LDAP Configuration Guide for Drupal 7

Install Server Prerequisites 

Before you can get the LDAP module for Drupal up and functioning, you have to have certain prerequisites already installed and setup on the server.

For Linux

Server packages required to support the Drupal LDAP module.

1. $ sudo apt-get install php5-ldap
2. $ sudo apt-get install php5-mcrypt (Optional for encrypting stored passwords)

For Windows

1. Please check ldap.dll file is present at "/xampp/php/ext/" before enabling.
2. Enable the extension “extension=php_ldap.dll” by removing semicolon.
3. Execute phpinfo() to verify whether ldap extension is enabled or not.
4. If enabled, you can proceed further.

Install Drupal Modules 

Install Drupal Modules

Installation of the following modules is required for proper LDAP functionality.

• Entity API: http://drupal.org/project/entity
• LDAP: http://drupal.org/project/ldap
• Devel: http://drupal.org/project/devel (Optional for testing user functionality)

1. Login as an administrator to the Drupal site.
2. Navigate to Modules.
3. Click Install new module.
4. Locate the tar.gz download for the module you are installing (ex: https://ftp.drupal.org/files/projects/entity-7.x-1.8.tar.gz for the Entity API module).
5. Place URL into the Install from a URL textbox (can manually install as well if you’ve downloaded the module locally).
6. Click Install.
7. Repeat for each module listed above.

Enable Installed Drupal Modules

The modules will need to be enabled (usually in a specific order due to module requirements).

1. Enable the Entity API module first (under other) and Save Configuration.
2. Enable Devel and Save Configuration (Optional to test user functionality).
3. Enable LDAP Servers and Save Configuration.
4. Enable LDAP User Module and Save Configuration.
5. Enable the following and Save Configuration :
   • LDAP Authentication
   • LDAP Authorization
   • LDAP Help (optional)
   • LDAP Test (optional)
6. Enable LDAP Authorization – Drupal Roles and Save Configuration.

Configure LDAP Settings 

General Settings

1. Set Encrypt Stored LDAP Passwords to No encryption, if you need encrypted password then select Blowfish:
   

Servers

1. Click Add LDAP Server Configuration.
2. Give an unique name for the Machine name and name (ex: ad.unlv.edu).
3. Select Enabled.
4. Select Active Directory for the LDAP Type.
5. Use servername provided to you as the LDAP Server.
6. Use 389 as the LDAP Port.
7. If checked, uncheck Use Start-TLS.
   
8. Select Service Account Bind as the Binding Method.
9. Enter the DN for the Service Account to be used.
10. Enter the account password.
    
11. Setup the Base DNs.
12. Enter samaccountname as the AuthName attribute.
13. Enter mail as the Email attribute.
14. Enter a testing username and DN (Optional to test the connection).
    
    
15. Enter group as the Name of Group Object Class..
16. Select Nested groups are used in my LDAP (Optional if you have nested groups and you want to treat them as nested).
17. Select a user LDAP attribute such as memberOf exists…
18. Enter memberof as Attribute in User Entry Containing Groups.
19. Enter memberuid as the LDAP Group Entry Attribute Holding User’s DN…
20. Enter cn as the User attribute held in “Attribute of User’s LDAP entry DN…”
21. Enter test DN for a test group (Optional for testing groups).
    
22. Uncheck Use LDAP Pagination if checked.
23. Click Update.

User

Some settings are dependent on how you want accounts to function.

1. Select Reject manual creation of Drupal accounts… for How to resolve LDAP conflicts…
   
2. Select ldap_server_name (or whatever it was named above) for LDAP Servers.
3. Check Create or Sync to Drupal user on successful authentication… option.
4. Select Associate Drupal account with LDAP entry under Existing Drupal User Account Conflict.
5. Select Account creation settings… do not affect “LDAP Associated” Drupal Accounts under Application of Drupal Account settings…
6. Select perform no action… under Action to perform on Drupal account that no longer has a corresponding LDAP entry.
   
7. Select None under LDAP Servers to Provision LDAP Entries on.
   
8. Click Save.

Authentication

Some settings are based on how you want authentication to function.

1. Select Only LDAP Authentication is allowed under Allowable Authentications. NOTE: Only select this if you want to force login using AD, otherwise select mixed mode.
2. Check ldap_server_name (or whatever it was named above) under the Authentication LDAP Server Configurations.
   
3. Setup your login interface text.
4. Keep User Login Interface and LDAP User "Whitelists" and Restrictions as it is.
5. Setup Email.
   
6. Click Save.

Authorization

Some settings are based on how you want users to be mapped to roles.

1. Click add under OPERATIONS.
2. Select ldap_server_name under LDAP Server used in drupal role configuration.
3. Select enable this configuration.
4. Select only apply the following LDAP…
   
5. Enter your DN to Drupal Role mappings.
6. Select only grant drupal roles to match a filter above.
   
7. Select when a user logs on under whendrupal roles should be granted…
8. Select Revoke drupal roles previously granted…
9. Select Re grant drupal roles previously granted…
10. Uncheck if checked Create drupal roles if they do not exist.
    
11. Click Add (or save, if updating).

Testing 

Server Test

1. Navigate to the SERVERS tab.
2. Under OPERATIONS for your server, click test.
3. Make sure a test username is entered.
4. Click Test.

If you get no results, there was most likely a failure to bind to the LDAP.

User Test

1. Navigate to the USER tab.
2. Click Test LDAP User Functionality for a given user.
3. Enter the username.
4. Select Test Query.
5. Click Test.

Authorization Test

1. Navigate to the AUTHORIZATION tab.
2. Click Test under OPERATIONS.
3. Enter username(s).
4. Click Test.

You can also see the full mapping by expanding the additional sections.