What is it about?

This page explains some setup details of the https://systemausfall.org drupal installation regarding the authentication and authorization module ldap_integration.

At the end of this page, you will find specific instructions for managing drupal rules on systemausfall.org.


ldapauth

This module provides authentication service for drupal.

That means:

Setup

The inital setup is quite simple:

If your ldap server does not accept anonymous user lookups, then you may need to store credentials for an appropriate ldap account, that should do the lookup.

The password check of the user is always done via an ldap bind request.

Now you should be able to login with a user, that does not exist in the drupal user registry (if he exists in the ldap directory).

Maintainance

This module does not really require maintainance.

ldapgroups

This module allows you to map ldap groups to drupal roles.

The module supports a wide variety of ldap structures for user/group relationships, e.g.:

Beware A: the mapping only works, _before_ the first login of the user. Thus it is a nice feature to define permissions of future users, before they start to use the drupal installation.

Beware B: the following steps use the third of the three mapping strategies of ldapgroups mentioned above. See Configuration of ldap groups module for details.

Setup

ldap directory

drupal setup

Maintainance

You should be aware, that the the group assignments of each user are stored by drupal. Thus it will not notice, you removed an ldap user from its ldap group object. The same goes for users, who were created by drupal _before_ they were added to an ldap group object.

Manual synchronization is necessary in these cases.

administrating drupal rules on systemausfall.org

  1. create a new service for a new drupal role for a specific web site:

    ldap-admin.sh service_add drupal foo-admin "this is the admin group of the drupal installation foo"
  2. add admins to this group:

    ldap-admin.sh service_add_admin drupal foo-admin john
  3. configure the ldapgroups settings for the site, e.g.:

    cn=foo-admin,sc=drupal,ou=Services,o=neofaxe,dc=systemausfall,dc=org
    adminOfService
  4. create a drupal role foo-admin (or do an initial login with one of the admin accounts)

  5. assign permissions to the foo-admin drupal role

DrupalLDAP (zuletzt geändert am 2012-06-13 21:26:25 durch anonym)


Creative Commons Lizenzvertrag
This page is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.