Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Experimental project
This is a sandbox project, which contains experimental code for developer use only.
The goal is to provide and automate a bridge between Drupal roles and Monster Menus groups. This is particularly useful with LDAP's Authorization mechanism; the combination effectively allows LDAP/AD permissions to map to Monster Menus permissions without further administration (just keep your LDAP/AD tree clean).
Example Configuration and Usage
There is no module-specific configuration; all configuration happens in Monster Menus and Drupal core, such as in the following example:
- As admin, go to http://yoursite/?q=groups (the Monster Menus groups administration screen)
- Click the "Settings" tab
- Click "Add sub-group"
- Fill in the form with appropriate information (the specifics do not matter for the next steps), and then click "Create sub-group"
- You should see "there are no users in this group" on the success screen.
- Go to People -> Permissions -> Roles
- Add a role (note: if you want LDAP Authorization to sync LDAP/AD membership in this role, you should name this role the same as the governing LDAP attribute value/group, as configured in LDAP Authentication)
- Click Edit on the newly created role
- In the resulting dialog, under the "Action" heading of the "Add Group Members" section (provided by Monster Menus), click "Choose..."
- In the Monster Menus group navigation screen, navigate to your desired MM group (you may need to click the "View entire tree" button to find your group)
- Select the group in the tree view and click "Select", which will close the dialog
- Save the changes to the role
- Success! All changes in membership to the role will be automatically synced with the selected group. All that remains is to create MM groups, assign desired permissions to them, and tie those groups to Drupal roles (following the steps above) as your environment requires.
With this configuration, roles sync to MM groups (not the reverse). Hooray! But by configuring LDAP Authorization ("Role Mapping" under section III of LDAP Authorization's configuration), this can be extended even further such that LDAP/AD syncs to roles, which then sync to MM groups, and all permissions are ultimately governed by LDAP/AD.
For AD specifically, uncheck "Use LDAP group to Drupal Roles filtering," set the governing LDAP attribute to be "memberOf" (such that each "memberOf" value is mapped to a Drupal role of the same name), and turn on automatic creation of Drupal roles based on that value.
Project information
- Module categories: Access Control
- Created by jay.dansand on , updated
