Need LDAP module to create new users

spatialguru

I just released ldapdata.module for testing and adoption for Drupal 5.x. As such you are not able to create users in LDAP but you can manage the already created users' ldap attributes in Drupal.

Which LDAP Directory are you using. Creating users in LDAP may be easier then creating users in AD.

For creating users in LDAP, have you checked out phpLDAPAdmin ?

One of my colleagues is working on an LDAP provisioning module right now, which allows people to request an account, await approval if required, and then be created in LDAP and in Drupal. It's not been released yet but I think it will be once ready.

It would be nice if this module that provisions new users would work with the ldap_integration module. So far we have ldapauth, ldapgroups and ldapdata module. May be your colleague can write this module as a "ldapusers" module and that can use the same design these three modules use -- we can extend the ldapauth database if necessary.

I agree with Kreaper - it would be best if the functionality was split out from the existing modules. In our situation the people managing Drupal will not be managing the LDAP directory. IT uses their own tools for that.

Hi guys, thanks for the comments.
I'm using openldap. I'd love to see an ldapusers module become real that includes this functionality. Better yet, if it could be a sort of LDAP user management tool rather than my much simpler needs of just creating new accounts.

Does your friends have an ETA geodaniel? Sounds like just what I need. If there is any testing or financial contributions I could make to speed this up, let me know :)

Thanks again...

I'm not sure how integrated the module is with the various LDAP Integration modules, but it's being developed as a separate module that should just sit on the side and be optional, like the others.

As for timescale, I couldn't say for sure, but a large part of it is there already. It needs some more work still and we need to test it internally before it'll be released back to the community. It should be within a month I think, but don't hold me to it :)

Just out of curiosity, are you looking for this for the OSGeo site?

Hi all,
Yes it's for our osgeo.org efforts. I'd love to see if we can work together to complete additional features. We have some good drupal folks on our team (better than me anyway ;) ) that could work with you.

Kreaper - I see there is an updated ver for 5.x, any chance you could roll the changes back into 4.7.x as well?

scafmac is taking care of the 4.7 branch. Let's ask him.

I need this too, how is this feature going? it had an ETA of a month or so in february, is it out yet?

I have coded a simple LDAP registration optional module that will do this. BUT it's only for 5.x-1.x, it will not work on 4.7

I am planning on submitting it sometime in the next month, but I need to clean up the interface a bit more first so it's consistent with ldapauth and ldapdata.

If that would be useful to you I could post what I have now as a comment. It allows you to set which LDAP config you want to add the user to and also the DN and password to use to add the user. This works great as long as you only need to add the user to one LDAP directory, or if you are only using one LDAP directory as is the case for us.

Before posting it, I plan to fix the interface up properly so you can checkbox each of the configs from ldapauth that you want to include, in case you want to insert the user into more than one of your configured directories.

That is all there is to it, it's quite a simple module compared to that other one that's being worked on, but that may be better for some people I hope.

Here is the other module I mentioned, ldap user provisioning: http://drupal.org/node/142973

It offers a LOT of awesome functionality! And it is for Drupal 4.7 not 5 (yet).

Hi, damien_vancouver. How could I get the LDAP registration optional module? We have coded a simple script that imports new user accounts from Drupal database in to LDAP. It is executed from cron daemon. But I would like to try your module.

Sure, it is for 5.x now, are you using 4.7 still? I probably have an old 4.7 one taht might work, but I seem to recall it being an all-in-one module doing ldapauth,data and registration.

For 5.x I can send you ldapregistration.module which will take care of it. The user interface still needs to be improved, it needs to be able to support registration in more than one ldap server and not use type in boxes to identify the config name.

Other than that though, it works great for us in production.

Send me an e-mail via my drupal.org contact form and we'll work out the details.

If it works for you and it's agreed it's useful I could submit it in a patch form... the typing in and one ldap only limitation aren't show stoppers by any means and maybe someone else could finish the interface changes (I have been way too busy).

jmtorres tried my ldapregistraiton module out and it worked for him, after some minor modifications to make it compatible with the latest 2.x version of ldap_integration (basically, the global $ldap had to become global $ldapauth_ldap, and instead of $ldap->add, a direct call to PHP's ldap_add() to add the user.

I am running 5.x-1.2 and haven't tested this patch, but someone else (orico) wants to try it now too, so I am posting both versions up here for others to try.

Here is a text file containing the version for the OLDER 1.x ldap_integration. Use a text editor to split the contents into the two files ldapregistration.module and ldapregistration.install.

the readme information at the top of the text file has some more info about the module, how to install it, and also what is left to do.

And here is the 1.3 compatible version with jmtorres' updates. it should work with the latest ldap_integration release.

Once I upgrade from 1.2, I will be able to test more and create a real patch againt head. I was thinking the changes were in the 2.x series but I see looking at CVS they are in 1.3.

If you're thinking of trying it out, this is probably the one you want to download!

I just started a new project http://drupal.org/project/ldap_provisioning

Here is a description what it does:

FEATURES
--------

- E-mail address validation. When a new user fills in a registration
form, an email with the secret code and following instructions is mailed
out to his e-mail address to validate existence of the submitted e-mail
address. Only when user validates his e-mail address an account is
created or registration data is set as pending (put in the approval
queue) based on User registration settings.
- Approval queue. When User settings are set that administrator
approval is required, then upon registration e-mail is sent out to all
users with 'create accounts' permissions notifying about a new
account request. The account manager then can review the registration
data submitted and choose to create or reject the account. He can also
leave an internal message for other account managers.
- Username building from a configurable template. It is possible to set
a template from which a username will be generated from first and last
names in case we don't want to allow custom usernames.
- Invites. Users with 'invite friends' permission can send invitations
to the site to other people. When user is registering from the invite
the e-mail validation and approval queue are skipped and account is
created when user fills the registration form. The user, which sent out
the invite, is set as the approver of the account.
- Batch user upload. The module provides downloadable csv and xml
templates created on the fly with all required registration fields
marked. The data of new users can be entered into the file and upload
back to the site. The uploaded file is processed, the data is extracted
and all people from the list are put into pending accounts list.
- Multiple account creation in one step. Account manager can select
multiple account requests in the pending accounts list and create all
new accounts in one step. Each account's data is passed to the
registration form validation function and account is created if it
passes it. If it fails account manager is asked to create account
manually since registration data should be changed to pass validation.
- Custom additional registration fields. Administrator can set custom
additional registration fields - text fields or text areas.
- Logging of user creation actions. Along with each account request the
time of the filling in the registration form, the approver (who created
or rejected the request), and approval date is saved in the database for
further reference.

INTEGRATION
-----------

- ldapdata module. When ldapdata module has writable LDAP fields
configured, provisioning module allows printing those fields n the
registration form.
- profile module. Provisioning module respects profile field settings
and prints fields, which are configured to appear on registration form.
- buddylist module. When inviting other people to the website, one can
choose if he wants that user to appear under his buddy list upon
registration.
- captcha module. Provisioning module can be configured to add captcha
point on the registration form.

Hope it will be handy. It works with the ldapauth 5.x-1.3.

ldap_provisioning is not released yet. Available only from cvs.

Some additional ldap_provisioning features:

- deletes ldap account on user deletion. (when only ldapauth was used, deleting the drupal user had leaved the ldap account untouched and user could relogin to drupal again and his account would then been recreated)
- changing user's ldap_dn field in account settings will actually move ldap entry to a new dn.
- ability for the account managers to create accounts in both drupal and ldap from the account management interface.

Hi miglius.
I've been trying the CVS version of your ldap_provisioning module.
I've setup the module and configured it but when I create new users they aren't created on the LDAP server. I can see the new users on the USERS table and on the LDAPPROV table but not on the LDAP server.

Another question, when I delete an user I always get this error:

user warning: Unknown column 'cname' in 'field list' query: UPDATE ldapprov SET cname = 'd00p' WHERE cuid = '9' in /var/www/drupal/includes/database.mysql.inc on line 172.

What can be happening?

d00p,

It looks like two separate issues. One is that user is not created in LDAP. This is strange though, because drupal user should be created only if ldap creation succeeded.

Warning on user delete is a bug - one db column is missing.

Can you submit those issues at http://drupal.org/project/issues/ldap_provisioning since ldap provisioning is separate project?

miglius,
I've submited the delete problem as a new bug and the user creation problem as a support request.

Hi,

Is there a way to have LDAP Integration auto-provision the Drupal users (perhaps from an LDAP group) when run by an administrator? My problem is I have a large number of LDAP users for whom I want to create accounts in Drupal, but I don't want to have to wait for the users to log in before the accounts are created. This is kind of like the LDAP Account Provisioning in reverse, no?

JP

Closing this issue since original question appears to be supported by ldap provisioning - http://drupal.org/project/ldap_provisioning

Pereljon - If you still haven't found anything, open up a new issue - one bug / request per issue...