By jean-luc_rosier on

Hi,
I'm trying to link the LDAP Integration Module with Apple Tiger Server.
Someone has already done that ?
Help would be greatly appreciated or if there is documentation somewhere...

Thanks

Categories: Drupal 5.x

Comments

dwadson’s picture

dwadson commented

I don't have a Drupal server at work to try this out, but from my recollection of getting LDAP authentication to work in XOOPS and Apache against an OS X Server 10.3.x install, the trick is usually knowing what base DN to use.

For XOOPS, I just had "dc=domain,dc=com" but for Apache, I used "cn=users,dc=domain,dc=com".

"domain" and "com" are going to depend on how your server is configured.

marczak’s picture

marczak commented

I've set this up before. Where are you getting stuck? Your OS X Server needs to be acting as an OpenDirectory node (master or replica) for this to work. "Standalone" doesn't provide LDAP services.
--
Ed Marczak
http://www.radiotope.com

jean-luc_rosier’s picture

jean-luc_rosier commented

Thanks,
I know it would not work in Standalone. It's a Master and I can now access users with users' informations but still no luck with groups and passwords.
What do I have to put into the LDAP Group for this to work.

Are you able to change users' passwords stored into the LDAP ?

jean-luc_rosier’s picture

jean-luc_rosier commented

Marczac ?
Where are you ??? :-)

modoq’s picture

modoq commented

Apple's OpenDirectory stores the relevant user passwords not in LDAP but in a seperate db. And those passwords are not accessible by LDAP-modify command. As discussed on afp548.com it might be possible to use dscl - assuming you have permission to execute shell commands on the OpenDirectory-Server.

jean-luc_rosier’s picture

jean-luc_rosier commented

I can now access user's attributes of the LDAP excepted for groups assigned to users.

modoq’s picture

modoq commented

Groups work just fine with Tiger server. In the LDAP Group module preferences I chose the third option (Groups exist as LDAP entries..) and entered "cn=groups,dc=myldapserver,dc=mydomain,dc=com" as node containing groups. The attribute holding group members should be "memberUid".

jean-luc_rosier’s picture

jean-luc_rosier commented

Hi, thanks for this, at least I can now configure the LDAP Groups module.
I can use my admin acount to log into Drupal but never get the automatic creation of roles as the LDAP Groups module's help says !
So... I can't see if the module access Groups correctly or not.
Also I'm interested to know, as it works for you :
if a member is part of several groups,
Where do you see that?
Can you edit those informations from Drupal?
Can you remove from Drupal a member of a group and add it to another group stored to the LDAP or is it just read only informations?

Thanks

modoq’s picture

modoq commented

Are you talking about your Drupal admin account (user 1)? This is the only account that is never authenticated over ldap, even if you have an account on your LDAP-Server with the same name... So you should of course test ldap-integration with a different account.

The groups from LDAP become roles in Drupal and you can see all the roles of a user at yoursite/admin/user/user or yoursite/user/2/edit. What roles a user has, can be edited here too, but it will have no effect on the LDAP-side.

jean-luc_rosier’s picture

jean-luc_rosier commented

I would be interested to know how you do manage an LDAP user with several names alias. I always give several names into Apple Workgroup Manager and each time I log into Drupal with one of the alias name it create à new account instead of mapping them to the correct account name.
Thanks

modoq’s picture

modoq commented

My users only have one alias and I think the ldap-integration module can't handle more than one..