Update Users in the LDAP server

This document will guide you through the steps required to configure the Drupal LDAP Provisioning. When the Drupal user account is updated, it automatically updates the corresponding LDAP entry on the configured LDAP server. Plus, you can sync Drupal groups and roles with LDAP groups, simplifying user synchronization between LDAP and Drupal.

You can also explore the guide on automatically creating an LDAP entry from a Drupal account when a new user registers on your Drupal site.

The Update User Entry in LDAP/Active Directory Server feature enables you to provision your users based on the following events::

• Admin Interface:- When administrators or privileged users manually update a user’s account via the Drupal admin interface.
• User account change:- Whenever users themselves modify their own information like email or username etc. from user/user_id/edit or any other custom form.
• 3rd Party Modules:- Whenever a user entity is updated in the Drupal site using any third-party modules/applications or using custom code.

Prerequisite:

• Install the Drupal LDAP / Active Directory Integration module.
• Set up the above module with your LDAP or Active Directory server. You can also refer to this setup guide for assistance.

Steps to configure LDAP provisioning (User update):

• After the successful configuration of the module navigate to the LDAP Provisioning tab of the module

• Enable the Update user information in Active Directory/LDAP when user information is updated in the Drupal checkbox.

• Click on the Save Configuration button.

Note: You have the option to map Drupal user information like fields, roles, and groups with specific LDAP attributes that you wish to modify in the LDAP server. This can be done in the Attribute & Role Mapping tab of the module (admin/config/people/ldap_auth/attribute_mapping). This will automatically update your users' LDAP records based on the saved configuration. For more details, refer to the Attribute Mapping, Role Mapping, and Group Mapping guide.

For example, as shown in the image above, we've mapped LDAP's userprincipalname with Drupal's mail field and givenname with Drupal's custom field firstname. This means that if we make changes to a user's email and first name in Drupal, those updates will automatically reflect in the LDAP/Active Directory server for the user's 'userprincipalname' and 'givenname'.

Let’s see how this works:

Let us assume that we want to update a user doejohn on the Drupal site as well as on the LDAP/Active Directory server.

• Login to your Drupal site with the admin credentials.
• After logging in as an admin, go to the People section of your site (admin/people). Locate the user whose details you wish to modify and click the Edit button (/user/{user_id}/edit)

• Now update the user information as per your requirement and click on the Save button.

Congratulations, you have successfully updated the user’s (doejohn in our case) information in both Drupal and your LDAP server. You can confirm it from your LDAP server.

If you don't have access to your LDAP server then you can confirm the same by checking the user LDAP entry.

Get user LDAP Entry:

• Navigate to the LDAP Configuration tab of the module and scroll down to the Test Authentication section. Enter the username and password of the user that we updated earlier (doejohn in our case) and click on the Test Configuration button (admin/config/people/ldap_auth/ldap_config#test_authentication).

• After a successful Test Configuration, click the Get Your LDAP Attributes to check the user’s LDAP entry.

• You can see that the user’s userprincipalname and givenmane in LDAP have been updated to match the Drupal 'mail' and 'firstname' fields respectively.

We hope that you find this guide useful and easy to configure.

If you want a 7-day fully-featured trial or have any questions or in case you need any sort of assistance in setting up the module according to your use case, please feel free to drop us an email at drupalsupport@xecurify.com.