Error message

<code>"organization tools user administrator"</code> does not map to any existing organic groups and roles.Since automatic organic group creation is not possible with this module, an existing group must be mapped to.

LDAP to OG group Configuration

Hide I. Basics

LDAP Server used in OG group configuration. *

milkdud only

Enable this configuration

Only apply the following LDAP to OG group configuration to users authenticated via LDAP. On uncommon reason for disabling this is when you are using Drupal authentication, but want to leverage LDAP for authorization; for this to work the Drupal username still has to map to an LDAP entry.

Hide II. LDAP to OG group mapping and filtering

Representations of groups derived from LDAP might initially look like:

cn=students,ou=groups,dc=hogwarts,dc=edu
cn=gryffindor,ou=groups,dc=hogwarts,dc=edu
cn=faculty,ou=groups,dc=hogwarts,dc=edu
cn=probation students,ou=groups,dc=hogwarts,dc=edu

Mappings are used to convert and filter these group representations to OG groups.

Mappings should be of form:
[raw authorization id]|[og group match field]=[og group match id],[og role match field]=[og role match id]
such as:


      Campus Accounts|group-name=knitters,role-name=administrator member

      ou=Underlings,dc=myorg,dc=mytld,dc=edu|gid=7,rid=28

      ou=IT,dc=myorg,dc=mytld,dc=edu|node.field_state_id=IL,role-name=administrator member

Show Examples base on current OG groups

Examples for some (or all) existing OG Group IDs can be found in the table below. This is complex. To test what is going to happen, uncheck "When a user logs on" in IV.B. and use admin/config/people/ldap/authorization/test/og_group to see what memberships sample users would receive.

Group Name - OG Membership Type	example

Convert full dn to value of first attribute before mapping. e.g. cn=students,ou=groups,dc=hogwarts,dc=edu would be converted to students

Mapping of LDAP to OG group (one per line)

cn=drupal_admin,ou=drupal groups,ou=external services,dc=organization,dc=local|administrator
cn=drupal_organization_podcast_publisher,ou=drupal groups,ou=external services,dc=organization,dc=local|podcast publisher
cn=drupal_organization_psa_editor,ou=drupal groups,ou=external services,dc=organization,dc=local|psa editor
cn=drupal_organization_web_publisher,ou=drupal groups,ou=external services,dc=organization,dc=local|web publisher
cn=drupal_organization_board_admin,lou=drupal groups,ou=external services,dc=organization,dc=local|organization tools board administrator
cn=drupal_organization_boardop,ou=drupal groups,ou=external services,dc=organization,dc=local|organization tools board operator
cn=drupal_organization_daysponsor_publisher,ou=drupal groups,ou=external services,dc=organization,dc=local|organization tools day sponsor publisher
cn=drupal_organization_daysponsor_writer,ou=drupal groups,ou=external services,dc=organization,dc=local|organization tools day sponsor writer
cn=drupal_organization_eis,ou=drupal groups,ou=external services,dc=organization,dc=local|organization tools eis activator
cn=drupal_organization_pledge_monitor,ou=drupal groups,ou=external services,dc=organization,dc=local|organization tools pledge monitor
cn=drupal_organization_sat_monitor,ou=drupal groups,ou=external services,dc=organization,dc=local|organization tools satellite monitor
cn=drupal_organization_tools_user,ou=drupal groups,ou=external services,dc=organization,dc=local|organization tools user
cn=drupal_organization_user_admin,ou=drupal groups,ou=external services,dc=organization,dc=local|organization tools user administrator

Hide Part III. Even More Settings.

When should OG groups be granted/revoked from user?

When a user logs on.

What actions would you like performed when OG groups are granted/revoked from user?

Revoke OG groups previously granted by LDAP Authorization but no longer valid.

Re grant OG groups previously granted by LDAP Authorization but removed manually.

Administrative toolbar

You are here

Add Authorization Configuration

Error message

LDAP to OG group Configuration