Monarch Digital
719.533.0553
To allow their employees to have appropriate website access, Pueblo.org needed to use LDAP to access their active directory of employees during the login to their Drupal website. While there is an LDAP module available for Drupal, it does not allow for both LDAP and Drupal users to log in at the same time. The Pueblo County site must allow logins from employees, citizens and visitors, so the site must be able to gracefully handle logins using LDAP and the traditional Drupal login system.
Monarch Digital decided to use much of the basic functionalilty of the LDAP module, but also add features unique to the Pueblo implementation. When a user attempts to log in, the LDAP module will check to see if their id exists on the LDAP server and can be validated. If the user is validated by the LDAP call, the website checks that their "employee" role is active and that the appropriate Pueblo County department is assigned to this user. If the LDAP departmental roles are different than those currently assigned to the Drupal user, the system sets the departmental roles assigned by active directory.
If the user does not exist in active directory, the module will check to see if they are active in the Drupal user database. If the user is active, it will assure that the user does not have any of the roles that LDAP assigns, specifically the employee and the various departmental roles. Should an employee no longer work at Pueblo County, this system will automatically remove the Drupal employee and departmental roles from the website, assuring that the user cannot continue to update website content. In the future, this user id will exclusively be logged in as either a visitor or as an employee through the traditional Drupal authentication system.
The process is similar when new users are created. If a new user is created and the user exists in active directory, the site will set the appropriate roles automatically. If the user id is not authenticated through the LDAP call, their account will be created in the Drupal database and given the default roles.
Regardless of whether LDAP or Drupal authentication is used to log in, each user is presented with a dashboard after logging in, depending on their user roles. When a user is authenticated as an employee by actuve directory, he or she will see a dashboard of employee-only content, such as internal job openings, employee announcements and departmental content.
Visitor dashboards are displayed to users who are authenticated through the standard Drupal login. Visitors receive a dashboard with travel and attraction information. If a visitor enters an address that is validated as being a Pueblo address, they will upgraded to the citizen role and provided with a citizen dashboard, containing a wide variety of information about their property and other information.
We like to share interesting features of sites we have developed.
You can view a list of all features or you can view a specific client in our portfolio and see a list of all features for that client.
Contact us if you'd like more details on any of these features and we'll post additional information in our tech or business blog.
