220 likes | 463 Vues
Drupal 7 LDAP Project. Overview with Authentication and Authorization Examples http://drupal.org/project/ldap. LDAP Project. Complete rewrite of LDAP Integration for Drupal 4.7, 5.x, and 6.x
E N D
Drupal 7 LDAP Project Overview with Authentication and Authorization Examples http://drupal.org/project/ldap
LDAP Project • Complete rewrite of LDAP Integration for Drupal 4.7, 5.x, and 6.x • New project with goal of stability with solid test coverage, accessibility, I18n support, object oriented, Features support, API base. • RC Target for December • 7.x-1.x branch is active, -2.x is placeholder • Status at http://drupal.org/node/1115704
Modules • LDAP Servers. Stores connection information for ldap servers and relationships between ldap and drupal users. Also contains api functions for LDAP project. • LDAP Query. Stores individual queries that can be leveraged by other modules such as LDAP Feeds and LDAP Views. • LDAP Authentication. Authentication and Drupal user account creation. • LDAP Authorization. Conversion of ldap user data to drupal roles, organic groups and other authorization providers. • LDAP Feeds. Fetchers for LDAP Queries and LDAP Users to integrate with feeds module. • LDAP Views. Views module integration for LDAP Query result sets • LDAP Help. Helper module for debugging configuration issues with other LDAP Modules.
LDAP Project Status 10/10/2011 Status Thread: http://drupal.org/node/1115704
Prerequisites http://drupal.org/node/1023900 • ldapphp extension • service account • mcrypt extension • open ssl or other ssl extension • use LDAP Help module for checking
LDAP Servers • Server Configuration != Physical Server • May want more than one server configuration per physical ldap server. • LDAP Server module not an LDAP Server. Just a means to query it. • Get LDAP Server details from sys admins
LDAP Authorization: Setup 1 • Enable LDAP Authorization and LDAP Authorization Drupal Roles • Create Drupal Role Instance • Part II most complicated • IIA. cn=jdoe,ou=Group1,cn=example,cn=com • IIB. memberOf => all groups in memberOf attribute • IIC. Not sure what this is. • Filtering. Required to avoid many groups. If filtering off, create groups should also be off. • IV.C has to do with what you want to do manually. • Test to see expected behavior
LDAP Authorization: Adding Consumers • Quite easy to add your own authorization consumers. • Use ldap_authorization_drupal_role or ldap_authorization_og as examples/templates • hook_ldap_authorization_consumer() is for vocabulary of user interface: • function ldap_authorization_drupal_role_ldap_authorization_consumer() { • $types['drupal_role'] = array( • 'consumer_name' => t('drupal role'), • 'consumer_name_plural' => t('drupal roles'), • 'consumer_short_name' => t('role'), • 'consumer_short_name_plural' => t('roles'), • 'consumer_description' => t('A Drupal Role.'), • 'consumer_class_name' => 'LdapAuthorizationConsumerDrupalRole', • 'consumer_class_file' => 'LdapAuthorizationConsumerRole.class.php', • 'consumer_module' => 'ldap_authorization_drupal_role', • ); • return $types; • }
LDAP Authorization: Adding Consumers • Add class that extends LdapAuthorizationConsumerAbstract and provides at least the following methods and properties: • consumerType • refreshConsumerIDs() • availableConsumerIDs() • createConsumers($creates_mixed_case) (optional) • revokeSingleAuthorization(&$user, $consumer_id, &$user_auth_data) • grantSingleAuthorization(&$user, $consumer_id, &$user_auth_data) • usersAuthorizations(&$user)
LDAP Feeds • For synching any ldap data with Drupal structures such as nodes, users, taxonomy, etc. • Includes 2 feeds fetchers: • FeedsLdapQueryFetcher for fetching generic ldap queries, configured by admins via the LDAP Query module. • FeedsDrupalUserLdapEntryFetcher for fetching ldap entries of drupal users who are ldap authenticated or otherwise ldap associated. • Includes 1 feeds parser: • FeedsLdapEntryParser that converts ldap entries array returned from ldap_search() to standard feed parser result format. • LDAP Query: Module for storing LDAP Queries used by other modules (LDAP Views, LDAP Feeds, etc). • LDAP Views: Views Integration
Resources http://drupal.org/project/ldap Project Homepage