Joomla! Forum - community, help and support

I'm using 1.0.5. Where do I find 2.0 Alpha? Do I need to replace all of your plugins or just the SSO ones?

Version 2.0 is on Git (you'll need to build the packages yourself, or alternativly I can email it - instructions are a few posts back). Yes, you would need to replace them all.

OK, hang fire, got a bit of work to do then I will test version 1's SSO on the latest CB with 3303.patch and see if I get the same issues. It could be a trivial problem like a missing flag in the onUserLogin(). I'll get back soon.

This is certainly a problem with the SSO portion.

I can confirm that mapping + authentication after setting a few CB settings works fine after typing in username & password manually, even on first login. This is for version 1.0.5.

Not sure where the problem is in CB's code, but I came across something I was thinking would fix the issue - http://www.joomlapolis.com/forum/40-cb- ... s-with-sso - that plugin, though requires updating a bit, will insert a new entry into CB's profile table.

Thanks, Shaun. I'll have a look at that plugin tomorrow and report back.

Decided to try it before bed! It didn't work.

^^ did you modify it at all?

Is it even adding the entries to the table?

Wait a moment, I forgot I now have a site with CB in. I will test it as well.

Edit: wow, I just re-wrote it from scratch. Damn, that was really old code. Here we go http://shmanic.com/media/file.php?proje ... create.zip - seems to activate fine for me on SSO now .

If you can test it and all works, then I'll create a doc for it on the site.

Sorted! Thanks very much for all your help.

Cool. No probs. I will produce a doc for this at some point.

@crony - cheers for the review

Hey Shaun - Hoping you can help me. I need a way to sync the user list in AD with the user list in Joomla!. I have the integrated plugin configured and i can log in as domain users just fine, but i want to have users and groups and access all squared away before i go live. I can't log in with each individual user as there are over 200+ accounts. Is there any way your program can do this? To rephrase, i want to click something that automatically copies AD users into my J users list. Thanks in advance!

Also, forgot to add that SSO really won't work for me, as we have several 'general' AD login accounts for shared computers, but each user has their own AD login.

-Steve

Yes and No. Yes in the sense that the version 2 alpha framework I'm building for the next release of jmmldap can support on-demand sync. No in the sense that you would need to create a script that searches for the LDAP users from a base_dn then execute the ldap plugin onLdapSync() event.

That is a confusing answer, but basically I plan to have this as an "out of the box" feature in version 2's stable release. However, don't expect a stable version for sometime yet. I have a final year project to complete as well as a set of exams in a months time.

You could have a go at building something based on what is already there https://github.com/ShMaunder/JMapMyLDAP - there is still a lot of changes required to lower the dependencies within some of the libraries. In fact I really want to implement namespaces and an autoloader though I will restrict the extension to PHP 5.3+ which may not be a good idea.

Does version 2 have the ability to sync other AD fields to CB profiles? It would be great to pull over phone number, job title and department.

I am about to pull my hair out in regards to this >< I have run your debug script to make sure I am putting everything in correctly and I receive a full report that shows my information and mappings.

When I go to Joomla and input the same information, I get the following error:

JLDAP2: Could not get dn for username '[email protected]'. Check user dn/filter parameter and the authenticating user exists. LDAP reported: Success

no matter what I do, it does the same thing. My settings are as follows:
LDAPv3: yes
Start TLS: No
Follow Referrals: No
Host: xxxxxxx.local
Port: 389
connect user: xxxxxxx\administrator
password: xxxxxxxxxxx
Use Search: Yes
Base DN: dc=xxxxxxx,dc=local
User DN/Filter (sAMAccountName=[username])
map user name: sAMAccountName
Map Full Name: displayName
Map Email: mail

I have been working on variations of usernames and such to try and get this working for over a week now with no luck.

I am the server admin but the server was setup by other people and not sure if something in the group policy is blocking it.

Pleas help

I'm using name instead of displayName, but either should be ok. The rest of my settings are exactly the same as yours and it's working. Is your email field in AD populated? If it isn't you will need to replace mail with a dummy value such as [username]@xxxxxxx.local

Nick,

Thank you for pointing the email out to me!

In AD, the email field was populated with the employees correct email. But since the companys internal domain is not the same as our email, it was breaking so to speak.

I changed the users email in AD to reflect the internal Domain and people were able to log in with their windows username and password. Thank you!!

Barbie

I've tried everything, but no way, I've installed a new server and test against two different AD one W2k and W2k3,and no success. Could be a problem at Domain or OS configuration?

This is the config:

LDAP V3
Host: 10.10.11.2
Port: 389
Connect User: mydomain\administrator
Connect Password: password
Use Search
Base DN: DC=mydoamin,DC=local
User DN/Filter: sAMAccountName=[username]
Map User ID: sAMAccountName
Map Full Name: name
Map Email: mail
Test User: administrator
Test Password: password

Joomla 2.54 (new install) on Centos 6.2

And get this message from PHP LDAP debug:

:: PHP LDAP Debug V1.05 Script Started ::
Attempting to bind to LDAP server using connect username and password...
LDAP bind successful.
Attempting to use search to find user...
Failed: search has been used but 'sAMAccountName=Administrator' is NOT a filter. Check this for more information.

You are missing the brackets around your User DN/Filter. It should be:

(sAMAccountName=[username])

Thanks it works

Another question, in Joomla I must create the users or there is a way to import (sync from AD) fron the AD

Thanks

If you implement the full JMapMyLDAP suite (http://shmanic.com/tools/jmapmyldap/) you will get:

Automatic Joomla user creation
AD to Joomla security groups mapping
Authentication with password sync
Single sign on

I must disable Joomla Native LDAP suppoprt plugins?

Thanks for your help.

Yes. Just follow the guides here: http://shmanic.com/tools/jmapmyldap/guide.htm

Many thanks, I got it working, users are created, but not assigned to the Mapping List group, always go to Registered Group, what could be wrong? here is the configuration:

For a test_joomla user from LDAP Debug Tool I get:
dn CN=test_joomla,OU=Sistemas,OU=Division,OU=Usuarios,DC=mydomain,DC=local

User - JMapMyLDAP
Use Group Mapping Yes
Allow Additions Yes
Allow Removals Yes&Default Managed
Unmanaged Groups 1;2;8
Public Group 1
Mapping List (try following options)
cn=Domain Users,OU=Sistemas,OU=Division,OU=Usuarios:10
cn=Users,OU=Sistemas,OU=Division,OU=Usuarios:10
OU=Sistemas,OU=Division,OU=Usuarios:10
Lookup Type Forward
Lookup Attribute memberOf
Lookup Member dn
Use Recursion Yes
DN Attribute distinguishedName
Max Depth 0

I just use AD Groups, e.g.:

CN=HR Content Manager:9
CN=HR:10
CN=Directors:15

I also have recursion set to No.

Hi Guys,

I'm planning an SSO project for a client whereby Joomla 2.5.4 will be used for their internal intranet type purposes however the site is hosted outside of their firewall on our servers.

They are looking to use Oracle Enterprise Single Sign-On to manage all their SSO requirements (http://www.oracle.com/technetwork/middl ... 86728.html).

Can anyone please let me know if:
1) you have worked with this Oracle product?
2) if you think it will work with JMapMyLDAP Joomla extension?
3) if you think it will work with a joomla installation on the web (i.e. outside of the company's firewall and network infrastructure?

Any help and advice is greatly appreciated.

Kind regards.

afrugone wrote:Many thanks, I got it working, users are created, but not assigned to the Mapping List group, always go to Registered Group, what could be wrong? here is the configuration:

For a test_joomla user from LDAP Debug Tool I get:
dn CN=test_joomla,OU=Sistemas,OU=Division,OU=Usuarios,DC=mydomain,DC=local

User - JMapMyLDAP
Use Group Mapping Yes
Allow Additions Yes
Allow Removals Yes&Default Managed
Unmanaged Groups 1;2;8
Public Group 1
Mapping List (try following options)
cn=Domain Users,OU=Sistemas,OU=Division,OU=Usuarios:10
cn=Users,OU=Sistemas,OU=Division,OU=Usuarios:10
OU=Sistemas,OU=Division,OU=Usuarios:10
Lookup Type Forward
Lookup Attribute memberOf
Lookup Member dn
Use Recursion Yes
DN Attribute distinguishedName
Max Depth 0

afrugone,

have you got the mapping working yet? I'm having the same issue. please share if you have solved the problem.

Thanks!

I Made two mistakes:

1.- First mistake was to omit brackets in (sAMAccountName=[username]), the brackets () must be included.
2.- Associate 'cn' parameter to and OU, but must groups:
I create two test groups testgroup and JoomlaAdmins, and assign mappings to these groups:
cn=testgroup,OU=Usuarios:9
cn=JoomlaAdmins,OU=Usuarios:7
'cn' are associated to groups.

For this test I used windows 2003 AD.

I don't try SSO, it requires configuration at user's computers, and for me this is more difficult to manage with about 200 users.

I' hope this help you.

afrugone wrote: I don't try SSO, it requires configuration at user's computers, and for me this is more difficult to manage with about 200 users.

Only with Firefox, IE doesn't.

And work's with Chrome?

afrugone wrote:And work's with Chrome?

It looks like Chrome does need some client side work:

http://ben-tech.[URL banned].co.uk/2011/09/ ... ation.html

Interesting, I'll try to use SSO. Thanks