Vocubulary of LDAP Authorization and its Code ---------------------- "Consumer" ---------------------- The "consumer" or entity that authorization is being granted. Examples: Drupal role, Organic Group group ---------------------- "Consumer Type" ---------------------- Machine ID of a consumer. This is used in naming conventionss. Examples: drupal_role, og_group ---------------------- "Consumer Module" ---------------------- The module that bridges ldap_authorization and the consumer. It needs to (1) provide a class: LdapAuthorizationConsumer and (2) implement hook_ldap_authorization_consumer. Examples: ldap_authorization_drupal_role ---------------------- "Authorization ID" aka "Consumer ID" ---------------------- The id of an individual authorization such as a drupal role or organic group. Examples: "authenticated user", "admin" (for drupal roles) Examples: "knitters on skates", "vacationing programmers" (og group names for organic groups) ---------------------- "Consumer Configuration" ---------------------- Configuration of how a users ldap attributes will determine a set of Consumer ids the user should be granted. Represented by LdapAuthorizationConsumerConf and LdapAuthorizationConsumerConfAdmin classes and managed at /admin/config/people/ldap/authorization. Stored in ldap_authorization database table. --------------------- LDAP Server Configuration --------------------- Each Consumer Configuration will use a single ldap server configuration to bind and query ldap. The ldap server configuration is also used to map the drupal username to an ldap user entry. ---------------------- LDAP Authorization data storage: --------------------- Authorization data is stored in user->data array such as: $user->data = array( 'ldap_authorizations' => array( 'og_group' => array ( '3-2' => array ( 'date_granted' => 1329105152, ), '2-3' => array ( 'date_granted' => 1329105152, ), ), 'drupal_role' => array ( '7' => array ( 'date_granted' => 1329105152, ), '5' => array ( 'date_granted' => 1329105152, ), ), );