Last updated September 1, 2009. Created by Tresler on February 11, 2007.
Edited by bekasu, RobRoy, kreaper. Log in to edit this page.
Note Drupal 6
This information is no longer needed since 6.x-1.0-beta1. Now the ldapgroups.conf is gone and replaced with direct control inside the ldap groups module page interface.
ldapgroups
Advanced configuration of the ldapgroups module can be performed by editing the modules/ldap_integration/ldap_integration/ldapgroups.conf.php file.
By default, when a user logs in, all of the groups are converted into roles. This may not be desirable in specific instances and the admin may want to restrict what LDAP groups are actually converted into Drupal roles. In order to achieve this,
- Edit the
modules/ldap_integration/ldapgroups.conf.phpfile and specify your groups and their role names:$GLOBALS['ldap_group_role_mappings'] = array(
// LDAP group => Drupal role
'cn=users,ou=Group,dc=example,dc=com' => 'Users',
'cn=IT,ou=Group,dc=example,dc=com' => 'SiteAdmins'
);Add the specific groups that need to be recognized as Drupal roles and their role names. Note: Make sure that the last group-role mapping does not have a trailing comma
, - Uncomment the function
ldapgroups_roles_filter. Note: Uncommenting this function will cause the groups to be filtered through this function. The result is that only the groups specified in the global variable$GLOBALS['ldap_group_role_mappings']will be parsed, ignoring the rest.
ldapdata
Advanced configuration of the ldapdata module can be performed by editing the modules/ldap_integration/ldap_integration/ldapgroups.conf.php file.
By default, the ldapdata module presents the following attributes for read/write access to the users.
- givenName (First Name)
- sn (Last Name)
- cn (First Name)
- mail (E-Mail address)
Access to additional attributes can be given to the users by adding to this list. Consult the configuration file modules/ldap_integration/ldap_integration/ldapgroups.conf.php for examples