Map LDAP groups to Drupal Roles
The Lightweight Directory Access Protocol project includes a submodule, ldap_authorization, that maps LDAP Group membership to Drupal roles.
Prerequisite
Authorization is required for ldap_authorization. It is not a requirement for the LDAP project as a whole; it will need to be installed in addition to LDAP. To map LDAP Groups to Drupal Roles, you must install the sub-module 'Drupal Roles Authorization consumer.'
We assume an LDAP server was created at admin/config/people/ldap/server.
Profile
Navigate to admin/config/people/authorization/profile. Click 'Add Authorization profile.' You should see something like this. The prerequisites are not installed if you do not see the LDAP provider or the Drupal roles consumer.
Configure
LDAP Authorization provider
Select an LDAP server.
Drupal Roles consumer
There are no settings for Drupal roles.
Conditions
When should Drupal Roles be granted/revoked from a user?
If you use ldap_authetication, you probably want to check 'When a user logs on via LDAP Authorization.' If you use one of the SSO modules with LDAP, you might need to have it unchecked.
What actions would you like performed when Drupal Roles are granted/revoked from a user?
Choose based on your preference.
Mapping
This is the most important part. Map the LDAP Group membership to the Drupal role. You can add as many mappings as you like here. After saving, roles will automatically be assigned to users on login.
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion