Hello, first sorry I am very new to LDAP but I still have to connect a Drupal instance to our LDAP Active Directory server (auth and role mapping, read-only).

For what I understood there is no grupping defined whitin our the LDAP tree (e.g. defined in "ou"), but instead the first letter of the username ("sAMAccountName" or "cn") acts as a group: "P" is a prof, "S" is a student, "X" external staff.. I think I understood it is quite odd, but that it is.

Now I want to map these users on equivalent Drupal roles, and I think I have two options: the first one is to set different LDAP auth servers and filter the users based on their attribute. I managed to do that but it doesn't seem a clean procedure (lots of LDAP calls!) and any-how I am struggling on how to place each LDAP-server authenticated user on a different role, instead of mapping all of them on just the "authenticated user" role.
The second way, that looks more clean but I got no lucky, is to directly map the users based on characteristics (first letter) of their cn.
As example, a LDAP dn looks like:
CN=X000185,OU=Economia,OU=Esterni,DC=univpm,DC=intra
I have try the "PHP to filter roles" but no lucky. Can you help me with that or, alternatively, to set each group of users authenticated by a different server, in a different role?

Comments

lambic’s picture

lambic commented

You could try setting 'Group by DN' with the attribute set to CN, then set mappings to P|Professor S|student etc. then in PHP filtering, do something like:

$groups = array_filter($groups, create_function('$a', 'return substr($a,1,1);'));
return $groups;
cgmonroe’s picture

cgmonroe commented
Status: Active » Closed (fixed)

Clearing out old support requests - reopen if problem still exists in newest code