There is a drupal module called 'ldap' which gives authentication and authorization functions from LDAP into drupal.

Project home page: ​http://drupal.org/project/ldap

• Install as per instructions.

• Configuration:

• First activate 'LDAP Servers' and configure that module.

UHL settings:

• LDAP server type: Active Directory

• LDAP server: ldaplookups.xuhl-tr.nhs.uk

• Port: 389

• Service Account Bind (use service account credentials previously supplied by IM&T)

• Base DN: DC=xuhl-tr,DC=nhs,DC=uk

• AuthName: sAMAccountName

• Email attribute: mail

• Subsequently activate 'LDAP authentication'

• Only LDAP authentication allowed except user 1

• 'Allow Only' Text Test: OU=Cardiology (restricts logon to Cardiology dept staff

• Existing User Account conflict: associate local account with the LDAP entry

• Account creation : Create accounts automatically for LDAP authenticated users

• Email behaviour: Show disabled email field on user forms.

• Email update: Update if differs and notify user.

• Next, 'LDAP authorization' and 'LDAP authorization - drupal roles'

• Strategy II.B. - drupal roles are specified by LDAP attributes

• Attribute name: memberOf

• Mapping to drupal role: CN=BRICCS MRBS,OU=MRBS,OU=Apps,DC=xuhl-tr,DC=nhs,DC=uk|LCBRU staff

• Use LDAP group to drupal roles filtering

• Grant / revoke when user logs on

• IV.C all three options ticked

• Also activate 'LDAP help'.

Notes

There is an option for seamless or Single Sign On, but currently that is outside the scope of the BRICCS deployment.