Entity view (Content)

Drupal - LDAP integration

By asolovyev
Mar. 22, 2010

I was working on Drupal-Alfresco integration, when I needed to provide Drupal users with the access to the Alfresco repository. I will not go into the details on how you can access Alfresco from Drupal (this would be a different story), but this can be done with the CMIS module. You would need some customization if you want to allow the Drupal users to use their own accounts to access Alfresco - as the opposite of using one Alfresco account for all users. This was the reason why we need the LDAP integration.  

Before you start, you need to know if you are able to modify the LDAP directory or not. It is possible that for security reasons your Drupal site will only be given permissions to read the LDAP, and not to modify it. If you do have the permissions to update an LDAP directory, you will be able to create LDAP users from the Drupal site, change passwords and synchronize user profiles. 

Besides the ldapauth module, which is a part of the LDAP Integration, you will need the ldapdata module (also a part of the LDAP Integration) for profiles synchronization and ldap_provisioning module for creating user accounts in both LDAP server and Drupal.

You probably would also need some third-party tool to browse the LDAP directory. This is not necessary, but it can be helpful for debugging. It is nice to see that you really can access LDAP with the given admin account and password from your IP address. Also you really can create users there, and be able to see/export the LDIF-style structure of the directory. On Ubuntu, I use "GQ" application.

The screen shots below are not a "How To" guide, but images and comments that can be helpful.

Click Add Server to add a new server. You can activate or deactivate servers as you need without deleting them.

The default port is usually 389
I think of base DNs as if it were a folder, or folders, where you should search your users. If you use Provisioning, it's better to have only one DN. I did have trouble creating new LDAP users when I had 3 DNs. Well, you can 'hack' the module and make it use the first DN as a place for new accounts ;o)
See the last screen shot to see the LDAP structure (this is just an example - yours will be different!).

"DN for non-anonymous search" - think of it as if it were an admin account name. The most confusing thing for me was that "cn=Manager,dc=ds,dc=alfresco,dc=com" is the admin 'name'. When you click "Test" and everything is correct - you should see the green confirmation of the success.

LDAP attributes can be a tricky part - you need it to match your LDAP in LDIF style (google it). If you have GQ application installed, you can right-click on the server and choose "Export LDIF".

The password encryption should be either plain, or MD5 (not SHA as shown here) - this is how it's implemented in Drupal LDAP auth.

Good luck!

Post Tags: