Contrib.social

LDAP is not updated when user set his password

Open on Drupal.org β†’
Created on 12 April 2022, over 2 years ago
Updated 6 April 2024, 6 months ago

Problem/Motivation

LDAP is not updated when user set his password

Steps to reproduce

1. New user register to site, user created in LDAP
2. Email sent to user with one-time link to create this password
3. User use the link to set his own password, but LDAP is not updated with the new password

Drupal Mappings

  • [dn] --> Field: Most Recent DN on create_drupal_user & sync_to_drupal_user
  • [uid] --> Property: Username on create_drupal_user & sync_to_drupal_user
  • [mail] --> Property: Email on create_drupal_user & sync_to_drupal_user
  • [userPassword] --> Field: Password on create_drupal_user & sync_to_drupal_user

LDAP Mappings

  • uid=[property.name],ou=people,dc=anngo-hub,dc=com --> [dn] on create_ldap_entry & sync_to_ldap_entry
  • [property.name] --> [cn] on create_ldap_entry & sync_to_ldap_entry
  • [property.name] --> [sn] on create_ldap_entry & sync_to_ldap_entry
  • inetOrgPerson --> [objectClass] on create_ldap_entry & sync_to_ldap_entry
  • Property: Email --> [mail] on create_ldap_entry & sync_to_ldap_entry
  • Field: Password --> [userPassword] on create_ldap_entry & sync_to_ldap_entry
πŸ› Bug report
Status

Fixed

Version

4.6

Component

Code

Created by

πŸ‡ͺπŸ‡¬Egypt rami.sedhom

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 11 months ago β†’
    πŸ‡©πŸ‡ͺGermany gngn

    I encountered similar behaviour: LDAP is not updated after changing the password.

    I logged out and logged in again (only possible with the new password).
    After that LDAP was synced.

    So I think the password change was only stored in the drupal database at first.
    The re-login somehow triggered the LDAP sync.

  • Comment 7 months ago β†’
    πŸ‡©πŸ‡ͺGermany websiedler

    I can confirm similar behaviour changing the password using the user profile form.

    digging in the code I recognized that CredentialsStorage::storeUserPassword) is called twice, first as expected by ldap_user_grab_password_validate() with the new password from the profile form, but after that by LdapProtectedUserFieldConstraintValidator:validate() with the old password from the current useraccount.

    Therefore CredentialsStorage::getPassword() in LdapEntryProvisionSubscriber::fetchDrupalAccountPassword() gets the old password and syncs it subsequently.

    The new password is correctly set in the local Drupal database by the profile form.

    After a successful re-login with the new password, it is grabbed and synced as expected.

  • Comment 7 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States bluegeek9

    @websiedler,

    Thank you for reporting this. Now that I know what to look for, we can fix this.

  • Assigned to bluegeek9
  • Comment 7 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States bluegeek9

    I was able to verify that CredentialsStorage::storeUserPassword is called twice. LdapEntryProvisionSubscriber::fetchDrupalAccountPassword is called after ldap_user_grab_password_validate.

    I was able to confirm removing the second call from LdapEntryProvisionSubscriber::fetchDrupalAccountPassword works.

    I intended to also add test coverage to the ldap_user module.

  • Pipeline finished with Failed
    6 months ago
    #126695
  • Pipeline finished with Failed
    6 months ago
    #126697
  • Merge request !95Resolve #3274935 "Ldap is not" β†’ (Merged) created by bluegeek9
  • Pipeline finished with Skipped
    6 months ago
    #127205
  • Comment 6 months ago β†’
    System Message
  • Issue was unassigned.
  • Status changed to Fixed 6 months ago
  • Comment 6 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States bluegeek9
  • Comment 6 months ago β†’
    System Message

    Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024