How can I restrict access based on LDAP Groups?

Events happening in the community are now at Drupal community events on www.drupal.org.
fahl5's picture
Posted by fahl5 on September 1, 2011 at 8:24pm

I found in OS-LDAP settings: "PHP to filter users based on their LDAP data:" That seem to be exactly what I am looking for, since I just want our techer to be able to login.
I dont want to risk, that "bad PHP code here will break my site". If I have a LDAP usergroup xxx and another xxy an perhaps think about adding another group xxz how must the entry be to disallow one group to login or to create sites but allow the other to do so.
best
Steffen

Comments

Every LDAP server is

Posted by MPetrovic on September 1, 2011 at 8:43pm
MPetrovic's picture

Every LDAP server is different, so I can't say what you need to put in there. I would suggest you enable the devel module and enter dpm($ldap); return true; and try to login. You should see a message that will let you see what variables you have to work with.

Once you know which variable corresponds with group, you can use this:

$groups = array ('xxx', 'xxy', 'xxz');
return in_array($ldap['groupName'], $groups);

where groupName is whatever variable corresponds with user groups.

Cannot get LDAP to work

Posted by mhkc on September 15, 2011 at 2:43pm
mhkc's picture

Hi - we're trying to get the LDAP function working but so far without success.

We've got another site using the ldap authentication module and it works like a charm. For some reason on open scholar it just will not recognize the ldap restriction.

  • We've tried a fresh install of the site and database to ensure the default settings are in place.

  • The only module we added was the ldap authentication module (since the openscholar ldap page indicates that this is meant to work in conjunction with the other app)

  • We've tried activating just one or the other or both of the ldap modules with no success.

At present anonymous users can create accounts and web sites, no restrictions.

Are we being dense, or are we completely missing a key configuration element?

Any assistance very much appreciated.

LDAP filter by user name

Posted by moskar on May 20, 2013 at 10:18pm
moskar's picture

Hi, after trying so long I could make this code work, you can use this:

$user_list = array ('user1', 'user2', 'user3');
return in_array ($ldap['uid'][0], $user_list);

where uid is the attribute of user in your ldap server.

Restrict access by employee type filter on LDAP

Posted by cjdalupan on January 2, 2014 at 7:53am
cjdalupan's picture

Hi, Im a newbie on openldap, and I'm trying to filter the login access of the site by its employeetype attribute. Im trying to insert it on my DN but still other users without employeetype value can login.
Any help or suggestions that might help the problem?
TIA

OpenScholar

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: