The LDAP Single Sign-On module provides an administrator with the ability to configure a Drupal site to use either NTLMSSP (e.g. seamless automatic login using LDAP / Active Directory credentials passed automatically by supported and properly configured browsers) or basic digest authentication as a fallback to authenticate Drupal users. The net effect is that either automatically, or by visiting a link, a user is authenticated and logged into a Drupal site without requiring the user to manually enter credentials on suitably configured installations.
The module was created to provide Drupal intranet applications full integration with Active Directory and Windows workstations in enterprise environments. It leverages the LDAP integration module for all Drupal to LDAP/Active Directory communications, while relying on a web server to provide a $_SERVER variable containing an authenticated user's login name; this name is queried by Drupal to allow or deny access to the system.
For more information on configuring Apache to provide NTLM / LDAP authentication, see INSTALL.txt. This documentation is also available in the LDAP module (Drupal 7 version of LDAP integration) documentation.
This module requires that the LDAP integration module be installed and fully configured for proper operation.
After enabling the LDAP Single Sign-On module, it can be configured by visiting the path admin/settings/ldap/sso as an administrator. Available options include:
- "Turn on automated single sign-on"
- Automatically redirects unauthenticated visitors to the sign on page upon visiting the site, providing a seamless login for browsers configured to pass NTLM credentials automatically.
- "Cookie lifetime"
- To ensure users aren't automatically logged back in after logging out, a cookie is set to ensure no automatic redirection occurs if automated single sign-on is enabled. This sets the lifetime of the cookie.
- "Authentication mechanism"
- If different server variables or other authentication mechanisms are used, they will be selected here. Currently, only mod_auth_sspi is supported, but other implementations of NTLM authentication can be supported in the future.
After enabling the LDAP SSO module, a new menu item will be available in the navigation menu titled "Log In", pointing to user/login/sso. If the administrator does not wish to use seamless login, they can place this menu item in a menu accessible to anonymous visitors, and visitors can log in by visiting this path.
This module requires the LDAP Integration module
Drupal 7 Version
No Drupal 7 version of this module is planned. A complete integration of the user interface and authentication logic from this module was ported to the Lightweight Directory Access Protocol Authentication module in this issue, so assuming the patch is committed, it will become part of the "core" LDAP module for Drupal 7. Integration with the LDAP Authentication module was committed to ldap 7.x-1.0-beta4.
Downloads
Recommended releases
Development releases
Project Information
- Maintenance status: Actively maintained
- Development status: Under active development
- Reported installs: 47 sites currently report using this module. View usage statistics.
- Downloads: 532
- Last modified: February 22, 2012
