Recently we've expanded the applications that we connect to LDAP for and in the process we wanted to make one of those sites the original source of the LDAP user data. This means that provisioning all of a user's information down to LDAP -- something we previously did with a custom-coded worker script from another system -- we'd like to accomplish through Drupal.

Unfortunately, it appears that the current LDAP User functionality is quite limited in this regard. The [- User Tokens -] selection for provisioning data doesn't appear to use the normal token system Drupal does, nor does it use the entity metadata wrapper system that Rules does for determining what is available on the user object. Instead, it appears that the way to do this is to implement hook_ldap_user_attrs_list_alter and provide custom synchronization code.

Is there a reason that LDAP couldn't be switched over to use either of the two other more standardized systems that Drupal provides and which many developers already integrate with? This would provide immediately expanded functionality in the realm of multi-column field types, such as the Name Field module https://drupal.org/project/name -- the use case of provisioning [cn] and [sn] attributes here should be obvious.

What kind of work or technical challenges would be involved in refactoring the module to use these systems? Is it something that could be hypothetically implemented in the hook that ldap_user provides?

Comments

jay-dee-ess’s picture

jay-dee-ess commented
Category: Task » Feature request

Interested in this as well.

grahl’s picture

grahl
he/him
Location Zürich
commented
Title: Drupal to LDAP: Tokens, multi-column fields and complex data provisioning » Switch user tokens to full Token support
Version: 7.x-2.x-dev » 8.x-3.x-dev

I'd like to get this into 8.x if possible, would anybody be willing to work on a preliminary patch?

grahl’s picture

grahl
he/him
Location Zürich
commented
Status: Active » Postponed
jungle’s picture

jungle
He/Him
Location Chongqing, China
commented
Related issues: +#1237814: LDAP User: Support Profile

If the token module were used in the current ldap_user submodule, the LDAP User: Support Profile issue will be resolved or partially resolved probably.

grahl’s picture

grahl
he/him
Location Zürich
commented

@jungle: I don't see what one has to do with the other. Can you explain your reasoning?

jungle’s picture

jungle
He/Him
Location Chongqing, China
commented

Hello, @grahl, thanks for your concerning.

As you may know, the token module allows tokens to be chained. FYI: https://www.drupal.org/node/2493559

So probably the LDAP attributes can be mapped as something similar to the following:

[user.profile:basic:field_first_name] -> [givenname]
[user.profile:basic:field_last_name] -> [sn]

if the above works, then profile is supported.

Not sure I am right, just an idea.

grahl’s picture

grahl
he/him
Location Zürich
commented
Priority: Normal » Major

Thank you for that feedback, that makes it a bit clearer.

I agree with you that your approach would solve your problem.

The other issue was tracking support for the Profile module with a direct extension of Profile fields, along the lines of regular fields. Your use-case would likely have been supported by that, but not something more complex or derived, as the original author points out, for which the tokens would be helpful. Unfortunately I cannot check whether this would work anymore since the module has vanished from github. So pursuing this approach now might yield better results more quickly for more people.

I'm considering pursuing this after the symfony/ldap integration but cannot promise anything. Patches welcome.

grahl’s picture

grahl
he/him
Location Zürich
commented
Version: 8.x-3.x-dev » 8.x-4.x-dev
grahl’s picture

grahl
he/him
Location Zürich
commented
Status: Postponed » Closed (outdated)

I'm closing this as outdated, also because there is an ldap_profile module now. Please create a new issue if and when you have a distinct use-case for this feature that isn't addressed by what is currently available.