Configuration of ldapgroups module

Last updated February 12, 2007. Created by Tresler on February 11, 2007.
Edited by kreaper. Log in to edit this page.

ldapgroups module integrates LDAP Groups with Drupal roles.

Configuration

• Goto Administer >> Site configuration >> ldapgroups
• The active LDAP configuration are listed on the page. Select edit to configure Groups to Roles mapping
• There are multiple ways to configure LDAP groups to Drupal roles mappings:
  • Group is specified in user's DN:
    In some LDAP installations, users are arranged in OUs that represent their departments etc.
    For e.g.
    uid=jdoe,ou=IT,dc=example,dc=com, represents a user in the IT department
    uid=jdoe2,ou=Accounting,dc=example,dc=com, representing a user in the Accounting Department

    Checking this option will enable the mapping of these departments to Drupal roles. From the above example, this would result in the following roles being created: IT, Accounting

    Check the box and enter the attribute name in the text area. The attribute name is the attribute in the user's DN that represents the group name. In the above example, it would be ou

  • Groups are specified by LDAP attributes:
    
    Use this option if the user object contains an attribute that represents the group the user belongs to. This is most commonly applicable to Active Directory environment. The attribute of the user object that holds the group DN is memberOf.
  • Groups exist as LDAP entries where a multivalued attribute contains the members' CNs
    This scenario is most applicable to UNIX LDAP environments. In this scenario, the LDAP groups are stored as objects with its members represented by the attribute memberUid
    

• Click Save configuration to save this configuration.

All active ldap configurations can be configured to map groups into roles. The same configuration that was used to authenticate the user into Drupal will be used to perform groups to roles mapping as well.