Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.This project is not covered by Drupal’s security advisory policy.
This modules allows a two-steps login by first asking for a username or a mail address then a password if a match is found in Drupal DB or any configured LDAP.
What this module does:
- Add a hook to the login form in order to insert a class-based display
- Grab the user input and call a the "/check_user_mail" url through ajax
- Look for a matching username or mail address inside Drupal DB
- If no results are found, look all configured LDAP servers
- Check through the whitelist and blacklist to ensure that only one user matches
To be implemented:
- Some configuration: username only / mail address only / both (default)
- Security:
- link each attempt to the flood table, to avoid brute force logins
- allow to configure a max attempts number
Dependencies
- ldap_servers
- ldap_profile
- ldap_authentication
Project information
- Project categories: Access control
- Created by Smart-Origin on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
