Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I have used ldap_feeds to populate our Drupal user database from our active directory for our corporate Intranet following the LDAP feeds example for doing this.
Shortly after launching the site we began getting reports of deactivated users showing up in the Drupal user database. Looking at "function _ldap_user_orphans" in ldap_user.cron.inc that function depends on sid, puid and puid_attr to build "$drupal_users[$sid][$puid_attr][$puid]['exists'] = FALSE | TRUE;" however these fields weren't populated during the feeds import.
Comment | File | Size | Author |
---|---|---|---|
ldap_config.txt | 16.01 KB | lawsonk |
Comments
Comment #1
johnbarclay CreditAttribution: johnbarclay commentedComment #2
johnbarclay CreditAttribution: johnbarclay commentedComment #3
grahlIs anyone still experiencing this?
Comment #4
grahlNo feedback for more than 2 months, closing.
Comment #5
bulldozer2003I have this issue. When you map a binary attribute to puid or sid the import fails with SQL constraint errors. The does not appear to be any tamper that can convert the binary value.
Comment #6
grahlThanks for your feedback, bulldozer2003.
I don't know much about Feeds internals at all but I'd like to first confirm that we are on the right track and the binary conversion is the only limiting factor.
Could you possibly try outFeeds Tamper PHP and run it with:
return ldap_servers_binary($relevant_field);
If that works I suppose we could support that more cleanly with a custom plugin based on the Feeds Tamper documentation: https://www.drupal.org/node/1246602
Comment #7
bulldozer2003Yes that does it! Thank you for your help.
Comment #8
bulldozer2003The option to set the ldap_user_puid as a unique value in the feeds importer is not available. I added another mapping for objectguid to GUID (used by the feeds module), ran the import, and then removed the username unique constraint.
Comment #9
bulldozer2003Found a possible bug with importing the PUID with this method. With the option to check for orphaned Drupal accounts (orphanedDrupalAcctBehavior) set to disable, all my user accounts were being disabled every 10 minutes. This did not happen with users that were created by the LDAP module. Once I remove the puid value from the user accounts, they don't get disabled anymore. So there is something where LDAP module thinks users with imported puid values are orphaned for some reason? The obvious workaround is to not check orphaned accounts, which is OK for me.
Comment #10
grahlThat behavior sounds a bit odd, did you make sure that you imported the sid, puid attribute and puid value? With only the puid value set this could go awry.
Comment #11
grahlComment #12
grahlI'm closing this issue since no follow-up information turned up.
Please create a new issue (potentially referencing this issue) if you or someone else still runs into this.