I'm working on the ldap authorization module of ldap project for drupal 7. http://drupal.org/project/ldap
One of the features is to make it easier for other ldap authorization modules such as og_ldap to leverage the ldap authorization module. I have a very rough mockup of what og_ldap would look like using the hooks in ldap_authorization (attached). A rough sequence diagram is at http://www.gliffy.com/publish/2318063/ I've also attached the analogous module ldap_authz_roles which works with drupal roles.
The point of me roughing out a version of og_ldap that integrates with ldap authorization is to see if the architecture is useful for other authorization modules to leverage. Once I have the user interface done, the approach and utility will be clearer, but I wanted to give you a heads up and solicit feedback on this.
The way I rewrote ldap_authorization considers "drupal roles" to be
one type of authorization that is implemented in a sub module and
executing by invoking hooks.
So the primary role of ldap_authorization is to
- implement hook_user_login
- map ldap entries to
authorization ids (drupal role ids, og group name, civicrm memberships
etc.)
- provide the interface for articulating the mappings, whether they are bi directional etc.
-The actual grant and revoke of authorizations is done in the other modules such as
ldap_authz_drupal_roles etc.
My preferred location for discussion is #966890: LDAP Authorization: Promote Interoperability with other authorization modules
| Comment | File | Size | Author |
|---|---|---|---|
| ldap_authz_roles.module.txt | 3.36 KB | johnbarclay | |
| og_ldap.module.txt | 4.39 KB | johnbarclay |