Posted by marton on August 22, 2006 at 3:17pm
I have successfully configured the LDAPAuth module (I must use authentication) to integrate AD users into Drupal.
The question is now, how to integrate the users securitygroups located in AD's "Member of:" field for each user.
How do I do this?
Which of the 3 settings do I use?
("Group is specified in user's DN", "Groups are specified by LDAP attributes", "Groups exist as LDAP entries where a multivalued attribute contains the members' CNs")
Example(s) would be fine.
/MartOn
Comments
SOLVED!
I solved this..
this is not an issue anymore.
/MartOn
What was your solution?
I also use active directory and ldap-auth module. I know I will have to move to groups and would like to have the info. if you wouldn't mind sharing?
Thanks.
Lsabug
Solution
Sorry for not posting the solution :-)
Here is my config:
Prereq:
I use a system account that have accest to AD, because we do not allow anonymous connections.
ldapAuth settings:
Server settings:
Organization name: here I put our Active directory name
LDAP Server: here I put IP adress to a AD controller
LDAP Port: 389
TLS encryption Not selected
Store passwords in encrypted form Not select
Login procedure:
Do not store users password during sessions Not selected
When logging in , drupal will look... I chose Drupals own database, if fails look to LDAP
Base DNs: here you have to set your DN path to where your users reside.
Example:If you have a AD named: ad.mycompany.int
And users are stored in the Internal OU (it will automatically look in sub-OUs, so this is the top most)
String is then: OU=Internal,DC=ad,DC=mycompany,DC=int
Username attribute: sAMAccountName
Advanced config:
DN for non-anonymous search: your sys AD account
Password for non-anonymous search: password for your sys AD account
ldapdata settings:
Drupal-LDAP fields mapping
Same, but read-only mode SELECTED
Drupal field - LDAP attribute
mail = mail
the other I have blank, since I do not need them
Editing LDAP attributes directly
Attributes displayed on user pages: Here I checked Last Name, Common Name & Company Name
Attributes that can be edited by users: Here I have non chosen since I do not want drupal to write back to AD
Advanced configuration
Here is the same as on ldapauth
ldapgroups settings:
Group is specified in user's DN Not select
Attribute of the DN which contains the group name: OU
Groups are specified by LDAP attributes: SELECTED
Attribute names (one per line): MemberOf
Groups exist as LDAP entries where a multivalued attribute contains
the members' CNs Not Selected
Nodes containing groups (one per line):
Here I have the same DN as in ldapauth
Example:If you have a AD named: ad.mycompany.int
And users are stored in the Internal OU (it will automatically look in sub-OUs, so this is the top most)
String is then: OU=Internal,DC=ad,DC=mycompany,DC=int
Attribute holding group members: memberUid
/MartOn
Thanks so much for providing this information
I appreciate it!
works great
Thanks for writing this post, worked great after editing
modules\ldap_integration\ldap_integration\ldapgroups.conf.php
to something like
'CN=LDAP_group_name,OU=Teams,OU=Security Groups,DC=our_company_name,DC=com' => 'Drupal_role_name'
Thank You!
Thank You!
This would be helpful to me
This would be helpful to me also!
Thanks,
James
How to solve synchronization issue?
Our organization is changing everyday. How can I sync these data?