Last updated September 18, 2012. Created on December 13, 2010.
Edited by johnbarclay, areynold. Log in to edit this page.

The LDAP project allows you to integrate your organization's existing LDAP-enabled identity management service (such as Active Directory) into Drupal. Components:

LDAP Project Modules

  • LDAP Servers. Stores connection information for ldap servers and relationships between ldap and drupal users. Also contains api functions for LDAP project.
  • LDAP User (7.x-2.x branch). Controls provisioning and synching mappings of Drupal user fields and properties to and from LDAP Entry attributes.
  • LDAP Query. Stores individual queries that can be leveraged by other modules such as LDAP Feeds and LDAP Views.
  • LDAP Authentication. Authentication via user credential checking or single sign on methods such as NTLM.
  • LDAP Authorization. Conversion of ldap user data to drupal roles, organic group memberships and other authorization consumers.
  • LDAP Feeds. Fetchers for LDAP Queries and LDAP Users to integrate with Drupal Feeds module.
  • LDAP Views. Views module integration for LDAP Query resultsets
  • LDAP Help. Helper module for debugging configuration issues with other LDAP Modules.
  • LDAP Test (7.x-2.x branch). This is simply for automated test coverage and never needs to be enabled; the simpletests will enable it while running. It contains the mock ldap server and related helper functions.

LDAP Authorization and Authentication can be used together or independently of one another, but both require a working server definition in LDAP Servers.

Common Use Cases For LDAP

  • Provision and authenticate users based on LDAP credentials
  • Grant Drupal Roles based on LDAP entry attributes
  • Grant OG Membership based on LDAP entry attributes
  • Use feeds to create or update nodes or user data based on ldap queries.
  • Provision and synch between LDAP Entries and Drupal Users.
ldap_settings.png57.24 KB

Looking for support? Visit the forums, or join #drupal-support in IRC.


Andrés Chandía’s picture

I wander if this could be the solution for the server I administrate, if sombody could give me advise, I would appreciate it.

1 server, each site it's own database on the same database server

main site Drupal 7
other sites
Drupal 6 - 1
Drupal 6 - 2
Web application 1 (non drupal)
Web application 2 (non drupal) httP://
Moodle 1.9
Moodle 2.0

So the goal is give the users a SSO service for all these webs, obviously the drupal 6 sites will upgrade as soon as possible but in the meantime the service is active and we need to implement the Single Sign On (SSO).

Thanks in advance.


jbarwick’s picture

I have found that a DB update failed during one of these beta upgrades (they haven't been smooth, I always get a "module already installed" each time a new beta comes upgrading is a pain).

Anyway, I want to "disable" one of my LDAP sources (I have 2) and I am getting the following error:

PDOException: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'unique_persistent_attr_binary' in 'field list': UPDATE {ldap_servers} SET sid=:db_update_placeholder_0, name=:db_update_placeholder_1, status=:db_update_placeholder_2, ldap_type=:db_update_placeholder_3, address=:db_update_placeholder_4, port=:db_update_placeholder_5, tls=:db_update_placeholder_6, bind_method=:db_update_placeholder_7, binddn=:db_update_placeholder_8, bindpw=:db_update_placeholder_9, basedn=:db_update_placeholder_10, user_attr=:db_update_placeholder_11, account_name_attr=:db_update_placeholder_12, mail_attr=:db_update_placeholder_13, mail_template=:db_update_placeholder_14, unique_persistent_attr=:db_update_placeholder_15, unique_persistent_attr_binary=:db_update_placeholder_16, user_dn_expression=:db_update_placeholder_17, ldap_to_drupal_user=:db_update_placeholder_18, testing_drupal_username=:db_update_placeholder_19, group_object_category=:db_update_placeholder_20, search_pagination=:db_update_placeholder_21, search_page_size=:db_update_placeholder_22, weight=:db_update_placeholder_23 WHERE (numeric_sid = :db_condition_placeholder_0) ; Array ( [:db_update_placeholder_0] => SenLDAP [:db_update_placeholder_1] => SenLDAP [:db_update_placeholder_2] => 0 [:db_update_placeholder_3] => openldap [:db_update_placeholder_4] => mtldap [:db_update_placeholder_5] => 389 [:db_update_placeholder_6] => 0 [:db_update_placeholder_7] => 1 [:db_update_placeholder_8] => cn=Administrator,dc=domain,dc=com [:db_update_placeholder_9] => i4Cf4VHJqkAXHYMVhoiKYqrfqqfq [:db_update_placeholder_10] => a:1:{i:0;s:36:"ou=accounts,dc=sentienthealth,dc=com";} [:db_update_placeholder_11] => uid [:db_update_placeholder_12] => [:db_update_placeholder_13] => mail [:db_update_placeholder_14] => [:db_update_placeholder_15] => [:db_update_placeholder_16] => [:db_update_placeholder_17] => uid=%username,%basedn [:db_update_placeholder_18] => [:db_update_placeholder_19] => [:db_update_placeholder_20] => [:db_update_placeholder_21] => 0 [:db_update_placeholder_22] => 1000 [:db_update_placeholder_23] => 0 [:db_condition_placeholder_0] => 3 ) in drupal_write_record() (line 7036 of /srv/www/mec/httdocs/includes/

Any clues as to what update didn't get 'updated' and how do I manually do the update?

z_eos’s picture


can I do add/modify/delete operations upon LDAP objects with "LDAP Project modules"?

I can successfully query for data but I am totally upset with inability to find the way to do the operations ... are they possible at all with the project or I have to do that with php_ldap "by hands"?

please, help me to find the point to start from ...

josemanuel.velasco’s picture


I need to add a new ldap server type and introduce all the logic to connect, auth and query the directory.

This directory is: Sun Java System Directory Server Enterprise Edition 6.3 [] and I have a php-api available to work with it.

The logic for this directory is quite different from others, at least the installation I have to use. It uses an external file to define the HOST, PORT, USER and PASSWD for connecting to the server, and the connection is made through this file as:

$resultat = LDAPC_NEW("");

This open the connections and after that, something as:

function					checkFindMultiCriteriaEntityUsers()


	$pSearchCriteria = initLdapSearchCriteria();

	$resCode = addLdapSearchCriteria($pSearchCriteria,SEARCH_CRITERIA_USER_CODEUO,"A000017537",SEARCH_TYPE_EQUAL);	
	$resCode &= addLdapSearchCriteria($pSearchCriteria,SEARCH_CRITERIA_USER_CODEUO,"A000014705",SEARCH_TYPE_EQUAL);

	$resCode &= addLdapSearchCriteria($pSearchCriteria,SEARCH_CRITERIA_VALIDITY,"ORGA_NP_NM",SEARCH_TYPE_EQUAL);
	$resCode &= addLdapSearchCriteria($pSearchCriteria,SEARCH_CRITERIA_VALIDITY,"ORGA",SEARCH_TYPE_EQUAL);
	if (resCode)
		$listUsers = findLdapUsersBySearchCriteria($pSearchCriteria);		
	if (isObjectNotNull($listUsers))
		$i = 0;
		$pUser = getListUserElement($listUsers,$i);	
		while (isObjectNotNull($pUser))
			$pUser = getListUserElement($listUsers,$i);	
		FAIL("User non trouvés dans la recherche multi-critères");

I will appreciate any guide. Mindwhile I continue with my research.

Thanks in advance.

Tharick’s picture

Hi Folks,

Am using Drupal LDAP module, its all working fine in my localhost server (WAMP).

But, when I move to dev server, am getting the error "Failed to bind to server. ldap error #-1 Can't contact LDAP server".

By the way, I can't select the "Encrypt Stored LDAP Passwords", its disabled and it says "Encryption is not supported on this web server." . How I can enable this one may be it will "Blowfish or No Encryption".

Thanks in advance.


manojc’s picture

Is it really possible to map drupal roles to Openldap roles/groupOfNames ?

I been trying for weeks but of no use.

I am able to map LDAP roles with drupal but not the vice-versa.

Could anyone clarify or help me to solve this ?