Skip navigation

LDAP Integration Module

Help

LDAP Integration Module

Quite some time ago, I had a play around with the LDAP Integration Module for authenticating Drupal logons against an Active Directory environment.

The original post I made on Drupal.org explained how I went about configuring the LDAP Auth component of the LDAP Integration Module.

As this isn't quite a tutorial (it only covers the LDAP Auth component), I have included it in the Hints and Techniques section instead of the Tutorials section.

Pasted below are my original instructions (I'm mcdazz on Drupal.org):

Mikes instructions were pretty much spot on.

Posted by mcdazz on October 24, 2009 at 2:57pm

I decided to see if I could get LDAP Integration working on a fresh Drupal install (running on Debian and Apache) and a fresh 2003 Active Directory running in a VMware test environment (not a live production environment).

My instructions are as follows:

1. Base install of Debian with Apache, PHP, MySQL (make sure the PHP-LDAP library is installed).
2. Ensured DNS and network settings were correctly configured on the Linux box (very, very important).
3. Installed a clean install of Drupal.
4. Installed the ldap_integration module.
5. Configured the ldap_integration module (refer below).
6. Modified /etc/ldap/ldap.conf (refer below).
7. Selected LDAP directory only under the Choose authentication mode (Settings page).

LDAP INTEGRATION MODULE.

Name: myroom.local
LDAP server: ldaps://server.myroom.local
LDAP port: 636
Use Start-TLS: unticked
Store passwords: unticked

Base DNs: cn=Users, dc=myroom, dc=local
UserName atrib: sAMAccountName
Email attrib: mail

PHP to transform: left blank
PHP to filter: left blank

DN for non-anon: [email protected]
Password: password

/etc/ldap/ldap.conf

HOST server.myroom.local
TLS_REQCERT never

I wanted to be sure that this configuration was working and that data sent between Drupal and Active Directory was encrypted, so I installed and ran Wireshark on the Active Directory server.

The data was encrypted as was expected.

NOTE:

Data sent between Drupal and the AD Server is encrypted - data sent between the clients web browser and Drupal is NOT encrypted.

To avoid sending login information in plain text, you should look at configuring and using SSL (https) on your web server, particularly during logon.

NOTE:

I also managed to get "Use Start-TLS" working properly (no errors) but I would need to retrace my steps to find out exactly what it was that made it work (at one stage I exported the Certificate from Active Directory and enabled /etc/ldap/ldap.conf to use it but whether or not that was the kickstart it needed I don't know).

I'll leave that to another day when I feel like documenting the steps. :-)

So far, I'm quite impressed with LDAP Integration - it works an absolute treat.

Need help?

Notebook

The notebook section provides a way for you to store and share information with your group members. With the book feature you can:

  • Add book pages and organize them hierarchically into different books.
  • Attach files to pages to share them with others.
  • Track changes that others have made and revert changes as necessary.
  • Archive books that are no longer of interest to the group. Archived books can be reactivated later if needed.