Tag1 Consulting: Enterprise, LDAP, and Drupal’s Group Module

We are excited to share details about our recent integration with the Group module . By default, Group module stores group memberships in the Drupal database. For a recent project, our Client required that group memberships are canonically stored in their existing LDAP directory. That way, memberships may be re-used to control access to 3rd party applications like real-time chat, file sharing, etc. Group module provides a simple service, GroupMembershipLoader , that is responsible for loading all memberships for a group or all memberships for a user. We swapped that service for a custom one that queries LDAP instead of querying database. Further, we added a simple caching layer so that a user’s group memberships are cached in that user’s session. // Cache a user’s own groups in their session for fast retrieval. $duration = Drupal::getContainer()->getParameter(‘ldap_directory.dgids_duration’); $this->getPrivateTempStore($account, $duration)->get(‘ldap_directory’)->set(‘dgids’, $dgids); A group membership not only relates a user to a group but also assigns a role to that membership. In our implementation, a member can be a Reader, Contributor, or a Group Admin. We decided to model that by creating a DirectoryGroup content entity, and configuring Group module such that DirectoryGroups can become group content. So, when a new Group is…

moshe
Thu, 12/05/2019 – 16:17