Community Documentation

LDAP Authorization Organic Groups

Last updated February 17, 2012. Created by johnbarclay on February 17, 2012.
Log in to edit this page.

LDAP Authorization Organic Groups for Drupal 7

Use Case:

Automate membership and roles in Organic Groups based on LDAP data such as user attributes or group memberships.

Requirements:

  • Configuration that maps Drupal Users to LDAP Users (Implemented by LDAP Server Module).
  • Configuration that maps LDAP user entries to Organic Group membership (Implemented by LDAP Authorization Organic Groups).
  • LDAP Authorization modules do not require LDAP Authentication to be used. LDAP Authorization modules will work with CAS, Shib, and other authentication modules including Drupal authentication or Open ID. However, there must be a relationship established between the drupal user and an ldap entry; this relationship is usually the username or email. This relationship is implemented in the LDAP Server module.
  • This takes a little patience to setup and test.

Setup

These notes are brief, deferring to more complete instructions are in the configuration forms.

  1. Create the Organic Groups and Roles you need. If the default OG roles work (member and admin) you do not need to worry about creating roles.
  2. Download LDAP project at http://drupal.org/project/ldap
  3. Enable LDAP Servers and configure an LDAP Server. Only one server can be used with LDAP Authorization OG at a time.
  4. At admin/config/people/ldap/authorization/add/og_group, create OG Group Configuration. After configuring this, a test page will be available.
  5. Go to the test page: admin/config/people/ldap/authorization/test/og_group and try some usernames to see what OG roles the user would be granted.
  6. When you are satisfied with this test with actual users logging in.

Tips and Gotchas

  • The same configuration options are available in LDAP Authorization Drupal Roles, but that module is more commonly used. Try configuring LDAP Authorization Drupal Roles if you have trouble with LDAP Authorization OG.
  • If you use "group-name" or "role-name" in your mappings instead of numeric ids (gid and rid), don't change the names of your groups unless you are going to change the mappings at the same time.
  • Some helpful logging info can be found by enabling "Log Detailed LDAP Actions" at admin/config/people/ldap. These logs with be in the watchdog logs
Login or register to post comments

Looking for support? Visit the Drupal.org forums, or join #drupal-support in IRC.

Page status

Incomplete

Log in to edit this page

About this page

Drupal version
Drupal 7.x
Audience
Programmers, Site administrators
Level
Intermediate
Keywords
LDAP, organic groups
Drupal’s online documentation is © 2000-2013 by the individual contributors and can be used in accordance with the Creative Commons License, Attribution-ShareAlike 2.0. PHP code is distributed under the GNU General Public License. Comments on documentation pages are used to improve content and then deleted.
nobody click here