Ok we will give this a try and let you know. I will have to wait for a returning employee though, as we have very limited ability to do any testing on AD :(.
(Also i meant to say same username/email - not password).
So a user is disabled when their account gets removed from AD. They remain in Drupal as blocked, during this time if using this new feature, orphan processing would not update the disabled account account, as there would be no matching account in AD, right? Are you suggesting that once the account is returned to AD with same username/pw, that this new feature might help it resync and automatically reactivate it?
Sorry for the delay in response! First, no, it is not possible to just disable the user in AD, you are correct in assuming we have no control over AD, plus there is no way to know which users might return.
Also when the orphan processor runs next, the user does not get disabled again. Once we set them to active, they sync with their AD account and stay active.
Here are our settings, thanks for taking a look:
PHP LDAP module
'LDAP Support': enabled
'Total Links': 0/unlimited
'API Version': '3001'
'Vendor Name': OpenLDAP
'Vendor Version': '20457'
'SASL Support': Enabled
Directive:
- 'Local Value'
- 'Master Value'
ldap.max_links:
- Unlimited
- Unlimited
LDAP debug configuration
{ }
Users
Currently active Drupal user registration setting: admin_only
LDAP user configuration
_core:
default_config_hash: xxxxxxesw
drupalAcctProvisionServer: xxxxx_ldap
ldapEntryProvisionServer: null
drupalAcctProvisionTriggers:
- drupal_on_login
- drupal_on_update_create
ldapEntryProvisionTriggers: { }
orphanedIncludeDisabledUsers: false
orphanedDrupalAcctBehavior: user_cancel_block
orphanedCheckQty: 1300
orphanedAccountCheckInterval: always
userConflictResolve: resolve
manualAccountConflict: conflict_associate
acctCreation: user_settings_for_ldap
disableAdminPasswordField: false
userUpdateCronQuery: test_users
userUpdateCronInterval: always
userUpdateOnly: false
ldapUserSyncMappings:
drupal:
field-ldap_user_current_dn:
ldap_attr: '[dn]'
user_attr: '[field.ldap_user_current_dn]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
- sync_to_drupal_user
field-ldap_user_puid_sid:
ldap_attr: xxxxx_ldap
user_attr: '[field.ldap_user_puid_sid]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
field-ldap_user_puid:
ldap_attr: '[objectguid]'
user_attr: '[field.ldap_user_puid]'
convert: true
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
- sync_to_drupal_user
field-ldap_user_puid_property:
ldap_attr: objectguid
user_attr: '[field.ldap_user_puid_property]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
field-field_user_city_address:
ldap_attr: '[l]'
user_attr: '[field.field_user_city_address]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
- sync_to_drupal_user
field-field_user_dept:
ldap_attr: '[department]'
user_attr: '[field.field_user_dept]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
- sync_to_drupal_user
field-field_user_display_name:
ldap_attr: '[displayname]'
user_attr: '[field.field_user_display_name]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
- sync_to_drupal_user
field-field_user_employee_id:
ldap_attr: '[employeeid]'
user_attr: '[field.field_user_employee_id]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
- sync_to_drupal_user
field-field_user_fax_number:
ldap_attr: '[facsimiletelephonenumber]'
user_attr: '[field.field_user_fax_number]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
- sync_to_drupal_user
field-field_user_first_name:
ldap_attr: '[givenname]'
user_attr: '[field.field_user_first_name]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
field-field_user_job_title:
ldap_attr: '[title]'
user_attr: '[field.field_user_job_title]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
- sync_to_drupal_user
field-field_user_last_name:
ldap_attr: '[sn]'
user_attr: '[field.field_user_last_name]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
- sync_to_drupal_user
field-field_user_phone_ext:
ldap_attr: '[otherTelephone]'
user_attr: '[field.field_user_phone_ext]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
- sync_to_drupal_user
field-field_user_state_address:
ldap_attr: '[st]'
user_attr: '[field.field_user_state_address]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
- sync_to_drupal_user
field-field_user_street_address:
ldap_attr: '[street]'
user_attr: '[field.field_user_street_address]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
- sync_to_drupal_user
field-field_user_tel_number:
ldap_attr: '[telephonenumber]'
user_attr: '[field.field_user_tel_number]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
- sync_to_drupal_user
field-field_user_zip_address:
ldap_attr: '[postalcode]'
user_attr: '[field.field_user_zip_address]'
convert: false
user_tokens: ''
config_module: ldap_user
prov_module: ldap_user
prov_events:
- create_drupal_user
- sync_to_drupal_user
ldap: { }
Drupal LDAP servers
Server xxxx LDAP:
uuid: xxxxxxxxx
langcode: en
status: true
dependencies: { }
id: xxxxx_ldap
label: 'xxxxx LDAP'
type: ad
address: xxx.xxx.xxx
port: 389
timeout: 10
encryption: none
weight: null
bind_method: service_account
binddn: '***'
bindpw: '***'
basedn:
- 'OU=xxxxx,DC=xxxx,DC=gov'
user_attr: samaccountname
account_name_attr: ''
mail_attr: mail
mail_template: ''
picture_attr: ''
unique_persistent_attr: objectguid
unique_persistent_attr_binary: true
user_dn_expression: ''
testing_drupal_username: ''
testing_drupal_user_dn: ''
grp_unused: false
grp_object_cat: group
grp_nested: true
grp_user_memb_attr_exists: true
grp_user_memb_attr: memberof
grp_memb_attr: distinguishedname
grp_memb_attr_match_user_attr: cn
grp_derive_from_dn: true
grp_derive_from_dn_attr: cn
grp_test_grp_dn: ''
grp_test_grp_dn_writeable: ''
willabby β created an issue.
willabby β changed the visibility of the branch 3401605-exposed-filter-with to active.
willabby β changed the visibility of the branch 3401605-exposed-filter-with to hidden.
Thank you for your quick response! I have applied the 2.0.x-dev version and all errors are gone. It has been several years since I set up Group, so trying to wrap my head around the new permissions/roles.
When I updated group authorization to 2.0.x-dev version, and checked on the group assignments, all my Group and Roles were empty. All my LDAP Queries map to a "member" role. I went back to my groups and noticed that on updating to Group 2.2.1 it converted my Member role to "Insider" which is "Assigned to all members who have the corresponding global role." Technically all my members are also authenticated users, so that I guess makes sense? But I switched the role to "Individual" since I need it to show on the group assignment page, and when I refreshed, member was restored to the Group and Roles drop down.
Any chance you could tell me what the difference is between those two types of roles? And, why Group Authorization only recognizes the "Individual" role?
willabby β created an issue.
I just updated to fontawesome 2.26 from 2.19, and to php 8.1 and encountered this exact issue.
I am on D9.5.10.
I applied the patch here manually and errors went away. Was this fixed?