LDAP login works correctly with Drupal UI but fails trying to login LDAP users via services.
LDAP server tests correctly
Login works correctly in the Drupal web UI for an user existing only in LDAP. Custom fields are correctly read and filled
with data taken from LDAP. This is the log:
user 04/20/2017 - 14:47 Session closed for BROMNL66B23B354T. BROMNL66B23B354T
user 04/20/2017 - 14:47 Session opened for BROMNL66B23B354T. BROMNL66B23B354T
ldap_servers 04/20/2017 - 14:47 LDAP bind failure for user userdn=, pass=. Anonymous (not verified)
ldap_servers 04/20/2017 - 14:47 LDAP search call with base_dn 'ou=people,dc=collaudo,dc… Anonymous (not verified)
ldap_authentication 04/20/2017 - 14:47 BROMNL66B23B354T: Authentication result is … Anonymous (not verified)
ldap_servers 04/20/2017 - 14:47 LDAP search call with base_dn 'ou=people,dc=collaudo,dc… Anonymous (not verified)
ldap_servers 04/20/2017 - 14:47 LDAP search call with base_dn 'ou=people,dc=collaudo,dc… Anonymous (not verified)
ldap_authentication 04/20/2017 - 14:47 BROMNL66B23B354T: Success at connecting to aulss6… Anonymous (not verified)
ldap_authentication 04/20/2017 - 14:47 BROMNL66B23B354T: Trying server aulss6_collaudo with… Anonymous (not verified)
ldap_authentication 04/20/2017 - 14:47 BROMNL66B23B354T: Existing Drupal user account not… Anonymous (not verified)
ldap_authentication 04/20/2017 - 14:47 BROMNL66B23B354T : Beginning authentication Anonymous (not verified)
After removing the same user and retrying via curl, the login process fails:
curl -v -X POST -H "Content-Type: application/json" -d '{"name":"BROMNL66B23B354T","pass":"somepassword"}' http://intranet-api.aulss6.someserver.it/user/login?_format=json
This is the response. The return code is a Bad Request becouse (i think) we added a debug message:
> POST /user/login?_format=json HTTP/1.1
> Host: intranet-api.aulss6.someserver.it
> User-Agent: curl/7.51.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 42
>
< HTTP/1.1 400 Bad Request
< Date: Thu, 20 Apr 2017 12:52:11 GMT
< X-Content-Type-Options: nosniff
< Cache-Control: must-revalidate, no-cache, private
< X-UA-Compatible: IE=edge
< Content-language: en
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Expires: Sun, 19 Nov 1978 05:00:00 GMT
< OV-Server: slpapswb01
< Content-Length: 89
< Content-Type: application/json
< OV-VirtualHostCache: demo_intranet-api
< OV-Cache: scpchswb01
< Age: 0
< X-Cache: MISS
< X-Cache-Hits: 0
< Connection: keep-alive
* Curl_http_done: called premature == 0
100 131 100 89 100 42 316 149 --:--:-- --:--:-- --:--:-- 334{"message":"Sorry, unrecognized username:***BROMNL66B23B354T*** or password:***somepassword***"}
* Connection #0 to host intranet-api.aulss6.someserver.it left intact
The only log row in this case is this:
php 04/20/2017 - 14:52 Symfony\Component\HttpKernel\Exception… Anonymous (not verified)
Its detail is this:
Type php
Date Thursday, April 20, 2017 - 14:52
User Anonymous (not verified)
Location http://intranet-api.aulss6.someserver.it/user/login?_format=json
Referrer
Message Symfony\Component\HttpKernel\Exception\BadRequestHttpException: Sorry, unrecognized username:***BROMNL66B23B354T*** or password:***somepassword*** in Drupal\user\Controller\UserAuthenticationController->login() (line 216 of /data/www/drupal/drupal-rest/core/modules/user/src/Controller/UserAuthenticationController.php).
Severity Error
Hostname 10.170.0.7
Operations
The exception raised is the one in this method:
public function login(Request $request) {
in the file core/modules/user/src/Controller/UserAuthenticationController.php
Line number is not precise becouse we tried adding some debug messages.
In that method, this condition is never verified (when accessing via REST service):
if ($uid = $this->userAuth->authenticate($credentials['name'], $credentials['pa```{
If immediately I try to login with the same username/password in the Drupal UI, it works fine.
Login works perfectly when logging via REST API with a Drupal-only user, not using LDAP.
If it's the same case, we found some similar feature requests, for 7.x core:
https://www.drupal.org/node/1286790 →
https://www.drupal.org/node/1286482 →
Details:
Drupal 8.3.0
PHP 5.6.30-10+deb.sury.org~xenial+2 (cli)
Machine: Ubuntu 16.04.1 LTS
Closed: won't fix
4.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
I don't think a separate endpoint is necessary if this issue gets resolved:
📌 Override the user.auth service in ldap_authentication to do the password check Needs work