Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.I have started to use this module for a site in development that relies heavy on a LDAP server for information etc. I found that this module show some great potential and instead of creating a new module, I would like to contribute some code to improve the existing module.
The attached file is a rewritten LDAPInterface class, that is a bit more opimized and cleaned of functions that now serve little to no purpose. This class haven't been tested yet in a drupal installation, so the code should be considered to have a alpha status as I'm working on a module part that handles all the server definitions separate from the authentication module for ease of use.
First improvement is the ability to encrypt the password stored in the session using the mcrypt module. A function is added to save, get and clean these variables from the $_SESSION variable. Any stored password will automatically be used to bind. The new and simplified syntax will be:
$my_instance = new LDAPInterface();
$success = $my_instance->initConnection($sid);
$success will be a boolean of either true(bind success) or false(bind failure), as the initConnection function will first try to bind as a authenticated user(if data exists in session), then the general user stored in the database and last as anonymous is all others have failed.
Second improvement is a unified search function that eliminates the problem of case sensitive attribute names, which by rfc2251(LDAPv3 specification) define the attribute type names as case insensitive. This is a problem since PHP is case sensitive and the preferred and generally accepted method is to have all attribute names in lowercase. For instance the unix field uidNumber, could be reference by UIDNumber, uidnumber, UiDnUmBeR and will return the same field.
This is only the first step I would like to contribute, as I would put it to the maintainers to consider the separation of defining the ldap servers out from the auth module into an own module. This way a multitude of servers could be defined, but in each subsequent module one would be able to choose what servers should be use for that specific task
* ldap_server (base/api)
* ldap_auth (authentication, depends on ldap_server)
* ldap_data (data management, depends on ldap_server)
* ldap_group (group and role management, depends on ldap server)
* etc
| Comment | File | Size | Author |
|---|---|---|---|
| LDAPInterface.php_.txt | 11.39 KB | gilinko |
Comments
Comment #1
miglius commentedComment #2
cgmonroe commentedClosing this because the supplied code is just too out of date to compare to existing code.