drupal with active directory (ldap)
Getting drupal authenticating logins against active directory can be intimidating, at first. I certainly felt that way.
A few hints
- You will need PHP installed with the ldap extension. Use phpinfo(); to check if it’s there. Without that you can’t even begin.
- The ldap_integration module for drupal is fantastic, but the configuration is confusing if you are unfamiliar with LDAP; there is a lot of talk of ‘DN’s. As far as I can tell, a DN seems to be like an address of a leaf/branch of the Active Directory tree. For example, CN=Administrator,OU=Admin Users,DC=companyname,DC=com is the administrator user in the admin users group at companyname.com. A DN isn’t necessarily a user or computer, there are DNs for every point in the hierarchy.
- LDAP Browser from LDAPSoft (freeware) allows you to cruise around inside Active Directory, seeing a whole lot of the extra programming info that you need. Feed that info into the ldap_integration module settings and you’re in business. Set ‘Base DNs’ to be the tree branch just above where users are, and set ‘DN for non-anonymous search’ to be the DN of some user with sufficient permissions to query active directory. I put the Administrator user in there, but it’s probably naughty to do so, for security. I’ll try a more restricted user once the dust has settled.
