LDAP to Drupal Role mapping allows you to assign your user’s roles in Drupal based on their roles and groups in the LDAP / Active Directory server. When a user's information changes in the LDAP server, you can change the Drupal role information using the Drupal LDAP/ Active Directory Login module.

Configure Role mapping

• Go to the Attribute & Role mapping tab.
• Under LDAP Groups to Drupal User Role Mapping section, you will see the 3 checkboxes. Please refer to the description below and select the checkbox as per your requirement.

• Enable Role Mapping: allow your users to get the Drupal roles as per the selected LDAP groups.
• Check this option if you don't want to remove existing roles of users (New Roles will be added): add the new role to the user as per the configuration without deleting its existing role/roles.
• Enable Role Mapping for NTLM Users: automatically maps NTLM user roles from LDAP Groups to the selected Drupal Role.

• Select the role from the “Select default group for the users” drop-down. This role will be assigned to the Drupal users after successfully logging in to the Drupal site using their LDAP credentials.

• You have a separate text field for every role in Drupal. You can map the LDAP group for each role separately. If you want to map more than one group you can add the groups separating with semicolons (;).
• To get the groups of the user click on “Get your attributes” button. A popup will appear in which you will get the group of the user under the memberof attribute.

• Now enter the group DN under the Drupal role text field in which you want to assign the drupal role to the users of that group. Eg. if you enter the LDAP group DN (cn=testGroup,dc=xe****fy,dc=com) under the content editor text field, all your users present in LDAP testGroup group will get the content editor role after logging in using their LDAP credentials.
• Click on the Save Configuration button to save your settings.
• To test the above, please open an incognito window / new browser and go to your Drupal site’s login page.
• Now please login the user using its LDAP credentials. The user will get the drupal role as per configured the LDAP group. Eg. If you try to log in the user “john doe” ( present in cn=testGroup,dc=xe****fy,dc=com group) will get the drupal content editor role. You can refer to the below image.

• Congratulations, you have successfully configured Role mapping in Drupal LDAP.

If you want any assistance to configure the module or want to try the fully featured 7-days trial version of the module feel free to reach out to us at drupalsupport@xecurify.com