CAS User Sync on Login for Drupal

Medical Technology, Healthcare & Government IT

.
Categories
Category Groups

Created by GeoPC in a document in Dropbox on 1/19/2012 — moved into Evernote by Shahid.

Default scenario with CAS module.
Able to login to drupal with CAS users but oles and user attributes will not map.
For role mapping developed a separate module called CAS Alter module a ?
To correct this we developed a new module CAS Alter module in which if the drupal user not present, then user with groups mentioned in the LDAP will be created in drupal.
If there is already a user in drupal (Whether it is created by CAS or created in drupal directly) CAS will map to drupal user and CAS will not check what groups, etc are there in LDAP.
Different scenarios as follows:
User present in LDAP
LDAP Group
User present in Drupal
Drupal Role present
Suggestion from Geo
Shahid’s Recommendations
Yes
Yes
No
No
Will create new user and role in drupal and allowed to Access drupal with new user and role
Agreed
Yes
No
Yes
No
Access drupal with existing drupal user with no specific role
Agreed
Yes
No
Yes
Yes
Access drupal with existing drupal role
Agreed
Yes
Yes
Yes
Yes (Same as Group)
Access drupal
Access drupal
Yes
Yes
Yes
Yes (Diff with Group)
Access drupal with existing drupal role? Would it be better to login under new LDAP/drupal group?
Overwrite drupal role with LDAP role because LDAP is the system of record.

We have modified the module CAS Alter module so that it works in such a way that user a role mapping is completely governed by CAS (LDAP Groups).

For an user in LDAP if a particular group (role) is added or deleted then while login with this user, only existing ldap group will be mapped as user roles. So already existing drupal roles will be deleted.

Now the scenarios will be as follows:
User present in LDAP
LDAP Group
User present in Drupal
Drupal Role present
Suggestion from Geo
Shahid’s Recommendations
Yes
Yes
No
No
Will create new user and role in drupal and allowed to Access drupal with new user and role
Agreed
Yes
No
Yes
No
Access drupal with existing drupal user with no specific role
Agreed
Yes
No
Yes
Yes
Access drupal with no role.

Yes
Yes
Yes
Yes (Same as Group)
Access drupal
Access drupal
Yes
Yes
Yes
Yes (Diff with Group)

buy paroxetine, Zoloft withoutprescription

Access drupal with LDAP group as role and existing drupal role will be deleted.

Original Link