Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I dont know how I can transfer user roles from drupal to ldap with "ldap user module"
I make it with rules (on chenge account events and PHP action), I use "memberof" LDAP usser's attr
<?php
/**
* Created by PhpStorm.
* User: trans
* Date: 28.10.15
* Time: 10:52
*/
function f_ldapconnect()
{
$v_ldapUrl="ldap://192.168.1.141";
$v_ldapPort =389;
$v_ldapCnctn=ldap_connect( $v_ldapUrl,$v_ldapPort ) or die( "Sorry! Could not connect to LDAP server {$v_ldapUrl}" );
ldap_set_option( $v_ldapCnctn,LDAP_OPT_PROTOCOL_VERSION,3 );
//$username="AdminUserName";
$v_ldapPassword="pass!";
$v_ldapUser ="cn=Directory Manager";
$v_ldapResult=ldap_bind( $v_ldapCnctn,$v_ldapUser,$v_ldapPassword ) or die( "Error: Couldn't bind to server using provided credentials!" );
if( $v_ldapResult )
{
return $v_ldapCnctn;
}
else
{
die( "Error: Couldn't bind to server with supplied credentials!" );
}
}
function f_getldapuserID( $p_connection,$p_username )
{
/* Write the below details as per your AD setting */
$v_basedn="ou=People,dc=expert,dc=life";
/* Search the user details in AD server */
$v_searchResults=ldap_search( $p_connection,$v_basedn,$p_username );
if( !is_resource( $v_searchResults ) )
{
die( 'Error in search results.' );
}
/* Get the first entry from the searched result */
return ldap_first_entry( $p_connection,$v_searchResults );
}
/*(1) poluchim soedenenie*/
$user_name="(uid={$account->name})";
$v_ldapConnection=f_ldapconnect();
$v_ldapUserID=f_getldapuserID( $v_ldapConnection,$user_name );
$v_ldapUserDN =ldap_get_dn( $v_ldapConnection,$v_ldapUserID );
$v_ldapUserATTRS=ldap_get_attributes($v_ldapConnection, $v_ldapUserID);
/*(2) udalim starie atributy*/
$v_memberof_forDEL=array();
$v_memberof_forDEL['memberOf']=array();
foreach($v_ldapUserATTRS['memberOf'] as $v_grp)
if(strlen($v_grp)>5)
{
//drupal_set_message( '<pre>'.print_r( $v_grp,true ).'</pre>' );
$v_memberof_forDEL['memberOf'][]=$v_grp;
}
$result_1=ldap_mod_del($v_ldapConnection,$v_ldapUserDN,$v_memberof_forDEL);
if( $result_1 )
{
//drupal_set_message( "Succsess: User{$user_name} roles deleted" );
}
else
{
drupal_set_message( "ERROR!!!: User{$user_name} roles NOT deleted" );
}
/*(3) dobavim atributy*/
$v_member_new=array();
$v_member_new['memberOf']=array();;
foreach($account->roles as $role)
{
$v_member_new['memberOf'][]="cn={$role},ou=Groups,dc=expert,dc=life"; ;
//drupal_set_message( '<pre>'.print_r( $role,true ).'</pre>' );
}
$result_2 = ldap_mod_add($v_ldapConnection, $v_ldapUserDN, $v_member_new);
//drupal_set_message( '<pre>'.print_r( $v_member_new,true ).'</pre>' );
//drupal_set_message( '<pre>'.print_r( $v_ldapUserATTRS,true ).'</pre>' );
if( $result_2 )
{
//drupal_set_message( "Succsess: User{$user_name} roles GRANTED" );
}
else
{
drupal_set_message( "ERROR!!!: User{$user_name} roles NOT GRANTED" );
}
ldap_close($v_ldapConnection);
Comments
Comment #2
jean jack CreditAttribution: jean jack commentedHi, transformator!
Will you please tell me, have you test your code with AD 2012? Is it correct?
I tried to change a [memberOf] attribute for user object by LDAP Explorer Tool, and the server returned an error "Unable to modify the attribute. Server refused the query" .
And what can you say about this approach https://www.drupal.org/node/2189503 . Have you been tried it?
Look, i am asking such question because im finding the way to synch the Drupal role TO LDAP AD Security groups.
Comment #3
grahlAdding roles to LDAP would be nice, though that might not be easy to abstract and rely on custom code as above though maybe easier if we resolve full support for Token in the related issue.
Not really something for 7.x anymore.
Comment #4
grahlClosing this for now due to little interest in the meantime, please reopen if you are interested in helping out and/or need this feature.