I have used ldap_feeds to populate our Drupal user database from our active directory for our corporate Intranet following the LDAP feeds example for doing this.

Shortly after launching the site we began getting reports of deactivated users showing up in the Drupal user database. Looking at "function _ldap_user_orphans" in ldap_user.cron.inc that function depends on sid, puid and puid_attr to build "$drupal_users[$sid][$puid_attr][$puid]['exists'] = FALSE | TRUE;" however these fields weren't populated during the feeds import.

CommentFileSizeAuthor
ldap_config.txt16.01 KBlawsonk
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

johnbarclay’s picture

Priority: Normal » Major
johnbarclay’s picture

Assigned: Unassigned » johnbarclay
Issue summary: View changes
grahl’s picture

Assigned: johnbarclay » Unassigned
Status: Active » Postponed (maintainer needs more info)

Is anyone still experiencing this?

grahl’s picture

Status: Postponed (maintainer needs more info) » Closed (outdated)

No feedback for more than 2 months, closing.

bulldozer2003’s picture

Status: Closed (outdated) » Active

I have this issue. When you map a binary attribute to puid or sid the import fails with SQL constraint errors. The does not appear to be any tamper that can convert the binary value.

grahl’s picture

Thanks for your feedback, bulldozer2003.

I don't know much about Feeds internals at all but I'd like to first confirm that we are on the right track and the binary conversion is the only limiting factor.

Could you possibly try outFeeds Tamper PHP and run it with:
return ldap_servers_binary($relevant_field);

If that works I suppose we could support that more cleanly with a custom plugin based on the Feeds Tamper documentation: https://www.drupal.org/node/1246602

bulldozer2003’s picture

Yes that does it! Thank you for your help.

bulldozer2003’s picture

The option to set the ldap_user_puid as a unique value in the feeds importer is not available. I added another mapping for objectguid to GUID (used by the feeds module), ran the import, and then removed the username unique constraint.

bulldozer2003’s picture

Found a possible bug with importing the PUID with this method. With the option to check for orphaned Drupal accounts (orphanedDrupalAcctBehavior) set to disable, all my user accounts were being disabled every 10 minutes. This did not happen with users that were created by the LDAP module. Once I remove the puid value from the user accounts, they don't get disabled anymore. So there is something where LDAP module thinks users with imported puid values are orphaned for some reason? The obvious workaround is to not check orphaned accounts, which is OK for me.

grahl’s picture

That behavior sounds a bit odd, did you make sure that you imported the sid, puid attribute and puid value? With only the puid value set this could go awry.

grahl’s picture

Status: Active » Postponed (maintainer needs more info)
grahl’s picture

Status: Postponed (maintainer needs more info) » Closed (outdated)

I'm closing this issue since no follow-up information turned up.

Please create a new issue (potentially referencing this issue) if you or someone else still runs into this.