Last updated September 18, 2012. Created by johnbarclay on December 13, 2010.
Edited by areynold. Log in to edit this page.

The LDAP project allows you to integrate your organization's existing LDAP-enabled identity management service (such as Active Directory) into Drupal. Components:

LDAP Project Modules

  • LDAP Servers. Stores connection information for ldap servers and relationships between ldap and drupal users. Also contains api functions for LDAP project.
  • LDAP User (7.x-2.x branch). Controls provisioning and synching mappings of Drupal user fields and properties to and from LDAP Entry attributes.
  • LDAP Query. Stores individual queries that can be leveraged by other modules such as LDAP Feeds and LDAP Views.
  • LDAP Authentication. Authentication via user credential checking or single sign on methods such as NTLM.
  • LDAP Authorization. Conversion of ldap user data to drupal roles, organic group memberships and other authorization consumers.
  • LDAP Feeds. Fetchers for LDAP Queries and LDAP Users to integrate with Drupal Feeds module.
  • LDAP Views. Views module integration for LDAP Query resultsets
  • LDAP Help. Helper module for debugging configuration issues with other LDAP Modules.
  • LDAP Test (7.x-2.x branch). This is simply for automated test coverage and never needs to be enabled; the simpletests will enable it while running. It contains the mock ldap server and related helper functions.

LDAP Authorization and Authentication can be used together or independently of one another, but both require a working server definition in LDAP Servers.

Common Use Cases For LDAP

  • Provision and authenticate users based on LDAP credentials
  • Grant Drupal Roles based on LDAP entry attributes
  • Grant OG Membership based on LDAP entry attributes
  • Use feeds to create or update nodes or user data based on ldap queries.
  • Provision and synch between LDAP Entries and Drupal Users.
AttachmentSize
ldap_settings.png57.24 KB

Looking for support? Visit the Drupal.org forums, or join #drupal-support in IRC.

Comments

I wander if this could be the solution for the server I administrate, if sombody could give me advise, I would appreciate it.

Case:
1 server, each site it's own database on the same database server

main site Drupal 7 http://my.domain.edu
other sites
Drupal 6 - 1 http://my.domain.edu/d6-1
Drupal 6 - 2 http://my.domain.edu/d6-2
Web application 1 (non drupal) http://my.domain.edu/wa1
Web application 2 (non drupal) httP://my.domain.edu/wa2
Moodle 1.9 http://my.domain.edu/moodle
Moodle 2.0 http://my.domain.edu/moodle2
etc.

So the goal is give the users a SSO service for all these webs, obviously the drupal 6 sites will upgrade as soon as possible but in the meantime the service is active and we need to implement the Single Sign On (SSO).

Thanks in advance.

@ch

I have found that a DB update failed during one of these beta upgrades (they haven't been smooth, I always get a "module already installed" each time a new beta comes out...so upgrading is a pain).

Anyway, I want to "disable" one of my LDAP sources (I have 2) and I am getting the following error:

PDOException: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'unique_persistent_attr_binary' in 'field list': UPDATE {ldap_servers} SET sid=:db_update_placeholder_0, name=:db_update_placeholder_1, status=:db_update_placeholder_2, ldap_type=:db_update_placeholder_3, address=:db_update_placeholder_4, port=:db_update_placeholder_5, tls=:db_update_placeholder_6, bind_method=:db_update_placeholder_7, binddn=:db_update_placeholder_8, bindpw=:db_update_placeholder_9, basedn=:db_update_placeholder_10, user_attr=:db_update_placeholder_11, account_name_attr=:db_update_placeholder_12, mail_attr=:db_update_placeholder_13, mail_template=:db_update_placeholder_14, unique_persistent_attr=:db_update_placeholder_15, unique_persistent_attr_binary=:db_update_placeholder_16, user_dn_expression=:db_update_placeholder_17, ldap_to_drupal_user=:db_update_placeholder_18, testing_drupal_username=:db_update_placeholder_19, group_object_category=:db_update_placeholder_20, search_pagination=:db_update_placeholder_21, search_page_size=:db_update_placeholder_22, weight=:db_update_placeholder_23 WHERE (numeric_sid = :db_condition_placeholder_0) ; Array ( [:db_update_placeholder_0] => SenLDAP [:db_update_placeholder_1] => SenLDAP [:db_update_placeholder_2] => 0 [:db_update_placeholder_3] => openldap [:db_update_placeholder_4] => mtldap [:db_update_placeholder_5] => 389 [:db_update_placeholder_6] => 0 [:db_update_placeholder_7] => 1 [:db_update_placeholder_8] => cn=Administrator,dc=domain,dc=com [:db_update_placeholder_9] => i4Cf4VHJqkAXHYMVhoiKYqrfqqfq [:db_update_placeholder_10] => a:1:{i:0;s:36:"ou=accounts,dc=sentienthealth,dc=com";} [:db_update_placeholder_11] => uid [:db_update_placeholder_12] => [:db_update_placeholder_13] => mail [:db_update_placeholder_14] => [:db_update_placeholder_15] => [:db_update_placeholder_16] => [:db_update_placeholder_17] => uid=%username,%basedn [:db_update_placeholder_18] => [:db_update_placeholder_19] => [:db_update_placeholder_20] => [:db_update_placeholder_21] => 0 [:db_update_placeholder_22] => 1000 [:db_update_placeholder_23] => 0 [:db_condition_placeholder_0] => 3 ) in drupal_write_record() (line 7036 of /srv/www/mec/httdocs/includes/common.inc).

Any clues as to what update didn't get 'updated' and how do I manually do the update?

hi,

can I do add/modify/delete operations upon LDAP objects with "LDAP Project modules"?

I can successfully query for data but I am totally upset with inability to find the way to do the operations ... are they possible at all with the project or I have to do that with php_ldap "by hands"?

please, help me to find the point to start from ...