Post on 12-Jan-2016
description
Drupal 7 LDAP Project
Overview with Authentication and Authorization Examples
http://drupal.org/project/ldap
LDAP Project
• Complete rewrite of LDAP Integration for Drupal 4.7, 5.x, and 6.x
• New project with goal of stability with solid test coverage, accessibility, I18n support, object oriented, Features support, API base.
• RC Target for December• 7.x-1.x branch is active, -2.x is placeholder• Status at http://drupal.org/node/1115704
Modules• LDAP Servers. Stores connection information for ldap
servers and relationships between ldap and drupal users. Also contains api functions for LDAP project.
• LDAP Query. Stores individual queries that can be leveraged by other modules such as LDAP Feeds and LDAP Views.
• LDAP Authentication. Authentication and Drupal user account creation.
• LDAP Authorization. Conversion of ldap user data to drupal roles, organic groups and other authorization providers.
• LDAP Feeds. Fetchers for LDAP Queries and LDAP Users to integrate with feeds module.
• LDAP Views. Views module integration for LDAP Query result sets
• LDAP Help. Helper module for debugging configuration issues with other LDAP Modules.
LDAP Project Status 10/10/2011
Status Thread: http://drupal.org/node/1115704
LDAP Modules and Class Relationships
Prerequisites
http://drupal.org/node/1023900•ldap php extension•service account•mcrypt extension•open ssl or other ssl extension•use LDAP Help module for checking
LDAP Settings
LDAP Servers
• Server Configuration != Physical Server
• May want more than one server configuration per physical ldap server.
• LDAP Server module not an LDAP Server. Just a means to query it.
• Get LDAP Server details from sys admins
LDAP Server: Server Settings
LDAP Server: Binding
LDAP Server: User Relationship (1 of 2)
LDAP Server: User Relationship (2 of 2)
LDAP Authentication: Logon Options
LDAP Authentication: Account Conf
LDAP Authorization: Design for LDAP 7
LDAP Authorization: Design for Drupal 8
LDAP Authorization: Setup 1
1. Enable LDAP Authorization and LDAP Authorization Drupal Roles
2. Create Drupal Role Instance3. Part II most complicated
• IIA. cn=jdoe,ou=Group1,cn=example,cn=com
• IIB. memberOf => all groups in memberOf attribute
• IIC. Not sure what this is.4. Filtering. Required to avoid many groups. If
filtering off, create groups should also be off.5. IV.C has to do with what you want to do
manually.6. Test to see expected behavior
LDAP Authorization: Adding Consumers
Quite easy to add your own authorization consumers.
•Use ldap_authorization_drupal_role or ldap_authorization_og as examples/templates•hook_ldap_authorization_consumer() is for vocabulary of user interface:
function ldap_authorization_drupal_role_ldap_authorization_consumer() { $types['drupal_role'] = array( 'consumer_name' => t('drupal role'), 'consumer_name_plural' => t('drupal roles'), 'consumer_short_name' => t('role'), 'consumer_short_name_plural' => t('roles'), 'consumer_description' => t('A Drupal Role.'), 'consumer_class_name' => 'LdapAuthorizationConsumerDrupalRole', 'consumer_class_file' => 'LdapAuthorizationConsumerRole.class.php', 'consumer_module' => 'ldap_authorization_drupal_role', );
return $types;}
LDAP Authorization: Adding Consumers
Add class that extends LdapAuthorizationConsumerAbstract and provides at least the following methods and properties:
•consumerType
•refreshConsumerIDs()
•availableConsumerIDs()
•createConsumers($creates_mixed_case) (optional)
•revokeSingleAuthorization(&$user, $consumer_id, &$user_auth_data)
•grantSingleAuthorization(&$user, $consumer_id, &$user_auth_data)
•usersAuthorizations(&$user)
LDAP Feeds
For synching any ldap data with Drupal structures such as nodes, users, taxonomy, etc.
Includes 2 feeds fetchers:•FeedsLdapQueryFetcher for fetching generic ldap queries, configured by admins via the LDAP Query module.•FeedsDrupalUserLdapEntryFetcher for fetching ldap entries of drupal users who are ldap authenticated or otherwise ldap associated.
Includes 1 feeds parser:•FeedsLdapEntryParser that converts ldap entries array returned from ldap_search() to standard feed parser result format.
LDAP Query: Module for storing LDAP Queries used by other modules (LDAP Views, LDAP Feeds, etc).
LDAP Views: Views Integration