Ldap Authentication: Improve login credential handling to allow login with email address

This looks good. I committed it. Please continue to test.

fixed spelling of function name

If I set AuthName attribute to mail value, then get error on login

Server Error: Failed to create Drupal user account for %user_name

In ldap_authentication.inc:460 I change
$drupal_account = $auth_conf->ldapUser->provisionDrupalAccount(NULL, $user_edit, NULL, TRUE);
to
$drupal_account = $auth_conf->ldapUser->provisionDrupalAccount(NULL, $user_edit, $ldap_user, TRUE);

This is right? How I can login with LDAP mail?

I've some issue with LDAP, Email Registration and above patch which were commited to dev (#5).
The scenario is:
- there is Drupal 6 site which authenticates with LDAP credentials only (both username and e-mail)
- there is new site on Drupal 7 which authenticates with LDAP credentials only (only via e-mail using Email Registration module).

The problem is:
- when I'm creating the new user, uid is set to username, but when LDAP authenticate the user, it's looking for e-mail address in uid
Call: _ldap_authentication_user_login_authenticate_validate ()/ldap_authentication_test_credentials()/userUserNameToExistingLdapEntry(uid=foo@example.com)

Code:

  // Email registration module populates name even though user entered email
  if (!empty($form_state['values']['email'])) {
    $entered_name = $form_state['values']['email'];
    $authname_drupal_property = 'mail';
  }

- also I can't fully store e-mail address in uid property, as there are other existing users which were created by a standard method (uid=username).

So I'm not sure what's the proper solution for problem. Either to remove the above condition, override validation function or improve the logic.

Proposed change:

--- a/ldap_authentication/ldap_authentication.inc
+++ b/ldap_authentication/ldap_authentication.inc
@@ -158,12 +158,6 @@ function _ldap_authentication_user_login_authenticate_validate(&$form_state, $re
   $entered_name = $form_state['values']['name'];
   $authname_drupal_property = 'name';
 
-  // Email registration module populates name even though user entered email
-  if (!empty($form_state['values']['email'])) {
-    $entered_name = $form_state['values']['email'];
-    $authname_drupal_property = 'mail';
-  }
-
   // $authname is the name the user is authenticated with from the logon form // patch 1599632
   $authname = $entered_name;

Or we need to handle the authentication of LDAP users in different way rather than just e-mail address against the uid property.

I did some more tests and I think the patch is necessary, otherwise the authentication is inconsistent. We should authenticate username against LDAP uid property and not change the logic (e-mail instead of username) depending if some module is enabled or not, otherwise it'll always break the functionality to existing users.
I've successfully tested the attached patch as well with another patch at #2037887: Edit user password should use LDAP to authenticate (#10).

The test I did:
- I've created new user (registered with e-mail via Email Registration module),
- I was able log-in with the right credentials.
- I've tested password change and I was able log-in with the new credentials.

Here is validation function which can be used to validate user via e-mail against LDAP, if user doesn't exist in Drupal yet:

function foo_checkout_register_ldap_user_login_validate($form, &$form_state) {
  if (!empty($form_state['values']['account']['login']['pass'])) {
    $form_state['values']['name'] = $form_state['values']['account']['login']['name'];
    $form_state['values']['pass'] = $form_state['values']['account']['login']['pass'];
    ldap_user_ldap_provision_pwd('set', $form_state['values']['account']['login']['pass']);
    ldap_servers_module_load_include('inc', 'ldap_authentication', 'ldap_authentication');
    _ldap_authentication_login_form_alter($form, $form_state, 'user_login');
  }
}

Example usage as part of custom login form:

     $form['account']['login']['name'] = array(
         '#type' => 'hidden',
         '#value' => $result[0]['uid'][0],
     );
 
     $form['account']['login']['login_now'] = array(
         '#type' => 'submit',
         '#value' => t('Login now'),
         '#limit_validation_errors' => array(array('account')),
         '#validate' => array('commerce_checkout_login_checkout_form_validate'),
         '#submit' => array('commerce_checkout_login_checkout_form_submit'),
         '#validate' => array('foo_checkout_register_ldap_user_login_validate', 'user_login_name_validate', 'ldap_authentication_core_override_user_login_authenticate_validate', 'ldap_authentication_user_login_authenticate_validate', 'user_login_final_validate'),
         '#submit' => array('user_login_submit'),
     );
     ldap_servers_disable_http_check($form);

I agree we should authenticate username against LDAP and not change the logic (e-mail instead of username) depending if some module is enabled or not.

kenorb, Is your patch in #10 based on some previous patches, it just appears to remove some lines of a previous patch. Does it patch the original ldap_authentication.inc?

Ok, I have figured out where the two modules are bumping into each other. The LDAP module uses the presence of $form_state['values']['email'], which it sets to know if people are using email_registration.

The email_registration.module on line 208 says:

// Keep the email value in form state for further use/validation.
    $form_state['values']['email'] = $form_state['values']['name'];

When I comment this line out I am able to log into both local and LDAP account with username and email address. And it doesnt appear to be used elsewhere in email_registration. But I dont think this is the right way to handle it.

It does appear that the presence of ldap_authentication.inc line 162 breaks integration with email_registration when it implies it supposed to support it:

 // Email registration module populates name even though user entered email
  if (!empty($form_state['values']['email'])) {
    $entered_name = $form_state['values']['email'];
    $authname_drupal_property = 'mail';
  }

I'm marking this as wontfix since we don't have a viable patch here.

If someone is interested in getting email_registration and LDAP working nicely together, please feel free to reopen.