This project is not covered by Drupal’s security advisory policy.
User data synchronization from Drupal Systems to LDAP Server.
This module can synchronize Drupal user data to LDAP Server on a very special way. It's based on LDAPcontrol to use it's flexibility especially to allow different passwords for the synchronized User Data in LDAP to increase security when other Systems should authenticate against the LDAP server which is controlled by this Module.
To authenticate other Drupal systems against LDAP you can use modules like LDAP and Simple LDAP. This modules also provides functionality to create and modify User Objects as LDAP entries. This modules are probably also interesting for you if you you just want to synchronize the same password of each user.
Main Features
- Storing user related setting and LDAP saltet and hashed password in Drupal DB.
- Drupal DB entry is created and modified on user_update.
- Drupal DB entry is deleted on user_delete.
- Standard LDAP entry operation can be disabled via settings.php.
- Individual LDAP operations can be done via hook_ldapcontrol_usersync_update().
Features of "standard LDAP entry"
- Standard LDAP entry is based on objectClass "inetOrgPerson"
- Saltet and hashed password is stored in standard attribute "userPassword"
- Standard LDAP entry is deleted when drupal user is deleted.
- Standard LDAP entry is created/updated or deleted on hook_user_update.
- Text field API can be mapped to LDAP attributes "SN" and "givenName".
- Drupal mail address can optional be added as standard attribute "mail"
- Uses LDAP attribute "uid" to map drupal uid in standard LDAP entry.
- Select LDAP attribute for building "DN" together with "base"-setting.
Configuration example 1: Use standard LDAP entry operation
$conf['ldapcontrol_usersync_base'] = 'ou=Users,dc=example,dc=com';
$conf['ldapcontrol_usersync_field_sn'] = "field_surname";
$conf['ldapcontrol_usersync_field_givenname'] = "field_forename";
$conf['ldapcontrol_usersync_mail'] = TRUE;
Configuration example 2: Only use database and password sync
$conf['ldapcontrol_usersync_base'] = 'none';
This setting is disabling the "standard LDAP entry operation".
Project information
- Project categories: Security, Integrations, Access control
10 sites report using this module- Created by c-logemann on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
