[SOLVED] LDAP integration leaves new accounts pending

Very strange. I've disabled my plugins and enabled Joomla LDAP. Now when I authenticate using an AD account credentials it shows me logged in with my Google account username and renders the page without any styles.

I'm running Joomla on Windows Server/IIS if that makes any difference.

No idea, sorry. All our LDAP support does is approve/confirm a user that is logging in with LDAP credentials. How Joomla behaves when using such a authentication is out of CBs hands. Perhaps the LDAP plugin needs additional configuration? If still not approved/confirmed ensure within CB > Configuration > General you've set the login type to allow authentication plugins.

I just noticed that the pre-patched #3303 file has all the display code in it, i.e. the revised code is in a table. I've patched it manually.

I have narrowed the issue down to single sign on. If I disable it and log in manually using the CB Login module, the new account is created in Joomla and CB and automatically approved. When SSO is on, the account is created in Joomla and shows the user logged in, but when you try to view the profile it throws an error, and the account shows as pending approval in the CB user manager.

I just noticed that the pre-patched #3303 file has all the display code in it, i.e. the revised code is in a table. I've patched it manually.

Nothing wrong with the pre-patched, works perfectly fine and is accurate to the patch so not sure what your issue was with using it. It's not intended to be copy and pasted from within the browser, there's a download link at the top after clicking to view it.

I have narrowed the issue down to single sign on. If I disable it and log in manually using the CB Login module, the new account is created in Joomla and CB and automatically approved. When SSO is on, the account is created in Joomla and shows the user logged in, but when you try to view the profile it throws an error, and the account shows as pending approval in the CB user manager.

So it's just a single LDAP account now that's causing problems? CB already logs the user in so there's no need to double that over as whatever you're enabling is probably using Joomla API to login and completely bypassing CB.

It's not a single LDAP account. Any Active Directory user accessing the site for the first time appears to be logged in, but they are actually still unconfirmed/pending in the CB user list, it says it it waiting for approval and that the email is unconfirmed when they try to view their profile, and there is no row for them in jos_comprofiler.

The new user is fully created in Joomla, but not in CB.

Without single sign on (i.e. with a manual login) it works fine.

Then your single sign on is completely bypassing CB and you won't be able to use it. All my tests were with typing the LDAP credentials into CB login module, hitting login, it'd validate the LDAP credentials, log me in and approve/confirm me.