Open Says Me! – Drupal 7 Authentication with LDAP – LDAP Defined

View Github Repository Open presentation in a new window

dozer55

See all presentation from dozer55

Open Says Me! – Drupal 7 Authentication with LDAP – LDAP Defined

0 0

ldap-pres

On Github dozer55 / ldap-pres

Open Says Me!

Drupal 7 Authentication with LDAP

Presented by Bill Crum / Chattanooga State Community College / wacrum@gmail.com

Drupal Camp Chattanooga 2015

LDAP Defined

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.

Source: Wikipedia

LDAP Defined

Keep unauthorized users out, and let authorized users in.

LDAP Defined

Or at the very least slow them down.

LDAP Defined

A common usage of LDAP is to provide a single sign on where one password for a user is shared between many services...

Source: Wikipedia

LDAP at Chattanooga State

Faculty/Staff PC Logins Student PC Logins Learning Management System Logins Student Portal Logins Many more !!!

Single Login Across Services

LDAP is our flavor of LDAP. There are others (OpenLDAP, etc.)

LDAP at Chattanooga State Benefits of Using LDAP Auth For Web Applications

Single Sign On Easy Administration of Users, Roles, etc.

(We'll talk about Roles later on)

Active Directory is Maintained by Someone Else!!!

User Authentication: The Old Way

Create database of users, write multiple scripts to manage everything....Bleh! Lots of time to manage lost passwords, password resets, security issues, etc.

User Authentication: The Newer, Easier Way

if(isset($_SESSION['username'])){
	$ldap = ldap_connect("dcdmz.cstcc.lan,ou=users,ou=staff,dc=cstcc,dc=lan");
	$sub = "cstcc\\";

	if($bind = @ldap_bind($ldap, $sub.$_SESSION['username'], $_SESSION['password']) && $_SESSION['password']<>'') {
		$_SESSION['type'] = getSessionInfo($_SESSION['username']);
	
		header("Location: access_request.php");
	}
}
Bind to LDAP, check if user exists, and log into system Users are managed by LDAP/Active Directory Administrator

User Authentication: The Drupal Way

It's Baked In! Well...sort of...Er...Ready to Bake!

Drupal and LDAP

Let the Journey Begin!

Setting up LDAP can be a pain!

Getting Geared Up

Prerequisites

LDAP Server (Lots of flavors to choose from - Microsoft Active Directory is fairly common) PHP ldap extension enabled SSL Package of Your Choosing If using LDAPS (highly recommended for secure connections), make sure certificate is installed on server Prerequisite List on Drupal.org and...

...a good relationship with your IT Department

I will cover how I was able to get this up and running on our systems.

Helpful Tools

JXplorer - Excellent tool for spelunking in LDAPs. phpLDAPadmin - Web-based tool for administering LDAP systems

Drupal and LDAP Module

Installation

Download LDAP Module from Drupal.org

Copy to sites/all/modules and extract

- or -

Use Drush! 

$ drush en ldap -y

Live Demonstration

LDAP Test Site

Questions, comments, discussion

E-mail: wacrum@gmail.com

Presentation on GitHub http://dozer55.github.io/ldap-pres/#/

Open Says Me! Drupal 7 Authentication with LDAP Presented by Bill Crum / Chattanooga State Community College / wacrum@gmail.com Drupal Camp Chattanooga 2015