Hi there ...

Drupal as it is offers a thing to block users in the user-administration, but somehow it would be cool
if we'd be able to deny a whole LDAP group at once.

I'm working on an intranet project where logins are done via LDAP auth, and certain user-groups shall not have
access to it.

Greetings
Zewa

Comments

guygg’s picture

guygg commented

For the "PHP to filter users based on their LDAP data" box, are there any good PHP evaluation examples for not allowing login by members of specific groups? I'm hardly a PHP/LDAP query expert, and the syntax & functions to use for the evaluation seem hard to find an example of. I've searched and searched via both the Drupal site and Google and can't come up with an example to base my need around. fwiw, it's Active Directory that's being queried. Doing the actual account authentication and group mappings is working just fine - I just wanna deny some select groups from being able to login to the Drupal site at all.

Thanks

johnbarclay’s picture

johnbarclay commented
Version: master » 6.x-1.x-dev
cgmonroe’s picture

cgmonroe commented
Status: Active » Fixed

The latest -dev version has a lot of changes to the ldapgroups module. One of them is the addition of Group Access Rules. These allow you to create rules to allow or deny people based on their group membership. If you have a situation that isn't covered, there is also a new hook_ldap_user_deny hook that you can use to create site specific code to deny users access.

For details see: #1475272: 6.x-1.0 Release Candidate 1 Status

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.