Drupal and LDAP "employee directory" app - help needed please
At our web site, http://www.mbda.gov we need a small "Employee Directory" app on our Drupal site available to guests.
http://drupal.org/project/ldapdirectory (LDAP Directory)
http://drupal.org/project/ldap_integration (LDAP Integration)
We want to add a simple web app which will anonymously connect/query
an LDAP database in our agency to get employee info. I found those two modules and
would like to know if anyone here successfully got an app working using them?
I'm currently working with my NOC to open the proper port in
the firewall based on info I obtained from the LDAP database manager.
He says I can access anonymously on port 389, no TSL necessary and he
gave me a search base (base DN?) so queries will be filtered and
return results for our agency.
I take it'll I need to recompile my PHP5 --with-ldap so LDAP support
is enabled, right?
Could someone assist me with a few screenshots from your setup or maybe
just a small document listing the vital stuff to config? Thank you.
-jim
ps: All I need is this simple app available to guests on our portal,
we are not integrating full authentication with Drupal and AD -- well,
not as of this writing. I'll explore that later for our Intranet in a
future phase. FYI
Yes to php5-ldap...
Yes, when we did this 2 years ago we needed to enable php5-ldap. We used ldap_integration but never did get ldapdirectory working, though.
Configuring the LDAP server went something like this (with <> being placeholders for YOUR specific setup):
LDAP Server: <xx.yyy>
LDAP Port: 389
Use Start-TLS – Yes
Store password in encryped form - Yes
Base DNs: OU=,OU=,DC=,DC=
UserName attribute:sAMAccountName
The hard part was the format of the DN account to use to non-anonymous searches of the LDAP. It turned out to be <account_name@DC>, not the usual login format or even xxx\yyyy.
HTH
gary
Thanks
Thanks for the LDAP setup tips!
But can you please explain in technical detail exactly what went wrong when you said, "but never did get ldapdirectory working, though." - and what software do you propose we use as an alternative?
ldapdirectory
Hi,
I cannot remember what exactly stopped us from using it 2 years ago. Our current architectural direction doesn't use direct query of our LDAP.. instead, we're leveraging our existing CA SiteMinder infrastructure (i.e. if it can get to our URL, then we assume the user has been authenticated against our LDAP servers). I had hoped to bring across the user's tel #, address, etc, from LDAP. but we can get them from the SiteMinder headers.
Sorry I cant help you with ldapdirectory.
gary
FYI - outside of Drupal I've
FYI - outside of Drupal I've already added LDAP support to our PHP5 and written a small test script that connects to our LDAP server and pulls real data (i.e. display name and email) so in a worst case scenario I'll write a Drupal module myself complete with search form, paginated results, etc. But it would be nice if I could find some open source PHP app (does not even have to be Drupal) to save time. Anyone?
Here's the source demonstrating how easy it is to query AD via LDAP and PHP5:
<?php
$server="x.x.x.x"; // ip address of ldap server
$basedn="Ou=people,ou=mbda,ou=department of commerce,o=u.s. Government,c=us"; // Your base DN
if (!($connect = ldap_connect($server))) {die ("Could not connect to LDAP server $server");}
if (!($bind = ldap_bind($connect, "", ""))) {die ("Could not bind to $basedn");} // anonymous in this example
$results = ldap_search($connect, $basedn, "(CN=*)",array("displayname","mail"),"",1000); // include displayname and email
$entries = ldap_get_entries($connect, $results);
// Display count info then loop through $entries associative array to get our data....
echo "User count: " . $entries["count"] . "<br /><br /><b>Users:</b><br />";
for ($i=0; $i < $entries["count"]; $i++) {
echo $entries[$i]["displayname"][0]." - ";
echo $entries[$i]["mail"][0]."<br />";
}
//never forget to unbind!
ldap_unbind($connect);
?>
Obviously a simple no-frills example to show the functions and a simple query/result set, by no means for production use!!!