Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Finally a new beta... with lots of new and fixed stuff... IMHO, this is really close to a v1.0 release... but that may be developer pride...so it needs more folks to kick it's tires first.
Installation
This release requires you to run the update.php process after updating the module files.
A new ldapsync module that allows for bulk imports/cron based data sync of users from LDAP servers.
Support for defining settings and servers via a Features "module"
Support for Import/Export of settings via admin GUI
Modules refactored to use ldap.core.inc common functions
Various modules now have more API hooks for localized support (see [module].api.php files for details)
Full read/write support for Content Profile module
Modules have strong checks for duplicate names and e-mail conflicts to keep with Drupal account practices.
Support for Persistent User IDs to allow for definitively identifying users who's name, e-mail, and/or user id has changed in LDAP. See the README-PUID.txt file for information.
Lots of internal optimizations like only returning required attributes and using cache to limit DB and LDAP calls.
This release fixes:
* The LDAP integration module does not implement a confirmation pages for the LDAP server activation/deactivation which could cause a CSRF attack.
* A user defined server name is not properly escaped on the administration pages which might lead to a XSS attacks.
* The user's LDAP data is not properly access controlled before displaying it in the user profile pages which allows unauthorized view of the data.
* Some user management access rules are ignored during the authentication process.
This release fixes:
* The LDAP integration module does not implement a confirmation pages for the LDAP server activation/deactivation which could cause a CSRF attack.
* A user defined server name is not properly escaped on the administration pages which might lead to a XSS attacks.
* The user's LDAP data is not properly access controlled before displaying it in the user profile pages which allows unauthorized view of the data.
* Some user management access rules are ignored during the authentication process.
LDAP Integration 5.x.1.1 is now available for download. This is a maintenance release that fixed an important security issue.
Instructions
Download the full build and install it over the existing 5.x.1 build of ldap_integration. There are no database updates with this release, so it is not necessary to run update.php