Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.On this page
- Configuration
- Provisioning Drupal Users from LDAP User Entries
- Use Cases
- Events to Provisioning Drupal Users from LDAP User Entries
- Provisioning LDAP Entries from Drupal Users
- Synching LDAP Entry Attributes from Drupal Users Fields
- Testing and Developer Docs
- LDAP User Test Scripts
- LDAP User Test Form
LDAP User Module
Drupal 7 will no longer be supported after January 5, 2025. Learn more and find resources for Drupal 7 sites
The LDAP User module is used to relate, provision (create), and synchronize attributes of LDAP user entries and Drupal users. Provisioning and synching can go from LDAP to Drupal and from Drupal to LDAP. LDAP User module leverages LDAP Server module which configures LDAP server connections and other LDAP server specific data.
Configuration
Provisioning Drupal Users from LDAP User Entries
Use Cases
- Your organization has an LDAP with its users in it. You want username, emails, names, etc. to be automatically populated in your Drupal accounts.
- You want your user to authenticate to Drupal with their LDAP credentials. (This requires LDAP Authentication module enabled).
- You do not want to create accounts until users start using your Drupal site. (If you want to sync all LDAP users to Drupal, see LDAP Feeds Example: Synch LDAP Data to Drupal User.
Events to Provisioning Drupal Users from LDAP User Entries
The actual creation of the Drupal acount can happen:
- On user logon via LDAP authentication. This is the most common use case. After the user successfully authenticates, a Drupal account is created. Fields in the Drupal account (username, mail, uid, last name, etc.) are populated based on LDAP User mapping configurations.
- On manual Drupal Account Creation. For this use case, whenever a Drupal account is created a check is done for a corresponding LDAP entry. If one is found, the Drupal account fields are populated from the LDAP Entry. This is useful when you have few users and you want to create accounts by hand. Or when you are using other modules to mass import users.
- On any Drupal Account Creation. Regardless of how Drupal account is created.
- On cron runs. Not implemented yet.
- On REST webservice Request. Partially implement, ping maintainers if this is needed.
Provisioning LDAP Entries from Drupal Users
Use Case: Your organization wants to use Drupal as your account management tool, but wants to leverage other web applications. Since LDAP is a standard for both authentication and user data, it can be leveraged by CAS, WordPress, Jira, etc.
Use Case: Your organization has an LDAP with all of its internal members, but you want to have an OU for "external" users. You leverage Drupal's self service accounts and have LDAP entries created for each ldap user so they can gain access to other resources. Your internal users use their existing LDAP account credentials and don't need to maintain a second set of credentials.
Synching LDAP Entry Attributes from Drupal Users Fields
Testing and Developer Docs
LDAP User Test Scripts
Manual testing scripts are available at: ldap_user/tests/ldap_user.test.manual.txt (http://drupalcode.org/project/ldap.git/blob_plain/refs/heads/7.x-2.x:/ld...). These are handy for understanding the expected behavior of the ldap user module.
Simpletest automated scripts are at: http://drupalcode.org/project/ldap.git/blob_plain/refs/heads/7.x-2.x:/ld... with corresponding ldap_user configurations in http://drupalcode.org/project/ldap.git/blob_plain/refs/heads/7.x-2.x:/ld...
LDAP User Test Form
A test page is available at
admin/config/people/ldap/user/test
for testing your LDAP User configuration. The value of this form is to see what would happen based on your current configuration or to actually execute an action for a single account. This can be very useful to confirm your ldap user and ldap server configuration.
To use, enter a test Drupal username and check the events you want to test. The resulting page will show what the provisioning would be. If you select the "Execute Action" mode, the transactions configured will be performed (for that user).
Notes about the resulting arrays:
- devel module must be enabled for this to work
- in provisioning or synching to LDAP (e.g. provisionLdapEntryResults => context => Update Drupal User Synch Context => proposed) , only the dn and attributes that will be provisioned or modified are visible. These are in the "proposed" array.
- in provisioning or synching to Drupal, only the values that will be passed into the $user_edit array in user_save($account, $user_edit) are shown. These are in the "proposed" array.
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
