LDAP Configuration
LDAP Connection Information
- Navigate to the LDAP Configuration tab.
- This features allows to you establish connection between the LDAP Server. It's provide the LDAP/AD Server URI such that: ldap://myldapserver.domain:389, ldap://89.38.192.1:389. If you are using SSL, the host may take this form ldaps://host:636 and click on Contact LDAP Server button to test your connection with your LDAP/AD Server.
- TLS (Transport Layer Security): This feature will work only if your server is using the TLS (Transport Layer Security) Connection. The TLS is establish secure authentication between LDAP users and LDAP Server. Now, select the chechbox to enable TLS connection and click on Contact LDAP Server to test your connection.
-
You can provides the Service Account Username to establish the connection. In the LDAP Server, specify the service account username in various formats that are are as follows Username@domainname or domainname\Username or Distinguished Name(DN) format. Enter your Service Account Password and click on Test Connection to test whether you are able to bind to your AD Server.
-
Click on the Next button to see next steps.
LDAP User Mapping Configurations
- This features allows to provide Search Base and Search Filter with which your users will be searched while logging in:
-
Search Base: This is the LDAP hierarchy under which your users will be searched in such a way as: DC=Users,DC=Domain,DC=com etc.
-
Search Filter: While logging in Drupal, your users will be searched by this attribute in your AD. These fields are important for to reasons:
-
While searching if the user exists, this attribute is going to be matched.
-
If you want your users to login with their username or firstname.lastname or email - you need to specify those options in this field. e.g. LDAP_ATTRIBUTE. Replace with the attribute where your username is stored. Some common attributes are:
-
LDAP Attribute Name | LDAP Attribute Values |
---|---|
common name | (&(objectClass=*)(cn=?)) |
cn | (&(objectClass=*)(mail=?)) |
logon name | (&(objectClass=)(sAMAccountName=?)) or (&(objectClass=)(userPrincipalName=?)) |
- It allows you to logging in with multiple attributes. For example. you can allow logging in with username or email.
- Click on the Next button to see next steps.
Login Preferences
- These features are most important for the users to authenticate and restrict enabling both sides, LDAP Server as well as Drupal site. You can checkout the below image, their are multiple option to allow authentication and restriction on both the sides LDAP and Drupal site:
-
Enable Login with LDAP: If you are enable login with LDAP this features allows to you Auto creation of users in Drupal if not presents.
-
Authentication Restrictions: This feature can be utilized to allow users to login using both LDAP and Drupal credentials. By selecting the above option, you will be able to restrict access to only specific personalities.
-
Authenticate Users from both LDAP and Drupal: This feature will allow user authentication for both side LDAP and Drupal, If you use your LDAP credentials for logging in, users will be automatically authenticated.
-
Authenticate Administrators from both LDAP and Drupal If you are using this feature that allow user to Authenticate and Administrate from both LDAP and Drupal site.
-
Authenticate Users from only LDAP: If you are using this feature that allow user to Authenticate for only LDAP credentials in the Drupal site.
Note: Only particular personalities will be able to login by selecting the above option.
-
Authenticate Administrators of Drupal: If you enable this feature, user will be able to authenicate and administrate to the Drupal site. For example, If you select the feature Auhthenticate users from only LDAP, you will be able to login using only LDAP credentials but will not be able to access the site using your Drupal credentials, unless you have enabled the feature to allow authentication using Drupal credentials.
-
Disable Auto Registering users if they do not exist in Drupal: If you enable this feature, user will not be able to access your site if it does not already exist in Drupal.
-
-
- Click on Save & Review Configurations to view all the configurations you have made so far.
Test Authentication
- Also, you can scroll down and Enter your LDAP credentials Username and Password before click on Test Configuration to test your connection.