #6

arellani CreditAttribution: arellani commented 16 September 2014 at 13:10

Issue summary:

View changes

Hello,

I have a production system that uses LDAP module to create DRUPAL 7 accounts.
Sometimes an error occurs "Another user already exist in the system whith the same e-mail address"

What I have to do for fix this problem?

My configuration is: l ldap-7.x-2.x-dev just like the post said, and the error persist.
Server:

Active directory

Binding Method: Anonymous Bind: Use no credentials to bind to LDAP server.

AuthName attribute: samaccountname
AccountName attribute:"empty"
Atributo correo electrónico : mail
Email template: "Empty"
Persistent and Unique User ID Attribute : "empty"

USER:
How to resolve LDAP conflicts with manually created Drupal accounts.
-Associate manually created Drupal accounts with related LDAP Account if one
exists.
- (checked) Create or Synch to Drupal user on successful authentication
with
LDAP credentials. (Requires LDAP Authentication module).
-(checked) Create or Synch to Drupal user anytime a Drupal user account is
created or updated. Requires a server with binding method of "Service Account
Bind" or "Anonymous Bind".
Existing Drupal User Account Conflict *
Associate Drupal account with the LDAP entry. This option is useful for
creating accounts and assigning roles before an LDAP user authenticates.
Application of Drupal Account settings to LDAP Authenticated Users *
Account creation settings at /admin/config/people/accounts/settings do not
affect "LDAP Associated" Drupal accounts.
Action to perform on Drupal account that no longer have a corresponding LDAP
entry
Perform no action, but email list of orphaned accounts. (All the other
options will send email summaries also.)

Is there anything I have to change. I am so scared because my system is in
production, and star to present this error.

I hope you can help me.

Best regards

Comment #7

xandermar CreditAttribution: xandermar commented 10 February 2015 at 16:47

Need help too. Thanks!

Comment #8

Tigryss CreditAttribution: Tigryss commented 15 March 2016 at 12:02

Need help 2. Please! Thanks!

Comment #9

Dijup Tuladhar CreditAttribution: Dijup Tuladhar commented 29 July 2016 at 08:59

I am still facing the issue

when I am trying to login using my domain login it says "Another user already exists in the system with the same email address. You should contact the system administrator in order to solve this conflict."