(Tutorial) HOW TO turn Drupal into an authenticate-only site with users from an LDAP directory
Tutorial : HOW TO turn Drupal into an authenticate-only site with users from an LDAP directory.
Drupal has a fantastic feature, the hook_auth to allow any third party to interact in the authentication process. This is used to authenticate against other Drupal sites over XMLRPC, it is used in the experimental openID integration, to allow authentication against any database, and so on. And off course to authenticate against an LDAP directory, using the ldapauth module. This HOWTO helps you on the track for the LDAP coupling. We use ldapauth.module, userprotect.module and Sympal Password Hijack to mould our Drupal site into an authenticate-only site.
Contents and disclaimer
This HOWTO overs the basics of the configuration of LDAP server, and it covers how to configure Drupal to allow authentication. It does not cover any profile data integration with LDAP, nor does it cover group-based, or levelled access control. A user authenticated trough LDAP is an ‘authenticated’ Drupal user. Nothing more, nothing less. Be aware that I am no authority on LDAP servers, LDAP schemes or Drupal authentication. Also be aware that I wrote this howto for Drupal 4.7, using the modules available in February 2007, by the time you read this, things may have changed drastically.
LDAP server
LDAP is a database server, often used to store people and their login credentials. You can use any server, but this howto will cover the surface of openLDAP, the free and open LDAP server. Getting an LDAP server running is easy (depending on the environment off course), but configuring it properly is not. This howto assumes you have a running Debian system (for experiments with such a server, I advice the excellent VPS service Linode). For other servers, distributions and variations, I collected a series of useful LDAP server HOWTOS and manuals on Simpy.
LDAP scheme
Because there is not One LDAP structure (unlike, e.g. openID, or DrupalID, whom are standardised) the login-data can live anywhere in the database, on any kind of place, in any kind of form. This howto describes how to use the popular and standardised NIS scheme, but it could potentially be used for any scheme, including the popular openDirectory by Microsoft. The NIS scheme is used often as a way to manage users on a Unix system, it has classes such as homeDirectory and LoginShell. Because this scheme is used primarily to contain login-data, most (administrative) clients and applications will be able to use this data. In addition we can use the inetOrgPerson scheme, which is the de-facto standard to contain addressbook data. This is not required for Drupals authentication, but it is useful for future extension with actual user-data.
Courtesy : Webschuur.com
- guru's blog
- Login to post comments
![Drupal-6-Book-[Building Powerful and Robust Websites with Drupal 6].jpg](http://www.drupalranch.com/images/Drupal-6-Book-[Building%20Powerful%20and%20Robust%20Websites%20with%20Drupal%206].jpg)