This was way more simple than I expected.
For reference, I have a separate server running my Drupal Installation. The QNAP sits along side it (but not accessible to the web).
I basically just added the LDAP module to the Drupal installation. I also had to install the Entity module for LDAP to use. Then I enabled LDAP functionality bit by bit, testing as I went. The first module was LDAP Servers.
Enabling this resulted in a request to install the PHP LDAP module on the server. Once that was in place, the module would enable. I then set up links back to my LDAP server. The only additional thing I needed on the LDAP server, was a service account for Drupal to bind with (which I created).
Setting up the user relationship was easy:
I set the base DN to my domain name.
Then I set AuthName to be UID AccountName is also set to be UID
The Email attribute is mail
I then set the “Expression for the user DN” to “uid=%username,ou=people,%basedn”
Setting up the group configuration proved the biggest stumbling point. The important bit to get right it that it asks for the Group Object Class, and not the name thing that holds the group. I miss understood the question here initially, especially as my container is called group, and that was one of the examples. What I needed to put in here was posixGroup.
Then I told it only that LDAP Group Entry Attribute was memberuid and the this field actually held the UID.
Once this was done, I could turn it on and test it.
Now I enabled the LDAP User and LDAP Authentication modules.
In the LDAP User module, I just told it to associate accounts together if an LDAP one existed (second option).
I didn’t want two way provisioning, so I have left that unset.
In the Authentication module, I initially left it mixed mode until I was confident it worked, at which point I have moved it to the second authentication option. The rest of this section I have left default.
It was after setting this up that I did my first proper test of everything using another browser to prevent cookie clashes etc.
Once i was 100% sure that I could login as administrator still, and also login as my proper user. Once I was happy with this, THEN I altered authentication to the second mode.
Now I moved on to LDAP Authorization. I enabled this module went to configure it, and found that without a module to use it with it didn’t do much.
So I enabled the LDAP Authorization – Drupal Roles module too. The setup of this module was also very simple. I simply told it to use my LDAP server, and then explained how to map my LDAP groups to the Drupal groups.
The only real fly in the ointment was that I was initially not looking to the groups correctly, as I thought that it was looking for the container of the groups, and not the Object Class of the group.
Once I resolved that all the test worked properly and I have a working system that automatically adds people to drupal if they exist in the LDAP, and also correctly sets up their groups for them.
Very pleased.