Unable to authenticate after Drupal 5.8 update

Confirmed here as well; I traced my authentication path to ensure it returns 'true' from my hook_auth() implementation.

The code for my auth module can be found here:
http://www.mozdev.org/source/browse/custom/src/drupal/mozdevauth/

Whoops; didn't realize this was on the ldap project. This should probably be moved to the drupal project.

Attached is a patch that restores access for me.

It appears that revision 1.745.2.27 (issue#165642) according to the commit log was the culprit.

That's revision 1.745.2.27 of user.module in the DRUPAL-5 branch.

I guess you are trying to authenticate without using a "@server" part.

There is nothing wrong in the Drupal Core code here, it is the way it should be. It looks like LDAP Integration uses several unsupported hacks to change the behavior of Drupal Core authentication, and those may rely on previously broken behavior of the user_authenticate() function.

I'm reassigning that issue to LDAP Integration for further study.

Same problem, but the patch didn't work here.

This looks like it's supposed to be a valid execution path; it was certainly one up until Drupal 5.8. Why would you try to auth against each module and then throw away the result if you find a matching user?

Well, I quickly looked at the LDAP integration code from the CVS, there is a whole section there named 4. Login process hacks, that seems to completely bypass user_authenticate() (by calling _ldapauth_user_authenticate()).

This is obviously completely unsupported, and that's why I reassigned that issue to the LDAP integration queue.

@silfreed: it looks like your issue is a different one. The loop through auth modules is meant for registering new users, not for authenticating existing ones that should already be in the authmap. Your issue is you are trying to perform a remote authentication without a proper server part, while that's not properly supported. Please open a new ticket against Drupal core for that.

I don't have a CVS working copy here with me, but here's my solution:

Index: .../ldap_integration/ldapauth.module
===================================================================
--- .../ldap_integration/ldapauth.module	(revision 191)
+++ .../ldap_integration/ldapauth.module	(working copy)
@@ -599,6 +599,12 @@
         && !call_user_func('ldapauth_user_filter', $ldapauth_ldap->retrieveAttributes($dn))) {
       continue;
     }
+    
+    $registered_user = user_load(array('name' => $name));
+    if ($registered_user->uid) {
+      $GLOBALS['user'] = $registered_user;
+    }
+    
     return true;
   }
   return false;

Definitely a hack, but so is the rest of the module. It sorely needs a rewrite.

@Damien the hook_auth() API documentation doesn't make it sound like @server should be required for an external auth hook to be called, and indeed that is how I'm using it. With the modifications made to drupal 5.8 I'm going to have to resort to hacks just like the ldap auth module is forced to. Regardless of whether this was a bug or not, it now affects functionality that was depended upon by several API users.

I didn't mean to change those values.

@realityloop: this solution is wrong: _ldapauth_save_user() is already there to deal with login and registering the user.

Could you check if ldapauth_login_validate() is even called on your installation?

After playing around a bit more, I can log in via LDAP just fine with the current 5.x-1.x-dev version and Drupal 5.8.

I threw a drupal_set_message() into ldapauth_login_validate() and it is running.

He means this:

Index: .../ldap_integration/ldapauth.module
===================================================================
--- .../ldap_integration/ldapauth.module (revision 191)
+++ .../ldap_integration/ldapauth.module (working copy)
@@ -599,6 +599,9 @@
         && !call_user_func('ldapauth_user_filter', $ldapauth_ldap->retrieveAttributes($dn))) {
       continue;
     }
+   
+    _ldapauth_save_user($name, $pass);
+   
     return true;
   }
   return false;

Which is better than the previous patch. I didn't see that function during my first skim through the code.

But as I said in my last post, my site seems to be authenticating LDAP users without any changes to 5.x-1.x-dev. I'm not sure that this is actually a problem with the module.

Thanks, folks. The patch at #11 works for me; authenticating against MS Active Directory, pre-existing users. #19 also worked, btw.

Ver 5.x-1.3

Oddly, have another site on the same host (not using multi-site) that works fine with the existing code. Rather mystifying.

Closing 5.x issues to clean out issue queue.