Mapping User Fields with CAS and LDAP Modules
Note: Drupal 7 instructions only are given as most websites move away from Drupal 6.
- Drupal 7.x
- An LDAP App ID: request from EDNATeam@asu.edu
- CAS (http://drupal.org/project/cas)
- CAS Attributes (http://drupal.org/project/cas_attributes)
- Lightweight Directory Access Protocol (http://drupal.org/project/ldap)
Webspark (Drupal 7) Setup
- Install and enable required modules.
- CAS – Only the CAS sub-module needs to be enabled.
- CAS Attributes – Both CAS Attribute Tokens and CAS LDAP Tokens must be enabled.
- LDAP – Only the LDAP Servers sub-module need to be enabled. Other LDAP sub-modules can be enabled if you need them later. (If the CAS LDAP Tokens module is available, you can optionally enable that module as well.)
- Obtain an LDAP application ID/password if you don't already have one. (This is required to connect to ASU's LDAP resources.)
- Add an LDAP server.
- Navigate to admin/config/people/ldap/servers/add
- Set the field values to match those in the attached image called ldap-module-settings.png. (The red text values will be provided by Step 2.)
- Navigate to list of LDAP servers at admin/config/people/ldap/servers and click on the test link to test your settings.
- Navigate to the main LDAP settings page at admin/config/people/ldap and check the Require HTTPS On Credential Pages. This makes sure that any login pages are sent over HTTPS.
- Setup CAS module.
- Follow the instructions at https://drupal.asu.edu/build/cas-central-authentication-service to setup the CAS module.
- Setup CAS Attribute mapping to user fields.
- Navigate to admin/config/people/cas/attributes
- Set the field values to match those in the attached image called cas-attribute-module-settings.png.
- Map other LDAP attributes to your user fields as necessary by using the [cas:ldap:?] tokens (see a list of them at admin/config/people/cas/attributes/ldap).
- Do not set the Username and E-mail address fields as those user fields will automatically get populated by the CAS module when the user first logs in.
- Test your settings. This can be done one of two ways:
- Clear out your own user fields (first name, last name, etc.) at your user edit page, logging out, and then logging back in. Your user should now have the fields you mapped populated with the data from the LDAP server... OR...
- Go to /admin/config/people/ldap/servers, click Test, and follow the instructions there.
Setup is now complete.
A note about using rules
If you are using the rules module to check for user events (login, before save, after save, etc.), the events will not be triggered due to this issue (http://drupal.org/node/1420170). You can follow some of the suggestions given in the issue thread, mainly changing the weight of the cas module and triggering a rules event, but at your own risk.