Drupal for AD認證

最近一陣子都在玩Drupal,由於公司需求,要讓Drupal能夠
經由Active Directory認證,來達成一組帳號,行遍天下的目的,
想當然爾,去問了G老大,
Drupal有支援LDAP及AD的認證,這是不用講的,
就在於如何設定呢……參閱了MartOn所寫的,
怪了,怎麼設就不對,
差點都快瘋了,
才發現DN for non-anonymous search:的地方設錯了,
之前都直接打administrator,
其實是要跟設LDAP一樣,完整的寫出DN,
但cn,ou有可能是中文的(問了Cyrus才發現),
天啊….為了這個問題,我竟然花了那麼久才弄好,唉!!!!
設定如下(請參閱MartOn所寫的會更清楚)


LDAP Integration settings:
Server settings:
Organization name: here I put our Active directory name
LDAP Server: here I put IP adress to a AD controller
LDAP Port: 389
Use Start-TLS encryption Not selected
Store passwords in encrypted form Not select
Login procedure:
Base DNs: here you have to set your DN path to where your users reside.
Example:
If you have a AD named: ad.mycompany.int
And users are stored in the Internal OU (it will automatically look in sub-OUs, so this is the top most)
String is then: OU=Internal,DC=ad,DC=mycompany,DC=int
Username attribute: sAMAccountName
Email attribute:mail
Advanced config:
DN for non-anonymous search: your sys AD account
(請填寫完整DN,就敗在這)
Password for non-anonymous search: password for your sys AD account

LDAP Data settings:
Drupal-LDAP fields mapping
Same, but read-only mode SELECTED
Drupal field - LDAP attribute
mail = mail
the other I have blank, since I do not need them
Editing LDAP attributes directly(Attribute Visibility & Access Control)
Attributes displayed on user pages: Here I checked Last Name, Common Name
Attributes that can be edited by users: Here I have non chosen since I do not want drupal to write back to AD
Advanced configuration
Here is the same as on ldapauth(LDAP Integration)

LDAP Groups settings:
Group is specified in user's DN Not select
Attribute of the DN which contains the group name: OU
Groups are specified by LDAP attributes: SELECTED
Attribute names (one per line): MemberOf
Groups exist as LDAP entries where a multivalued attribute contains
the members' CNs Not Selected
Nodes containing groups (one per line):
Here I have the same DN as in ldapauth(LDAP Integration)
Example:
If you have a AD named: ad.mycompany.int
And users are stored in the Internal OU
(it will automatically look in sub-OUs, so this is the top most)
String is then: OU=Internal,DC=ad,DC=mycompany,DC=int

Attribute holding group members: memberUid