Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.After upgrading to the latest version the password that is pushed to LDAP appears to be a randomly generated one from the module even though PWD: User or Random is selected. For troubleshooting I've set ldap and drupal to all plain text for passwords. I've also tried uninstalling the module and user creation just within drupal works just fine with the password entered at registration.
| Comment | File | Size | Author |
|---|---|---|---|
| #3 | 1838896.patch | 1.41 KB | johnbarclay |
Comments
Comment #1
jdowner12 CreditAttribution: jdowner12 commentedFixed, found I needed to check convert to binary. Doh! Sorry for the duplicate issues.
Comment #2
jdowner12 CreditAttribution: jdowner12 commentedI thought i got it fixed but I'm still getting strange behavior. The password is pushed to the ldap user correctly only when I set drupal to require e-mail validation and the "new user" clicks the one time link and sets their password. If I don't require e-mail validation and just let anyone create a new user the password pushed to ldap is random, regardless of what is set for the password options in LDAP users. If I set the drupal toldap provisioning to sync on login the ldap password is set to a different random one each log in. the same as when the user is created.
Using Drupal 7.17
For testing I'm using plain text to make it easier to troubleshoot and can see the password updated each time.
Comment #3
johnbarclay CreditAttribution: johnbarclay commentedI haven't tested this use case.
Background: The bulk of the work on passwords is in ldap_servers.tokens.inc in ldap_servers_token_tokenize_user_account(). If it is supplying a new random password, it likely does not have "access" to the user's password; that is none of the form hooks have stored it in the static variable within ldap_user_ldap_provision_pwd(). The password has to be stored in a static variable, because none of the user functions expose the unhashed password.
I can see the password is only set via ldap_user_ldap_provision_pwd() when submitted from the user profile form and user register form.
The same functionality is needed in the login form and any other login form. Can you try this patch out? If it works we need to make sure this gets in the simpletests also.
Comment #4
jdowner12 CreditAttribution: jdowner12 commentedThanks for the quick response, Hope I applied it correctly:
1838896.patch ldap_user.api.php LdapUserConf.class.php ldap_user.info ldap_user.module ldap_user.theme.inc README.developers.txt tests
ldap_user.admin.inc LdapUserConfAdmin.class.php ldap_user.cron.inc ldap_user.install ldap_user.test_form.inc ldap_user.ws.inc README.txt TODO.txt
#:/var/www/sites/all/modules/ldap/ldap_user$ sudo patch ldap_user.module < 1838896.patch
patching file ldap_user.module
#:/var/www/sites/all/modules/ldap/ldap_user$
The patch seams to have partially fixed the problem. Anonymous self registration without e-mail verification still pushes a random password, weather I have set it to auto log in after registration or not. However once the user logs in by entering the user name password entered during registration the password is pushed correctly to LDAP.
Comment #5
johnbarclay CreditAttribution: johnbarclay commentedThanks for testing. This is progress. I'll work on fixing: "Anonymous self registration without e-mail verification still pushes a random password, weather I have set it to auto log in after registration or not."
Comment #6
johnbarclay CreditAttribution: johnbarclay commentedI see where the problem was. I committed a patch. Can you try this again with "Anonymous self registration without e-mail verification still pushes a random password, weather I have set it to auto log in after registration or not."?
Thanks.
See http://drupalcode.org/project/ldap.git/commitdiff/74ea2832d17980a28d76d5...
Comment #7
jdowner12 CreditAttribution: jdowner12 commentedWill do, I'm still getting used to working with php, and the internals of drupal. What would be the best way to apply the commit? The single patch file was fairly straight forward to figure out. I'm a bit confused with multiple files involved.
Comment #8
johnbarclay CreditAttribution: johnbarclay commentedI committed it, so you just download the current ldap-7.x-2.0-dev
with drush:
drush dl ldap-7.x-2.0-dev
or get it from: http://drupal.org/project/ldap
Comment #9
jdowner12 CreditAttribution: jdowner12 commentedHey, thanks I wasn't thinking it would be that easy to apply the updates! I applied them and the behavior has actually reverted for user login, and user Registration still produces a random password.
Comment #10
jdowner12 CreditAttribution: jdowner12 commentedI was able to do some more testing today and something with the way Drupal handles the password must have changed in 7.17 or 7.16. I went back to Drupal 7.15 and installed the latest Dev build of the ldap plugins and the password is being pushed correctly on user Login, and creation, and password resets. To make sure I wasn't going crazy I setup 7.17 and another ldap vm in another test environment and see the same problems. Could the password token have changed?
Comment #11
johnbarclay CreditAttribution: johnbarclay commentedI doubt it. I don't see anything related in the commit (http://drupalcode.org/project/drupal.git/commitdiff/b9127101ffeca819e74a...)
Its more likely a case of updates, or caches, or something I would guess. Or perhaps a configuration difference?
I will update my dev to 7.17 also.
Comment #12
johnbarclay CreditAttribution: johnbarclay commentedComment #13
jdowner12 CreditAttribution: jdowner12 commentedUpdated it in my test environment with 7.17 and the password is pushed correctly for every scenario I could think of trying. Thanks for the help!! Was there a big difference between 7.17 and 7.15?
Comment #14
johnbarclay CreditAttribution: johnbarclay commentedGreat. Thanks for the thoroughness and follow through. Its very helpful. I'm not sure about the 7.15-7.17 changes.
Comment #16
Laz5530 CreditAttribution: Laz5530 commentedHi,
I have the same problem with Drupal Core 7.18 and LDAP 7.x-2.0-beta3 released on 2012-Dec-07 or
Drupal Core 7.19 and LDAP 7.x-2.x-dev released on 2013-Jan-28
any idea?
Comment #17
jdowner12 CreditAttribution: jdowner12 commentedI just started testing beta 3 and ran into some similar issues. Csotlac, I'm curious what is your workflow for user creation and settings for pushing drupal user info to ldap? If I go back to beta 2 I don't have problems with 7.18 or 7.19.
Comment #18
aanjaneyam CreditAttribution: aanjaneyam commentedSame problem. Whenever a drupal account is updated to change fields other than password (password filed blank) a random password is synced to LDAP server entry. A manual password rest is then needed by user 1 or administrators. The only workaroud I have come to know to not to sync password other that on new account creation i.e. passwords should only be synced once when a new user is created and not thereafter whenever the account is updated.
Comment #19
aanjaneyam CreditAttribution: aanjaneyam commentedAny suggestions on fixing this.
Comment #20
johnbarclay CreditAttribution: johnbarclay commentedI committed a related patch #1884922-13: LDAP User: Password field disabled Makes use case of Provisioning Passwords from Drupal to LDAP unusable related to passwored behavior and provisioning. It passes all simpletests and looks good. Please test.
http://drupalcode.org/project/ldap.git/commitdiff/cb3dede7d354e4a6c0bd9f...
Comment #21
aanjaneyam CreditAttribution: aanjaneyam commentedI have installed latest dev version (dated 17 March 2013) assuming that it conatins the patch in #20 above.
I have set up something similar to http://drupal.org/node/1884922#comment-7144956 (if a user is not present in drupal but present in ldap server then it gets created with details stored in ldap server. User accounts can also be created on drupal site and the same gets created/synched to ldap server. All in all a two way sync - a user not present in drupal but in ldap then ldap creates it on authentication and if user is created in drupal the drupal creates it in ldap using the details of user created.
Now when I authenticate with ldap server -using user details of a user NOT in drupal- then The user account get created. But when I go and try to edit email or password for that user I get the following:
Your current password is missing or incorrect; it's required to change the Password.The password is correct because I can log in using the same password. I can also change details other than user's email and password. I also tried it with option "Don't update stored email if LDAP email differs at login" on authentication settings page.
Now it seems drupal is sending SHA passwords instead of clear text so it is also making inaffective my policy mentioned in http://drupal.org/node/1884962#comment-7184592.
Comment #22
aanjaneyam CreditAttribution: aanjaneyam commentedTo add!! Is clear that drupal is not sending any password (or may be existing password in clear text) when all the password field is empty (i.e. fields other than password is updated). But the problem of updating password and email remains ans correct password not recognised.
Comment #23
johnbarclay CreditAttribution: johnbarclay commentedSee http://drupal.org/node/1884962#comment-7197168 for a related patch to ldap provisioning of passwords.
Comment #24
johnbarclay CreditAttribution: johnbarclay commented