Hi everyone,
I'm developing a site for a residential hall within a university that will be used for posting various forms of content and other things that generally suit Drupal.
It would be desirable for students to be able to use the same username and password to log into the site as they do on the rest of the university network. This involves binding to the university's LDAP server. As the site is only for a select group of residents though, we'd like to be able to create the users manually, and only authenticate with LDAP when a user account already exists. Other than authentication, the LDAP server is of no use or relevance to us.
I've had a brief look at what's available in terms of LDAP modules, and none of them seem to quite match what we need. I guess if there's nothing available I could hack some of the existing stuff, but I'd like to avoid that if possible. Can anyone point me in the right direction here?
(The new LDAP API project looks interesting, but it doesn't look like it will have a stable release in time for this project - I might have to go back to Drupal 6 for this one. :/ )
Thanks in advance!
Comments
restrict/allow access to specific LDAP users
Hi
I have the same problem. In my case I followed these instructions http://groups.drupal.org/node/33068 and created local accounts. Then i selected "Associate local account with the LDAP entry" as suggested above in order to associate the local accounts with LDAP and restricted access using Roles under User Configuration. However I cannot find a way to restrict/allow access to specific LDAP users. Everyone with an LDAP account can login to the system.
I would be really grateful if someone could help me with this issue.
Thanks!
Has there been anyone whose
Has there been anyone whose been able to find a solution to this? The only solution I can think of is a hack that uses the PHP filtering box in LDAP Integration's settings to restrict logins to a specific list. But if there's a non-hack solution, that would be best.
LDAP groups can limit who can login
In LDAP Integration module version 6.x-1.0 settings (e.g. "/admin/settings/ldap/ldapauth/edit/1" )
you can restrict logins by LDAP group membership using the PHP filtering box titled "PHP to filter users based on their LDAP data" because the code that you enter in that box has access to a usable object $_ldapauth_ldap.
This sample code is not going to work well on a large LDAP data set but it shows that you can access LDAP group information from the code you paste into the PHP filtering box and that you also have access to the username of the user trying to login.
$needle = sprintf('uid=%s,', $name);
$group_dn = 'cn=FooBarGroup,ou=Groups,o=yourcompany.com';
$groups = $_ldapauth_ldap->retrieveAttributes($group_dn);
$members = $groups['uniquemember'];