LDAP Servers

Last updated September 18, 2012. Created by johnbarclay on October 7, 2011.
Log in to edit this page.

LDAP Servers 7.x-2.x Summary

Project: LDAP
Requires:
Installation: standard module install
Configure: admin/config/people/ldap/servers and admin/config/people/ldap
Current Status: http://drupal.org/project/ldap and #1115704: Version and Releases Status Updates
Use Cases: generally only used when other modules require it. Server module provides functions for other modules and a means to store LDAP Server configurations.

Overview

At least one server configuration is needed for all LDAP Modules. Detailed directions are in the server configuration itself. Please add any common LDAP configurations in this page. For example Microsoft Active Directory, Novell, OpenLDAP, etc.

You may have more than one LDAP Server module configuration for a single ldap server. For example you may want one configuration with a low privileged account for authentication and another configuration with higher privileges for ldap provisioning.

The best way to keep this simple is ask your LDAP administrator what the settings should be.

Selected Values for Common LDAP Server Configurations

Microsoft Active Directory

LDAP server: ad.unm.edu (not ldaps://ad.unm.edu)
LDAP Port: 389
Use Start TLS checked
Use Service Account Bind
Username Attribute: sAMAccountName
Email Attribute: mail
Persistent and Unique User Attribute : objectsid

Attachment	Size
ldap_server_config.png	173.32 KB

Comments

Question

Posted by CliveCleaves on March 21, 2012 at 5:29pm

Does anyone have any experience with this:

Using 'sAMAccountName' as UserName attribute which is great for logging in.
However there is another field (in AD) called 'Displayname' which I'd like shown as (gasp) the user's display name.

I was looking at "PHP to transform Drupal login username to LDAP UserName attribute." but I'm not sure if that is what I would need or how to do it.

LDAP User Module

Posted by bartmcpherson on December 7, 2012 at 12:19am

You can map LDAP attributes into Drupal user fields through the LDAP User Module.

The configuration image you

Posted by ditcheva on June 15, 2012 at 8:51pm

The configuration image you attached was really helpful. Thank you.

Boriana

AD global catalog

Posted by jardac on December 19, 2012 at 10:35am

Does anybody successfully authenticate against AD global catalog? I've got the following configuration:

LDAP server:
ldaps://service.mydomain.com
LDAP port:
3269
Binding Method:
Service Account Bind
Base DNs for LDAP users:
DC=service,DC=mydomain,DC=com
DC=otherdomain,DC=mydomain,DC=com
AuthName attribute:
userPrincipalName

The module successfully authenticate users, which are members of parent domain called "service", but LDAP search can't find any user from "otherdomain", which is connected to parent domain inside AD domain forest. I´m able to test LDAP search using ldp.exe and using this tool I can find any user from any domain.

Also, there is the following error message in the Drupal watchdog:

ldap_search() function error. LDAP Error: Referral, ldap_search() parameters: ldap_search() call: base_dn: DC=otherdomain,DC=mydomain,DC=com, filter = (userPrincipalName=somebody@otherdomain.mydomain.com), attributes: , attrsonly = 0, sizelimit = 0, timelimit = 0, deref = , scope = 3

Any help will be greatly appreciated.

Import all LDAP users at ones

Posted by toralpatelin on February 11, 2013 at 11:54pm

Hi All,

We are using Microsoft Active Directory. I need to import all the employees from ldap to my drupal Application at ones. Also Need to update it if any new employees are added or updated.
There wont be any login requirement as we are gonn use NLTM Authentication. I need all employees to be listed in my system with their departments. Please help me out in this. I didnt see any related post.

Thanks in Advance.