Active Directory Integration
Setup Profile Fields
- Select Administer -> User Management -> Profiles
- Select single-line textfield under Add new field
- Category: Corporate Information (or any other category name you want to give)
- Title: Name
- Form Name: profle_AD_name
- Visibility: Hidden profile field, only accessible by administrators, modules and themes.
- Select Save field
- Select single-line textfield under Add new field
- Category: Corporate Information
- Title: Title
- Form Name: profle_AD_title
- Visibility: Hidden profile field, only accessible by administrators, modules and themes.
- Select Save field
- Select URL under Add new field
- Category: Corporate Information
- Title: Profile
- Form Name: profile_my_account_url
- Visibility: Hidden profile field, only accessible by administrators, modules and themes.
- Select Save field
- Select single-line textfield under Add new field
- Category: Corporate Information
- Title: E-Mail
- Form Name: profile_AD_email
- Visibility: Hidden profile field, only accessible by administrators, modules and themes.
- Select Save field
- Select single-line textfield under Add new field
- Category: Corporate Information
- Title: Location
- Form Name: profile_AD_location
- Visibility: Hidden profile field, only accessible by administrators, modules and themes.
- Select Save field
- Select single-line textfield under Add new field
- Category: Corporate Information
- Title: Telephone
- Form Name: profile_AD_telephone
- Visibility: Hidden profile field, only accessible by administrators, modules and themes.
- Select Save field
- Select single-line textfield under Add new field
- Category: Corporate Information
- Title: Department
- Form Name: profile_AD_dept
- Visibility: Hidden profile field, only accessible by administrators, modules and themes.
- Select Save field
Configure LDAP Data Module
- Make sure that the ldapdata module is enabled
- Select Administer -> Site configuration -> LDAP Data. All of the active ldap configurations are listed on this page. If there are no LDAP configurations listed, then it means that either the ldapauth module is not installed, enabled or otherwise in use. Setup and configure the ldapauth module first. Documentation on this is here
- Edit the ldap configuration you want to use
- Expand the Drupal-LDAP fields mapping and select Same, but read-only mode mapping
- Map the profile fields to LDAP attributes as follows:
- profile_AD_name = cn
- profile_AD_title = title
- profile_AD_email = mail
- profile_AD_location = physicalDeliveryOfficeName
- profile_AD_telephone = telephoneNumber
- profile_AD_dept = department
- Expand the Attribute Visibility & Access Control and uncheck all check boxes
- Expand Advanced Configuration
- DN for reading/writing attributes: Enter the full DN of a user account which has read privileges on the above ldap attributes.
- Password for reading/writing attributes: Enter the password of the dn
- Edit the file ldap_integration/ldap_integration/ldapdata.conf.php from your modules directory and enable the mapped ldap attributes as follows:
$GLOBALS['ldap_attributes'] = array( 'cn' => array('text', 'textfield', t('Common Name'), 64, 64), 'mail' => array('text', 'textfield', t('Email'), 64, 64), 'title' => array('text', 'textfield', t('Title'), 64, 64), 'physicalDeliveryOfficeName' => array('text', 'textfield', t('Location'), 64, 64), 'telephoneNumber' => array('text', 'textfield', t('telephoneNumber'), 64, 64), 'department' => array('text', 'textfield', t('Department'), 64, 64), );
Pull Active Directory information into a block
We will create a block using the views module and pull all of the profile data from the database that was mapping to the LDAP directory. The views module also allows for exporting the code once it is setup. Download the block code from here and follow the directions to import it.
- Go to Administer -> Site building -> Views -> Import
- Copy and paste the contents from the downloaded file
- Click Save to save the block
Integrate the block into the User Profile page
- Edit the template node-uprofile.tpl.php and replace:
<div class="content"> <?php print $content ?> </div>with
<div class="content"> <fieldset class="fieldgroup corporate-info collapsible"> <legend>Contact Information</legend> <?php $view = views_get_view('AD_Info'); print views_build_view('block', $view); ?> </fieldset> <?php print $content ?> </div> - The block displays the user’s contact information in a list format and will require some styling before it is presentable. If you are good at CSS, then you will want to style it yourself, but at a minimum, you will need to edit the style.css of your theme and insert this:
.view-label { float: left; padding-right: 5px; }
Whew! We now have our profiles fully configured and integrated with Active Directory. The profile page should now look like this.
Searchable List of Profiles
In order to create a searchable list of the user profiles, we will use the views module. This time, we will create a page from the views module. In addition, we will also create a menu item in the navigation block called “Employee Directory”. The entire code for this is available for download and a simple import will take care of this step.
- Go to Administer -> Site building -> Views -> Import
- Copy and paste the contents from the downloaded file
- Click Save to save the view
A menu item called “Employee Directory” will appear in the navigation. The resulting profile listing page will look like this.
That’s the last step! The profile pages are fully integrated into Active Directory, and a searchable profile listing page is also available to your users.
Great tutorial! Thanks for sharing. I was able to successfully duplicate your implementation for my needs with a few exceptions:
1) when creating the AD block view, I do not have an option to add the user ID field from the users as shown in your view. I do have, however, a user ID field from the usernode table.
2) I cannot seem to get the block to display as yours does, which might be due to the above.
Would you happen to know how I can fix these two issues?
Thanks again!!
Oh … and … where does the account_url come into play? I just noticed that if I try to edit a profile of a user when logged in as admin, it saves the node as admin profile (I assume because of the authoring info).
Nikkol
The account_url is used to provide links in the Searchable list of user profiles (Employee Directory).
Nikkol
Regarding your question about the AD block view, can you specify which step you are having this problem ? Did you try to import the code for the AD Block ?
Thanks for the tutorial. I’m a little confused – is the data in active directory supposed to show up in the Employee Directory view automatically, or would each user have to create a uprofile first? I’m trying to display a phone book populated by AD info. Any advice appreciated. Thanks!
The AD data should show up as soon as the profile page is created. It pulls it automatically from Active Directory.
Can this be updated for Drupal 6?
Unfortunately, no. I do not have access to Drupal (nor Active Directory, for that matter).