LDAP SSO: Undefined offset: 0 in LdapAuthenticationConfAdmin->validate()

Sure. I can test against either of those versions. Which one do you feel would be preferable?

I went ahead and tried both versions, starting with 7.x-1.x-dev since it's the closest to what's currently working for me with 7.x-1.0-beta12. Here is what happened:

Attempt 1 - Installed 7.x-1.x-dev:

1. It now says 7.x-1.0-beta12+12-dev under the Config > Modules. Is this what it's supposed to say?
2. There were no database updates listed on the update script.
3. As I went to the following tabs and clicked on the Update buttons, this is what happened:
   • Settings > Everything worked fine.
   • Servers > Everything worked fine.
   • Authentication > Received the same notice errors as in my original post.
   • Authorization > Everything worked fine.
   • Queries > Everything worked fine.
   • Profile Mapping > Everything worked fine.
   • Help > Everything worked fine.

************************************

Attempt 2 - Installed 7.x-2.x-dev:

1. It now says 7.x-1.0-beta12+12-dev under the Config > Modules. Is this what it's supposed to say?
2. These 4 pending updates appeared before running the update script:
   
   ldap_authorization module
   
   7201 - moving some groups related fields into ldap server module
   7202 - remove user ldap authorizations field. its in $user->data now
   7203 - make all schema field names lowercase in ldap server to deal with cronic case sensitivity issues

   ldap_query module
   
   7102 - make ldap_query.scope field small int instead of tiny int for ctools bug

3. Ran the update script, and I received this fatal error:
   
   Fatal error: Call to undefined function ldap_servers_module_load_include() in E:\inetpub\wwwroot\drupal\sites\all\modules\ldap\ldap_query\ldap_query.module on line 116
4. As I went to the following tabs and clicked on the Update buttons, this is what happened:
   • Settings > Everything worked fine.
   • Servers > Everything worked fine.
   • Authentication > Received the same notice errors as in my original post.
   • Authorization > Page went blank.
   • Queries > Page went blank.
   • Profile Mapping > Everything worked fine.
   • Help > When I clicked on "Issue Reporting" the page was blank.

I'm now going to pull back in my backup core and database files, and revert back to 7.x-1.0-beta12 until these issues are resolved. I hope that the information helps.

@johnbarclay: Is there any word on this issue report?

Within my setup of IIS 7.5, Authenticated and Anonymous users are allowed. But I'm still not able to use SSO without receiving this message when visiting user/login/sso:

"You were not authenticated by the server. You may log in with your credentials below."

If I create a simple test PHP file within the drupal core to display my username, it works great. So I'm not sure why this page isn't seeing my username. Do you have any suggestions?

@johnbarclay: Thanks for the new information. I just tried installing 7.x-2.x-dev with the new code that was committed on Feb 26th, but unfortunately I received the same errors and issues as I reported on comment #3.

I did look at the Watchdog report, and this is what I saw displayed 4 times:

Watchdog:

Type	ldap
Date	Wednesday, February 27, 2013 - 10:40
User	jayhawkfan75
Location	http://mysite/drupal/admin/config/people/ldap/profile?render=overlay
Referrer	http://mysite/drupal/welcome
Message	LDAP ldap_search error. basedn: ou=guest accounts,dc=ad,dc=myuniveristy,dc=edu| filter: (sAMAccountName=jdoe)| attributes: Array ( ) | errmsg: Can't contact LDAP server| ldap err no: -1|
Severity	notice
Hostname	123.45.6.789
Operations	

Since it had an issue with the test account from Simpletest within LDAP, I then tried to disable test account and received the following error:

PDOException: SQLSTATE[23000]: [Microsoft][SQL Server Native Client 10.0][SQL Server]Cannot insert the value NULL into column 'account_name_attr', table 'Drupal.dbo.ldap_servers'; column does not allow nulls. INSERT fails. in drupal_write_record() (line 7106 of E:\mysite\drupal\includes\common.inc).

I then tried to disable Ldap Authorization SimpleTest module all-together and it crashed the site.

I finally tried to run the update script with the same updates listed as on #3, and received the same fatal error:

Result = Fatal error: Call to undefined function ldap_servers_module_load_include() in E:\mysite\drupal\sites\all\modules\ldap\ldap_query\ldap_query.module on line 116

So I'm now reverting back to 7.x-1.0-beta12. Do you believe that I should try installing a patch to beta12? If so, do you have a link to it?

Additional Note: I installed the Schema module per your suggestion, but it crashed by config page. So I disabled and uninstalled it.

Update:

As far as debugging the issue within ldap_sso, here are some steps:

- trace the function ldap_sso_boot() and ldap_sso_user_login_sso() in ldap_sso.module. If you don't have tracing setup, you can also enable detailed logging at admin/config/people/ldap (checkbox on bottom) and add more watchdog statements.

I do have that Detailed Watchdog checkbox checked, but no logs are displayed even though I receive that authentication error. Also, an important note that I mentioned earlier is that on the same server within the Drupal core's folders I have the following simple PHP script to see if it's pulling my Windows username, which it is doing successfully:

<?php
        // check Windows credentials
        $varUserName = $_SERVER["REMOTE_USER"];
        echo $varUserName;
        ?>

I also successfully changed line 112 in ldap_sso.module so that my static username was used ($remote_user = 'myusername';) and went to user/login/sso, and it worked. So for some reason, $remote_user = $_SERVER['REMOTE_USER']; is not getting my username. Hope it helps. Strange...

LDAP SSO still isn't working for me properly, because it's not pulling in the AD username like I mentioned on #7.

I have a friend and fellow Drupal developer who's going to try to help me to finish it up next Monday, and I'll make sure that I post anything that I learn about it on here. Hopefully we're able to come up with that the issue is and a resolution.

@klavs: I'm using LDAP version 7.x-1.0-beta12, as I had some issues with the newer versions, and was advised to stick with what's working for me until an release candidate/RC version is released. I was able to find a solution for getting my Windows username pulled in with IIS and Drupal, which I've listed below. Not sure if you can revert back to the version I'm using to see if it works, but if you can, that may be a good option. Hope it helps.

@johnbarclay: I was able to do the testing on the LDAP SSO module with my friend, and we were able to solve one major problem with my setup of this module.

We noticed that a test PHP page I created pulled in my username without a problem, ldap_sso.module file wouldn't do that. So after a lot of debugging, we tried something within IIS Manager (7.5). Once I disabled Anonymous access and enabled Windows Authentication at the root level of the site, my AD username was pulled in properly, and the user/login/sso page automatically logged me in as it should. Yea!!!

I next tried to do the same setup from the ldap module's root and ldap sso root instead of the root of the site, but that didn't work. So I reverted back to what worked previously.

The only issue I have with this setup is that some employees from one department that do not have AD/domain accounts, and they will want to access the site anonymously without creating a Drupal account. This is an intranet site, and the only way to allow them in is to allow for anonymous access. But obviously this setup won't allow for that. Do you have any suggestions on how what my next step should be?

Concerning the notices I mentioned in my original post (#2), I'm still getting them whenever I click on the save button on the "Authentication tab. Do you have any progress on that issue?

@haydeniv: Thanks for the reply. I have "Turn on automated/seamless single sign-on" unchecked, so I'm not prompted when I visit the regular pages of the site as you've stated.

But my issue is that if I have Anonymous and Windows Authentication enabled on the server, and I go to user/login/sso, it does not detect my Windows credentials and gives me the following message: "Sorry, your LDAP credentials were not found, or the LDAP server is not available. You may log in with other credentials on the user login form."

The only way that the user/login/sso page works is for me to disable Anonymous users in IIS Manager, which is not a workable solution when some users will be Anonymous.

Thanks again for any assistance.

These specific issues have been fixed for me after updating my LDAP version from 7.x-1.x-beta12 to 7.x-2.x-beta5. I'm still having some issues with SSO, but I'll have to create a new issue report for that, as it's unrelated to this original issue report. Thanks.