Roles removed if user has multiple roles in WP

[luisarn]

Greetings!

If an user has multiple roles in WP, the plugin will remove all of them and keep only the first one. The function authLdap_user_role($uid) only returns the first index of the array and then its value is being used to overwrite the usermeta.

My current workaround is to add a condition in line 333 of authLdap.php:

if ($authLDAPGroupEnable && $authLDAPGroupOverUser) { $user_info['role'] = $role; }

The idea is to modify the usermeta only when is absolutely necessary.

Regards, Luis

[heiglandreas]

Thanks for spotting and reporting! Looks like a good solution. I'll check that and might implement it. Stay tuned!

[trinadhv]

exactly what I was about to open as an issue. Currently, I commented it out //$user_info['role'] = $role; because it removes multiple roles and only adds the first role in the list as it is clearly written in line 462 $role = $roles[0];

Can you add an option in the settings page where we can choose whether to update the roles or not? or at least have the previous multiple roles reassigned?

[lrobinot]

I have encountered very similar issue with the plugin version 2.1.1 (LDAP groups are not used).

I am using various bbPress and WPML plugins. One of the site Administrator got his wp_usermeta->wp_capabilities set to:

a:3:{s:9:"translate";b:1;s:19:"manage_translations";b:1;s:13:"administrator";b:1;}

I did not find why, and I do not know this is correct, but the administrator is at the end of the list!!

at line 471 in function authLdap_user_role():

    $capabilities = unserialize($meta_value);
    $roles = is_array($capabilities) ? array_keys($capabilities) : array('');
    $role = $roles[0];

Are you assuming that the main role is the first one in the list, which is not the case on my setup.

So you drop the Administrator role for this user...

Then at line 329:

            $roles = new WP_Roles();
            // not sure if this is needed, but it can't hurt
            if (!$roles->is_role($role)) {
                trigger_error('no group found');
                authLdap_debug('role is invalid');
                return false;
            }

$roles->is_role($role) failed as "translate" is a capability, not a role => User login rejected with wrong password.

[heiglandreas]

Thank you for this information! That helps narrowing this problem down!

[lrobinot]

I am not an expert in Wordpress development, is there someone with some knowledge about capabilities to tell me if the order in the database is important or not?

I am tracking down the issue in other plugins too!

[tanguy-opendsi]

hi everyone. I got the same problem with this module. To avoid the update when connect i replace : unset ($user_info['display_name'], $user_info['nickname']); too unset ($user_info['display_name'], $user_info['nickname'], $user_info['role']);

[dankeller]

I'm having this same issue, users with multiple roles are reduced to one when logging in (not optimal!) I am not using "Map LDAP Groups to wordpress Roles?" option. Any update on getting a fix put in place?