The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 338 posts ]  Go to page Previous  1, 2, 3, 4, 5 ... 12  Next
Author Message
PostPosted: Tue Oct 25, 2011 12:40 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Mon Oct 24, 2011 5:30 am
Posts: 2
ShMaunder wrote:

@Spudda
Sounds like you've not enabled "SSO - HTTP" ?


It was enabled so i uninstalled the SSO plugins and then reinstalled and reconfigured. Not getting the plugin error anymore but SSO still isnt working.

Will keep plugging away to see if i can get this resolved.


Top
 Profile  
 
PostPosted: Tue Oct 25, 2011 11:46 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Sep 02, 2005 8:52 pm
Posts: 11
Somehow it started working yesterday...no reboots at all


Top
 Profile  
 
PostPosted: Wed Oct 26, 2011 7:47 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Oct 26, 2011 7:44 am
Posts: 1
i get this error when try to log in
LDAP FAILURE: JLDAP2: Could not get dn for username 'xxxxxxx'. Check user dn/filter parameter and the authenticating user exists. LDAP reported: Success
what's wrong with my configuration ?


Top
 Profile  
 
PostPosted: Wed Oct 26, 2011 7:46 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
@Spudda
Not by any chance are you using IIS? I still have some open bugs with IIS HTTP which I haven't got round to fixing. This involves case sensitive and backslash issues for the replacement parameter http://joomlacode.org/gf/project/jmapmy ... m_id=26858

@adikusdianto
If you're using search then your filter specified in 'User DN/Filter' parameter isn't returning results. If you're not using search then your dn specified in 'User DN/Filter' parameter is wrong. What LDAP server are you using?


I've put this up http://shmanic.com/tool/jmapmyldap/?id= ... bug-method to help with setting up the authentication with "instant feedback". It's not 100% but should help setup the authentication plug-in much quicker.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Sat Oct 29, 2011 6:19 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Oct 11, 2011 2:54 am
Posts: 6
Hello

I am running into the same issue as barnic discussed earlier. Users are mapped to only registered group. My site is running on IIS, PHP 5.3.8 and Joomla 1.7 and the authentication plugin is working with the following parameters:

LDAP V3 Yes
Start TLS No
Follow Referrals No

Connect User domain\username
Connect Password *******

Use Search Yes
Base DN DC=domain,DC=LOCAL
User DN / Filter (sAMAccountName=[username])

Map User ID sAMAccountName
Map Full Name name
Map Email email

Joomla LDAP is disabled and Auth and User JMapMyLDAP plugins are enabled. Authenticated user is created but only the registered group is added to the user account.

User parameters are:

Authentication Plugin jmapmyldap
Auto Register Yes
Sync Name No
Sync Email No

Use Group Mapping Yes
Allow Additions Yes
Allow Removals No
Unmanaged Groups 1;2;8
Public Group 1

Mapping List CN=Users,DC=domain,DC=LOCAL:25
(I want any user of the domain to map to group named Empoyee which has ID 25)
Lookup Type Forward
Lookup Attribute memberOf
Lookup Member dn

Use Recursion Yes
DN Attribute name
Max Depth 0

Here is the debug output:

ldap: JMapMyEntry Object ( [rdn:protected] => Array ( [count] => 4 [0] => cn=lastname\2c firstname [1] => cn=users [2] => dc=domain [3] => dc=local ) [dn:protected] => CN=lastname\, firstname,CN=Users,DC=domain,DC=LOCAL [valid] => 1 [groups:protected] => Array ( ) [_errors:protected] => Array ( ) [username] => Array ( [0] => fullname ) [fullname] => Array ( [0] => lastname, firstname ) [email] => Array ( [0] => email@domain.com ) )

compared: Array ( )

Any help is appreciated. Thank you


Top
 Profile  
 
PostPosted: Mon Oct 31, 2011 3:43 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Apr 15, 2011 12:46 am
Posts: 13
Hello,

I use Active Directory and IIS7 and am getting the following message when using the PHP Ldap Debug.

----------------------------------------------------------------------------
:: PHP LDAP debug script started ::

Attempting to bind to LDAP server using connect username and password...
LDAP bind successful.

Attempting to find user based on userdn and username...
Successfully found user

Attempting to logon with user test@DOMAIN.com ...
Successfully logged on with user

Attempting to retrieve all user attributes and print them...

Failed to retrieve user attributes

:: PHP LDAP debug script finished ::
----------------------------------------------------------------------------

I have configured LDAP with the following:

LDAP V3 Yes
Start TLS No
Follow Referrals No

Connect User domain\username
Connect Password *******

Use Search No
Base DN DC=domain,DC=com
User DN / Filter [username]@domain.com

Map User ID sAMAccountName
Map Full Name displayName
Map Email email

I can successfully authenticate using the default Joomla LDAP plugin, however it is the SSO and group mapping that i need, hence why I would like to get this plugin working. Any suggestions? Thanks in advance


Top
 Profile  
 
PostPosted: Mon Oct 31, 2011 10:10 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
I've just updated the LDAP debug tool as it had quite a lot of bugs when not using search. It also has far better error strings and such.

@epttmacias & @barnic
I'm trying to get my head around exactly what is going on here. I'm finding it hard without being able to debug in the environments. Can both of you re-try the LDAP debug tool here http://shmanic.com/tool/jmapmyldap/?id= ... bug-method as I need to determine if PHP is picking up your groups.

If PHP is picking up your groups then I can simulate them here and find the bug.

Edit: actually on second looks, this could be problem with escape characters. Let me investigate...


@itstaff
Can you get the latest LDAP debug tool (PHP LDAP Debug V1.0.3) and try it again.


Just on the off chance, if you're using AD, then try port 3268 (global catalog).

I will try to be more proactive with these problems; though I currently have a very full schedule.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Mon Oct 31, 2011 10:59 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Apr 15, 2011 12:46 am
Posts: 13
Hello,

Thankyou for such great response time. I downloaded and tried the new ldapdebug and receive the following now.

:: PHP LDAP debug V1.03 script started ::

Building full User DN based on 'User DN/Filter' and 'Test User'...
Appears to have been successful

Attempting to logon with user test@DOMAIN.com ...
Successfully logged on with user

Attempting to retrieve all user attributes and print them...


Warning: ldap_read() [function.ldap-read]: Search: Invalid DN syntax in C:\inetpub\wwwroot\intranet\ldapdebug.php on line 39

Failed to retrieve user attributes.


:: PHP LDAP debug V1.03 script finished ::

Also the same when trying port 3268 as suggested.

Thankyou in advance


Top
 Profile  
 
PostPosted: Mon Oct 31, 2011 11:24 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
hmm, I think the major difference between the inbuilt and JMapMyLDAP authentication is the use of ldap_read() in place of ldap_search().

After a Google of the invalid dn syntax error, it says that it might be related to apostrophe use; which relates to the escape characters. I'm trying to reproduce this right now. Does your test user use any special characters inside the DN or any other attribute?

Edit: Just realised what you have inserted as a "User DN/Filter". You really need to be using search to find your user like:
Search: On
User DN/Filter: (sAMAccountName=[username])

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Tue Nov 01, 2011 12:35 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Apr 15, 2011 12:46 am
Posts: 13
Fantastic! Amazing work. I had tried with search on and that particular User DN/Filter, however I had not put the start and end brackets around it. oops.

So now I am playing with SSO and having some difficulty. Does it work with Firefox?

For the user key in SSO - http plugin I have tried REMOTE_USER AND AUTH_USER and no luck.

Username Replacement: DOMAIN\;@DOMAIN.com
IP Rule: Allow all

I have found in phpinfo the following lines:

_SERVER["REMOTE_USER"] no value
_SERVER["AUTH_USER"] no value
_SERVER["USERNAME"] CAVSERVER51$ (my test server)

I'm not really sure what i'm looking for here.

Also the System - JSSOMySite plugin is enabled and IP rule is allow all.

IIS authentication has been set to Anonymous Authentication enabled and Windows Authentication enabled. Any hints where I could possilby be going wrong?

Once again thankyou for your time.


Top
 Profile  
 
PostPosted: Tue Nov 01, 2011 1:26 am 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
Turn on integrated windows authentication then, turn off anonymous access should do the trick. This is as long as the IIS server is a member of the authenticating domain and you aren't using the server to browse locally.

Once you've done this then the $_SERVER[REMOTE_USER] should populate. Both Firefox and Internet Explorer can successfully single sign on a user.

I believe there are more advanced methods you can also use in IIS7 then having to deny all anonymous access - but I don't know how to do this yet.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Tue Nov 01, 2011 1:38 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Apr 15, 2011 12:46 am
Posts: 13
Mate fantastic. That was it. I want to thankyou for your unreal support on a free Joomla extension. Amazing!!!!! Much better than alot of my paid extensions. Firefox asks for Username and Password but Internet Explorer logs staight in no questions asked. I assume there wont be anyway for Firefox to work as well?

Thanks again for a fantastic effort.....


Top
 Profile  
 
PostPosted: Tue Nov 01, 2011 1:43 am 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
That's OK :)

For Firefox I normally do:
1) Go to about:config
2) Find "network.automatic-ntlm-auth.trusted-uris" (string) and set the value of it to your intranet site(s) like "http://intranet.domain.local,http://intranet2.domain.local"
3) I also have this set to true "network.ntlm.send-lm-response" (boolean)
4) Restart Firefox and try to logon

Source: http://sivel.net/2007/05/firefox-ntlm-sso/

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Tue Nov 01, 2011 3:21 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Apr 15, 2011 12:46 am
Posts: 13
Wow!!! Perfect. I cant thank you enough for sharing your knowledge and being so responsive with helping me through this. You made my day and made it so much easier for me......:) Thankyou


Top
 Profile  
 
PostPosted: Tue Nov 01, 2011 3:40 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Oct 11, 2011 2:54 am
Posts: 6
Shaun, I ran the LDAP debug tool. What should I be looking for?


Top
 Profile  
 
PostPosted: Tue Nov 01, 2011 5:05 am 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
@itstaff
You're welcome :)

@epttmacias
Make sure you have a table of attributes displayed and no error.

Though I think I initially skipped over your post a bit too quickly. Sounds like you only need a minimum (or default) group assigned to all users? If thats the case you can change the "Public Group" to 25.

I have come to see that the "Public Group" parameter has far more uses then I initially thought. This will probably be renamed to "default group" in version 2.

Alternatively, see if you can find a common group that is displayed in the debug to all users. It must be in the memberOf attribute. Domain users is unfortunately not usually displayed.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Tue Nov 01, 2011 4:03 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
I've just found out that a primary group in AD means that it won't be listed as a entry in the memberOf attribute. Therefore, currently the plug-in won't pick up the group. I'm putting this as a future feature in the wish list for inclusion in version 2.

@barnic
I believe this could be your problem.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Tue Nov 01, 2011 5:32 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Sep 02, 2005 8:52 pm
Posts: 11
ShMaunder wrote:
I've just found out that a primary group in AD means that it won't be listed as a entry in the memberOf attribute. Therefore, currently the plug-in won't pick up the group. I'm putting this as a future feature in the wish list for inclusion in version 2.

@barnic
I believe this could be your problem.


Shaun - thanks for the hard work. Looking forward to the updates.


Top
 Profile  
 
PostPosted: Tue Nov 01, 2011 7:18 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Oct 11, 2011 2:54 am
Posts: 6
Thanks for the reply however I tried changing the the public group to 25 but the user account is still created in the Registered group. I am still using the same user plugin settings as posted earlier however the public group is now set to 25.

I also enabled email sync and tested changes to the email of my test account and that appears to be working just not the group mappings. Below are the debug output.

:: PHP LDAP debug V1.03 script started ::

Attempting to bind to LDAP server using connect username and password...
LDAP bind successful.

Attempting to use search to find user...
Successfully found user

Attempting to logon with user CN=lastname\, firstname,CN=Users,DC=domain,DC=LOCAL ...
Successfully logged on with user

Attempting to retrieve all user attributes and print them...

User ID: username
Full Name: lastname, firstname
Email: email@domain.com


LDAP Attribute Value(s)
objectClass Array ( [0] => top [1] => person [2] => organizationalPerson [3] => user )
cn Array ( [0] => lastname, firstname )
sn Array ( [0] => lastname )
givenName Array ( [0] => firstname)
distinguishedName Array ( [0] => CN=lastname\, firstname,CN=Users,DC=domain,DC=LOCAL )
instanceType Array ( [0] => 4 )
whenCreated Array ( [0] => 20111028171846.0Z )
whenChanged Array ( [0] => 20111101185853.0Z )
displayName Array ( [0] => lastname, firstname )
uSNCreated Array ( [0] => 22963566 )
uSNChanged Array ( [0] => 23001139 )
name Array ( [0] => lastname, firstname )
objectGUID Array ( [0] => �#h�H�%j{���
userAccountControl Array ( [0] => 66048 )
badPwdCount Array ( [0] => 0 )
codePage Array ( [0] => 0 )
countryCode Array ( [0] => 0 )
badPasswordTime Array ( [0] => 0 )
lastLogoff Array ( [0] => 0 )
lastLogon Array ( [0] => 0 )
pwdLastSet Array ( [0] => 129643183600715000 )
primaryGroupID Array ( [0] => 513 )
objectSid Array ( [0] => 


Top
 Profile  
 
PostPosted: Tue Nov 01, 2011 10:51 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
@epttmacias
The only way it will kick in is if you set "Allow Removals" to Yes & Default Managed. If you're unable to do this then maybe you will need to put in a code hack.

Code hack:-
In /libraries/shmanic/jmapmyldap.php line ~494

Code:
493: }
494: self::addUserToGroup($joomlaUser, 25);
495: return true;


This code will always add the group 25 to any LDAP user.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Tue Nov 01, 2011 11:29 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Oct 11, 2011 2:54 am
Posts: 6
I had to add the self::addUserToGroup($joomlaUser, 25); to get it to work. This is good, I can move forward now but I would like to be able to map between groups in the future. Any suggestions on how to get it working properly?

Thanks for your assistance.


Top
 Profile  
 
PostPosted: Tue Nov 01, 2011 11:39 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
You should be able to still map groups even with the code hack.

i.e. If you put CN=group1:26 in the group mapping then all users will still be added to the group 25 and users in the LDAP group, group1, are added to group 26.

A better alternative is to create a common group (this cannot be a OU) for each user. e.g. the group "Employees" to each user and inserting the entry CN=employees:25.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Wed Nov 02, 2011 12:30 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Oct 11, 2011 2:54 am
Posts: 6
I'll test that out. Thank you.


Top
 Profile  
 
PostPosted: Wed Nov 02, 2011 9:20 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Oct 03, 2008 12:13 pm
Posts: 14
ShMaunder wrote:
I've just updated the LDAP debug tool as it had quite a lot of bugs when not using search. It also has far better error strings and such.

@epttmacias & @barnic
I'm trying to get my head around exactly what is going on here. I'm finding it hard without being able to debug in the environments. Can both of you re-try the LDAP debug tool here http://shmanic.com/tool/jmapmyldap/?id= ... bug-method as I need to determine if PHP is picking up your groups.

If PHP is picking up your groups then I can simulate them here and find the bug.

Edit: actually on second looks, this could be problem with escape characters. Let me investigate...


Hi,
this is the result of the new debugging:
Code:
:: PHP LDAP debug V1.03 script started ::

Attempting to bind to LDAP server using connect username and password...

Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server:
Invalid credentials in /u/htdocs/test/ldapdebug.php on line 294

LDAP bind failed. Check host, port, connect username and connect password.


:: PHP LDAP debug V1.03 script finished ::


---------------------------------
I read only now:
Quote:
I've just found out that a primary group in AD means that it won't be listed as a entry in the memberOf attribute. Therefore, currently the plug-in won't pick up the group. I'm putting this as a future feature in the wish list for inclusion in version 2.

@barnic
I believe this could be your problem.

ok, I look forward


Top
 Profile  
 
PostPosted: Wed Nov 02, 2011 4:41 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Oct 11, 2011 2:54 am
Posts: 6
Shaun, thank you for all your help. Can you tell me if PHP is picking up my groups based on the debug output that I posted on Tue Nov 01, 2011 12:18 pm?


Top
 Profile  
 
PostPosted: Wed Nov 02, 2011 7:17 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Nov 02, 2011 5:38 pm
Posts: 5
ShMaunder wrote:
@ckozler
There is now a dedicated thread specific to this extension viewtopic.php?f=46&t=657124

OK, not sure what you've tried so far but your lookup type and attribute doesn't look good.

Firstly, shorten your mapping list to "cn=operations : 13" - once the lookup stuff is working, then you can put it back.



Done. I do not see any change.

Quote:
Secondly, check the /logs/error.php for any mapping errors.


Nope, nothing :/

Quote:

Thirdly, to check the mapping plugin is working correctly, set the "Sync Name" to enabled then change a user's name in Joomla. Try to re-login and see if the name has been set back to the LDAP name.

Try these combinations:

lookup type: forward
lookup attribute: groupMembership
lookup member: dn

lookup type: reverse
lookup attribute: member
lookup member: dn

lookup type: reverse
lookup attribute: members
lookup member: dn

lookup type: reverse
lookup attribute: member
lookup member: uid

lookup type: reverse
lookup attribute: members
lookup member: uid

Edit: I'm not sure what attributes are used with sambaGroupMapping. Do you get a 'member' or 'members' attribute for users?


Tried all of them...nothing.

When you say

Quote:
Edit: I'm not sure what attributes are used with sambaGroupMapping. Do you get a 'member' or 'members' attribute for users?


What do you mean exactly? sambaGroupMapping is an attribute inside my dn cn=operations,ou=Group,dc=dc,dc=local,dc=domain. The DN cn=operations,ou=Group,dc=dc,dc=local,dc=domain contains a list of of members in that group and store it in the attribute field 'memberUid' (as seen in my previous post).


Top
 Profile  
 
PostPosted: Thu Nov 03, 2011 1:38 am 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
@ckozler
Sorry, I didn't read your post all the way through. From your previous post I could see the only way is by using

lookup type: reverse
lookup attribute: membersUid
lookup member: uid

@epttmacias
I don't believe I saw a forward lookup possibility; though I will post some instructions on how you can check in the next ~15 minutes or so.

@barnic
I don't understand how your authentication is working if your connect user and password are wrong. Don't forget the connect user needs to be a full DN or like [username]@DOMAIN for AD.


I'm currently working on a mapping tab on the ldapdebug to try and resolve mapping issues quickly. I'm getting quite a lot of requests here and on the email.

Edit: actually, just thought of something better for the ldapdebug - give me a bit longer than 15 mins...

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Thu Nov 03, 2011 3:40 am 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
I've just uploaded PHP LDAP Debug V1.04 which contains some helpers for group mapping.

I will have to put some documentation together for this, though I will briefly explain what it does here and how to use it.

I'll start off by saying the latest debugger could be buggy as its code has become a mess and therefore, I've left 1.03 as an option.

Firstly, complete the authentication tab so that it completes a successful result.

Secondly, look at the attributes in the authentication results for groups. This could be in the 'memberOf' or 'groupMembership' LDAP attribute. If you find the attribute then you can use "Forward Lookup" however, if you CANNOT find any LDAP attributes relating to groups then you probably need to use "Reverse Lookup".

Forward Lookup
Click on the 'Group Mapping' tab in the ldapdebug and populate the 'Lookup Attribute' field under Forward Lookup with the attribute name you found in the previous step. Click on 'Show Result' to ensure a list of groups are shown.

Reverse Lookup
Firstly, you need to get a list of group attributes from the "Group DN" field. Put a full DN pointing at a group into this text box (e.g. cn=group1,o=company) then click 'Show Result'.

Secondly, find the LDAP attribute that contains members (i.e. cn=user1,o=company) then populate the name of that LDAP attribute into the 'Lookup Attribute' field under Reverse Lookup.

Thirdly, if the values inside the 'Lookup Attribute' are usernames and not DN's then use the User ID (e.g. uid) as the 'Lookup Member'.

Test with 'Show Result'.


This is tricky to describe in words. I may upload a video to [youtube] describing this process.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Thu Nov 03, 2011 3:44 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Nov 02, 2011 5:38 pm
Posts: 5
ShMaunder wrote:
@ckozler
Sorry, I didn't read your post all the way through. From your previous post I could see the only way is by using

lookup type: reverse
lookup attribute: membersUid
lookup member: uid


Tried it...user only gets the 'registered' group or whichever though they are apart of the 'operations' LDAP group :(.

Should I try your debug tools and report back?


Top
 Profile  
 
PostPosted: Thu Nov 03, 2011 3:54 am 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
Yep, try the debug tool. If it doesn't work in the debug tool then I'm not sure what to suggest - if you can code in PHP then see if you can get LDAP to print out your groups to screen; then send me the code and I'll either make changes to the plug-in or find the correct parameters.


I've already found a bug in the ldapdebug tool, but not sure if it extends to the plug-ins yet: I've only found this affecting AD where the Pre-Windows 2000 name is different from the Principle Name. When this happens, no groups are found in both forward or reverse lookups. Edit: actually, I don't understand this "bug". I will look into it further later.

Edit 2:
@ckozler
If you go to your phpLdapAdmin search, then type into the search filter membersUid=ckozler does it come back with result(s)? Also, did the "Sync Name" work or not? If it didn't then the whole plug-in is broke anyway.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 338 posts ]  Go to page Previous  1, 2, 3, 4, 5 ... 12  Next



Who is online

Users browsing this forum: No registered users and 18 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group