LDAP users assume anonymous status with realname enabled [#323984]

I'm not sure if this issue affects normal users who don't use LDAP for authentication. But with the realname module enabled, users will have anonymous access to the site even though they are logged in. This may have something to do with the fact that the LDAP integration module does not require the user to have an email address. But regardless, the realname module should not be checking to see whether the user is valid or not. It's a display-only module as far as I understood.

To reproduce:

1. Install LDAP Integration module
2. Install realname module
3. Log-in with a valid LDAP account that does not exist in Drupal (default intended use for LDAP Integration module... drupal creates an account for the user and gives them authenticated user access under normal circumstances.)
4. Notice that the the LDAP user you're now logged in as cannot edit his profile. And his username says (not verified).

I would love to hear that this is a simple configuration item. But something tells me this is a little deeper. Can you help?

Comments

Comment #1

jcwatson11 CreditAttribution: jcwatson11 commented 21 October 2008 at 16:57

Note: I disabled the realname module and user access rights returned to normal. But I would like to use realname with LDAP. Is there any way the realname module could refrain from changing the status of users created by LDAP?

Comment #2

jcwatson11 CreditAttribution: jcwatson11 commented 21 October 2008 at 19:37

I have confirmed the bug as an incompatability with the realname module as used with LDAP integration module. Users who use LDAP integration and realname cannot edit their profiles after logging in through LDAP because the user navigation tabs at the top of the My account page will not appear.

Explanation
When LDAP creates a drupal account for a user, the fields used to construct the user's realname from the profile are not populated yet.

The user module (at least I think it's the user module) will not display the user edit tabs at the top of the user page unless the $user object has a $name attribute.

When realname is enabled, the $user->name attribute is replaced with a blank value because LDAP login process does not prompt for profile fields on account creation. Since the user cannot navigate to edit his account, he can never get rid of the (not verified) text next to his username that realname adds when it can't find profile fields to construct the user's "real name".

In other words, from a drupal framework perspective, $user->name cannot be blank otherwise it causes problems.

Solution:
Thankfully, there is an easy fix for the realname module. I would like to ask NancyDru to incorporate this fix for compatability with the LDAP integration module. Here it is:

/**
 * Implementation of hook_user().
 */
function realname_user($op, &$edit, &$account, $category = NULL) {
  if ($op == 'load') {
    $account->realname = realname_make_name($account);
  }

  // If theme then replace name with realname.
  if (variable_get('realname_theme', FALSE) && $account->realname) {
    //Store it for places where it needed
    if (!isset($account->realname_save) && is_object($account)) {
      $account->realname_save = $account->name;
      $account->name = $account->realname;
    }
  }
}

Note the only line that is changed is the second "IF" statement. It appends && $account->realname to the condition.

The above solution simply postpones the usage of a "real name" until there is some value in the fields used to construct it.