JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

This forum is for general questions about extensions for Joomla! 2.5.

Moderators: pe7er, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
thiagofasano
Joomla! Apprentice
Joomla! Apprentice
Posts: 21
Joined: Wed Sep 29, 2010 7:30 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by thiagofasano » Sun Jul 06, 2014 11:13 pm

Hello Congratulations and thanks for this great extension!

I Already have LDAP authentication work correctly. But the setting through the SSO is failing when active SSO-DicretoryLDAP. The error that appears is exactly this:

SSO-Debug:
2014-07-05T13: 06:50 +00:00 15068 No SSO detection plug-ins found.

ldap-Debug:
2014-07-06T23:06:45+00:00 101 Attempting connection to LDAP with host XX
2014-07-06T23:06:45+00:00 101 Successfully connected to XXX. Setting the following parameters: ldapV3
2014-07-06T23:06:45+00:00 101 Successfully connected.
2014-07-06T23:06:45+00:00 101 Closed connection.

Could you help me?

The authentication LDAP work perfectly out SSO.

My server:
XAMPP Win32-1.8.3-4-VC11-installer
Windows Server 2008 R2 Enterprise Edition Service Pack 1
Apache/2.4.9 (Win32) OpenSSL/1.0.1g
PHP 5.5.1
Joomla 3.3.1
Active Directory

Thx.

krj10
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Thu Apr 12, 2012 10:29 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by krj10 » Tue Jul 08, 2014 12:44 am

First, Thank you for this great extension.

I have a issue that I need to fix, if anyone can help me please.

The extension works well and create users in joomla, but when the person are logged in server and enter in joomla at his first time he gets a 500 error, if he reload then he is now automatically logged and everything works well without any other problems, but I need to stop this 500 error at users first login.

The 500 error page do not give me any other detail. I checked, despite the 500 error the user is created in the first login.

Thank you.

I am in Windows Server 2012 -Joomla 3.2.4 - with PHP 5.4.24

MrFreezer
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Tue Jul 13, 2010 10:00 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by MrFreezer » Wed Jul 09, 2014 8:34 am

a friendly Warnung to everybody using joomla 3.3

it seems like the update from 3.3.0 to 3.3.1 broke the Group mapping inside the ldap-module.

first i suspected my ldap-installation but i took another joomla which is still @ 3.2.x and installed the shmanic ldap modules - and it works like a charme.

User avatar
Kiran cheema
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 153
Joined: Fri Nov 23, 2007 11:18 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Kiran cheema » Wed Jul 09, 2014 8:42 am

@MrFreezer I have it working fine in a 3.3.1 install... i did notice that the auto updater didn't update all the shmanic compoments to the latest version? I did a manual update with the latest package from the site and it all seemed to work fine again.

MrFreezer
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Tue Jul 13, 2010 10:00 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by MrFreezer » Wed Jul 09, 2014 9:02 am

hmm i'll give it a try and Report.

Classfan
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Mon Jul 07, 2014 1:26 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Classfan » Wed Jul 09, 2014 9:31 am

Hello,

I'm using Joomla 3.3.1 and these plugins/components 2.0.1.16.

Actually the LDAP-login works fine with AD on a Windows Server 2008 R2. But is there a way to change the attributes this plugin uses to login a AD-user?

It currently uses his username and his password. I'd like to change the username attribute to the sAMAccountName attribute. Why? If a user logs in into Windows he also uses this attribute instead of the username. Would be great if someone could tell me how i can change this because username and sAMAccountName are different on our AD.

User avatar
Kiran cheema
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 153
Joined: Fri Nov 23, 2007 11:18 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Kiran cheema » Wed Jul 09, 2014 12:30 pm

@Classfan

you can define those attributes in the LDAP connection settings : go to components > shmanic LDAP > LDAP host configurations. select you connection... you will find the mapping attributes in there

Classfan
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Mon Jul 07, 2014 1:26 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Classfan » Wed Jul 09, 2014 1:08 pm

Well, thanks for the help @Kiran cheema.

I've checked my mapping setting now again, but i can't find where my mistake is.
That are my mapping settings:

Map User ID *: sAMAccountName
Map Full Name *: sAMAccountName
Map Email *: mail
Password Attribute: unicodePwd
Password Hash: unicode
Password Prefix: no

If i login by using the method with the AD-username, a joomla user ist created after successfull login. The name is like the sAMAccountName there, but i can't login somehow..


While writing this i've tested some things to get this to work. I think I know now why i can't login with the created joomla-user. I checked the database of my site and i could see that the user has no password. If i set a password for the user through the database, i can login.

Usually the plugin should grab the password from AD and save the password of the user in the database. Am I right with that?

As I said, I'm using AD, but is the password-mapping that i posted above not correct? I don't know what i should change there..

User avatar
Kiran cheema
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 153
Joined: Fri Nov 23, 2007 11:18 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Kiran cheema » Wed Jul 09, 2014 1:19 pm

there is a setting somewhere that sets "null password" (yes/no option ) in components > shmanic config i think . I always have it to null and it works fine ... do you have any plugins active e.g. the profile or mapping plugings? check that they are not set to abort on login( i.e. abort if sync fails)

Classfan
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Mon Jul 07, 2014 1:26 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Classfan » Wed Jul 09, 2014 1:33 pm

I've checked my settings from the options you posted and changes them now to this:

Null password: Yes
Abort Login: No

Only the "Deletion" and "Injection" Plugin are now deactivated. The rest of the ldap plugins are activated.

Tested again, still the same. I can login by using the AD username, not the sAMAccountName. After that successfull login the joomla user gets created. The name there is like the sAMAccountName, like in the mapping settings. And there's still no password..

what now?

User avatar
Kiran cheema
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 153
Joined: Fri Nov 23, 2007 11:18 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Kiran cheema » Wed Jul 09, 2014 1:52 pm

to get the password saved : Null Password = no

also check all instances of abort login

plus disable the password and creation plugins

the only ones you need (to start with) are the platform , authentication -user adapter (and maybe profile) disable everything else and then add them back in one by one

Classfan
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Mon Jul 07, 2014 1:26 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Classfan » Wed Jul 09, 2014 2:12 pm

Even if I set Null Password to No, theres still no password saved. (btw, the AD-user has a password)

Tried it with the plattform, the authentication-adapter and the profile plugins enabled. All other where disabled.
Tried to login, everything is still like before.. (except that the user is now in the default-group, because of the deactivated group mapping plugin)

Tried it then with the profile plugin deactivated too. No difference..

User avatar
Kiran cheema
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 153
Joined: Fri Nov 23, 2007 11:18 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Kiran cheema » Wed Jul 09, 2014 2:36 pm

er running out of suggestions!
is the user autoregister set to override - true?
you could try re-ordering the authentication plugins to have the LDAP one first then the joomla one?

Classfan
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Mon Jul 07, 2014 1:26 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Classfan » Thu Jul 10, 2014 7:05 am

Autoregister ist set to override - true.

Tried several orderings. LDAP one first, joomla one first, joomla one disabled...

It's still the same, exactly the same as before..

I don't know what i could change to get it to work correctly.

Classfan
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Mon Jul 07, 2014 1:26 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Classfan » Mon Jul 14, 2014 1:43 pm

Hey Guys,

I just wanted to say that i could get it working. I can login now by using the sAMAccountName with the password from AD. My User DN/Filter was wrong.

But there's one thing that still confuses me.. The password does still not get saved in the database of Joomla. Even after a successfull login, everything gets mapped like it should, except for the password. I'm wondering now, is that even possible?

And I have another question. After getting the ldap-part working, i tried the sso part. Configured all plugins and enabled them and tested it, but it didn't work.

I tried it then with the sso-dummy plugin. I enterd the AD username that I'm currently logged in on Windows and tried then to visit the website. The sso worked now.

The I tried to disable the sso-dummy again, visited the website and I wans't logged in. Then I ckecked the sso.debug.php:

Code: Select all

No SSO detection plug-ins found.
This line comes up everytime i try to visit my website with enabled sso. That means that it can't detect the User that is logged in windows, right? How can i fix that?

Some infos:
OS: Windows xp
Webserver: Apache from xampp. Running on same computer.
User-key in SSO-HTTP-plugin: REMOTE_USER

User avatar
Kiran cheema
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 153
Joined: Fri Nov 23, 2007 11:18 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Kiran cheema » Mon Jul 14, 2014 1:55 pm

With Ldap there is no need to keep local copy of the password the system checks the AD everytime to confirm the password is current.

With sso you need to make sure your server is configured for it and it mostly works with Internet explorer you may need plugin for Firefox

Classfan
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Mon Jul 07, 2014 1:26 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Classfan » Mon Jul 14, 2014 2:16 pm

Hmm good to know. Thanks for the help for ldap. ;)

I already installed the plugin for firefox. I tried it also with internet explorer but it didn't work with that too.

Do you know any tutorial or something how i can configure my xampp server to let it allow sso?
I already found some, but you had to install some modules to the server, that seem not to work with the current version of apache. These threads that i found were already some years old..

Xampp 1.8.2 / PHP 5.4.27

thiagofasano
Joomla! Apprentice
Joomla! Apprentice
Posts: 21
Joined: Wed Sep 29, 2010 7:30 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by thiagofasano » Mon Jul 14, 2014 4:04 pm

Please, someone already went through this? any tips?
thiagofasano wrote:Hello Congratulations and thanks for this great extension!

I Already have LDAP authentication work correctly. But the setting through the SSO is failing when active SSO-DicretoryLDAP. The error that appears is exactly this:

SSO-Debug:
2014-07-05T13: 06:50 +00:00 15068 No SSO detection plug-ins found.

ldap-Debug:
2014-07-06T23:06:45+00:00 101 Attempting connection to LDAP with host XX
2014-07-06T23:06:45+00:00 101 Successfully connected to XXX. Setting the following parameters: ldapV3
2014-07-06T23:06:45+00:00 101 Successfully connected.
2014-07-06T23:06:45+00:00 101 Closed connection.

Could you help me?

The authentication LDAP work perfectly out SSO.

My server:
XAMPP Win32-1.8.3-4-VC11-installer
Windows Server 2008 R2 Enterprise Edition Service Pack 1
Apache/2.4.9 (Win32) OpenSSL/1.0.1g
PHP 5.5.1
Joomla 3.3.1
Active Directory

Thx.

Classfan
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Mon Jul 07, 2014 1:26 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Classfan » Wed Jul 16, 2014 8:24 am

SSO is working now too for me. I had to add the module "mod_authnz_sspi.so" to apache. Then it worked fine. :)

Here's the code I had to add to the httpd.conf:

Code: Select all

LoadModule authnz_sspi_module modules/mod_authnz_sspi.so 
LoadModule php5_module "c:/xampp/php/php5apache2_4.dll"

<Directory "c:/xampp/htdocs/WEBSITE">
Options None
AllowOverride All
Order allow,deny
Allow from all
#AuthName "SSPI Protected Place"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
SSPIOmitDomain Off
Require valid-user
</Directory>
You have to replace "WEBSITE" with the correct name..

@thiagofasano

as you're getting the error "No SSO detection plug-ins found." too, you may also have to add a plugin to your webserver. As you're running on a xampp on windows, maybe my short tutorial helps you out.

thiagofasano
Joomla! Apprentice
Joomla! Apprentice
Posts: 21
Joined: Wed Sep 29, 2010 7:30 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by thiagofasano » Wed Jul 16, 2014 1:15 pm

Thanks for your help.

Through his tutorial plugin SSO-HTTP works internally.
But when access is external, it asks username and password through a box of the browser.

How do I get show login joomla for external access? Thanks for your help.

Obs.: The setting to my intranet site is offline so that only registered users to access.

see the image with error.
accessExternal.jpg
You do not have the required permissions to view the files attached to this post.

lt450
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Tue Jul 22, 2014 10:27 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by lt450 » Tue Jul 22, 2014 10:32 pm

[SOLVED] - nevermind, it throws an error on the backend when you test/debug but appears to work fine on the front end.

ssemegran
Joomla! Apprentice
Joomla! Apprentice
Posts: 19
Joined: Fri Jul 14, 2006 1:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ssemegran » Tue Aug 05, 2014 3:56 pm

I contacted Shaun about this but I thought I'd post here too, for future reference:

I have an issue using your SSO plugin that I was hoping you could assist with. I'm using JmapMyLDAP ver 2 on the following setup:

Joomla! 3.3.3
Windows Server 2008 R2 Enterprise Edition Service Pack 1
MySQL 5.6.18
PHP 5.3.28
Apache 2.2.25

I have successfully configured for SSO and LDAP. When I browse to the frontend, my login module (I use CB Login for Community Builder) shows that I'm logged in properly. But when I click the edit link for an article, the page reloads without showing the text editor. When I disable the SSO - HTTP plugin then click the edit link for an article, the text editor does appear properly and I can edit the article. When I re-enable the SSO - HTTP plugin, then I can't edit articles again.

Here is some info from the sso.debug.php file:

2014-08-05T14:03:10+00:00 15066 Successfully detected user 'xxxxxxx' using SSO plug-in 'PlgSSOHTTP'.
2014-08-05T14:03:10+00:00 12612 Successfully logged in user 'xxxxxxx'.
2014-08-05T14:03:10+00:00 15079 Successfully logged in user 'xxxxxxx' via SSO.
2014-08-05T14:03:11+00:00 15066 Successfully detected user 'xxxxxxx' using SSO plug-in 'PlgSSOHTTP'.
2014-08-05T14:03:11+00:00 12612 Successfully logged in user 'xxxxxxx'.
2014-08-05T14:03:11+00:00 15079 Successfully logged in user 'xxxxxxx' via SSO.
2014-08-05T14:03:11+00:00 15068 No SSO detection plug-ins found.

'xxxxxxx' is my username (so that's correct). What does it mean by 'No SSO detection plug-ins found.'?

Any help would be greatly appreciated.
Thanks!
Scott

MrFreezer
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Tue Jul 13, 2010 10:00 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by MrFreezer » Tue Aug 26, 2014 8:06 am

Kiran cheema wrote:there is a setting somewhere that sets "null password" (yes/no option ) in components > shmanic config i think . I always have it to null and it works fine ... do you have any plugins active e.g. the profile or mapping plugings? check that they are not set to abort on login( i.e. abort if sync fails)
the Problem is that i Need the exact opposite... i must have Passwords (or at least ANY string) inside the Password-field.

and the other Thing is that the plugin still acts as a showstopper when there is no account in the ldap and i add another user inside joomla (which on purpose is not injected into the ldap) while being logged in with an ldap-account.

Background is we got several Portals which we administer with a Team of 5 admins and several Project guys and salespeople. and we neither want to add the accounts to the sites everytime a new site or Person is added as well as we do not want to Keep the Passwords in sync over 20 or more sites.

but since every site is for another Client, we also Need "local" users for them and for now we prefer to Keep them inside the joomlas.

MrFreezer
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Tue Jul 13, 2010 10:00 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by MrFreezer » Tue Aug 26, 2014 8:10 am

Kiran cheema wrote:With Ldap there is no need to keep local copy of the password the system checks the AD everytime to confirm the password is current.
be ensured, there is ;)

in fact it does not have to be a valid Password hash but "anything" for several things to work.

911technohill
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed Sep 10, 2014 5:38 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by 911technohill » Wed Sep 10, 2014 6:03 pm

I receive a failed to bind ldap user message when I do not have the User DN/ Filter field match the distinguished name field in AD exactly. The problem seems to be the CN. In AD the distinguished name is in the following format, CN=Smith\, Steve,OU=IT,DC=test,DC=org. What can I put in the User DN field to get this to work for eveyone in the IT OU? Thanks in advance for your help. I tried the following and it did not work, (sAMAccountName=[username]),OU=IT,DC=test,DC=org.

Travis

redcloud2
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Thu Sep 18, 2014 5:31 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by redcloud2 » Thu Sep 18, 2014 6:32 pm

Well, Have spent all day trying to make this work with sso so if anyone have any tips I would be most grateful. I have a joomla 1.7 site on ubuntu. I am using version 1 off the plugin. I have successfully got ldap to work so I can login to joomla with ad login. I have also set up apache so I can se the REMOTE_USER in php info. I have created keys and tried it with the klist command. This works. The dummy sso plugin works as well.

However I just do not understand how to get the sso working. I get a login pop up on my site all the time. I use kerberos in apache but just do not get what should be in the apache file. In php info I can see my username and my domain.

Maybe anyone can assist me?

davkenrem
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Thu Sep 11, 2014 3:28 pm

Please delete

Post by davkenrem » Tue Sep 23, 2014 8:04 pm

please delete

User avatar
Kiran cheema
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 153
Joined: Fri Nov 23, 2007 11:18 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Kiran cheema » Wed Oct 01, 2014 9:47 am

Just a bit of learning ... if your overide false isn't working in the JMapMyLDAP config settings check the joomla user plugin and switch of auto register in there as well... took me around 4 hours before I figured it out

Might be a bit of a bug - I had assumed that Override false would override the other plugin but it still created users from the front end .... I was planning on using the ldap_cron as a nightly job so didn't want the users to be auto created on the fly ...

Hobbes99
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Sun Sep 12, 2010 10:56 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Hobbes99 » Thu Oct 02, 2014 3:01 pm

Hi there,

I'm having some trouble getting this extension to work over HTTPS - does anyone have any experience with this?

What I'm using:-
  • Joomla 3.3.6
  • Apache 2.4
  • PHP 5.5
  • MySQL 5.5
  • JMapMyLDAP v2.0.2.2 (this is NOT a thoroughly tested/stable release, but resolves a critical issue I was unable to circumvent with v2.0.1.6)
  • Connecting to a Windows Server with Active Directory
The problem I'm having:-
My site has recently changed from running on HTTP to exclusively using HTTPS/SSL.

On my test environment, using an exact copy of our live site (but running on HTTP) JMapMyLDAP works perfectly. I can connect to our AD Windows server, pull user data and have Joomla automatically create Joomla user accounts when an AD user logs in to the site.

On the live site (running on HTTPS), attempting to log into the site returns the message "Username and password do not match or you do not have an account yet." and a user account is NOT created by Joomla.

However ... if I test the connection by going to COMPONENTS > SHMANIC LDAP > LDAP HOSTS CONFIGURATION > (HOST NAME/RECORD), the test/debug feature is able to pull a user's data from the remote AD server without any problems. It works whether I test using a regular connection on port 389 OR if I connect via SSL using port 636. So if this test works flawlessly, why is a Joomla account not created when I attempt to login?!

Very confused. Any pointers or ideas as to how I can further debug this issue would be much appreciated ...

User avatar
Kiran cheema
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 153
Joined: Fri Nov 23, 2007 11:18 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Kiran cheema » Thu Oct 02, 2014 6:43 pm

Is autocreate enabled? And have you tried enabling the messages in the shlog plugin? (Or checked the log files for messages?)


Locked

Return to “Extensions for Joomla! 2.5”