JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

This forum is for general questions about extensions for Joomla! 2.5.
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby ShMaunder » Sat Dec 17, 2011 12:09 am

Sorry that I've not been around for a while; had a big deadline to meet for uni. Anybody that has emailed me in the last 2 weeks will get replies this weekend.

@trgriffith - have you tried port 3268 (AD global catalog) ?

@forkman - I'm not sure how much I can help. This sounds like a security policy that has been configured somewhere. I will try to find out what is going on over the weekend when I get time.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby ShMaunder » Mon Dec 26, 2011 11:39 pm

As a few people have asked me, I will quickly summarise the current progress of version 2.x.

Group mapping has been ported to a new plug-in called 'LDAP - Group Mapping' - this plug-in uses mostly the same libraries as version 1's group mapping. I believe this works as well as version 1.

The new profile plug-in called 'LDAP - Profile' is taking me a lot longer to complete then expected. I have successfully got it syncing from LDAP to Joomla, though the reverse is giving me some headaches - there is some inconsistent behavior with PHP's LDAP when dealing with blank values. Also, the delimiting for multiple attribute values isn't quite complete yet.

The password plug-in doesn't exist in its own entity yet - don't expect this to be included in the first alpha.

JLog logging is being added which will help with debugging and audit trails. The code for version 2 is in the SVN (I will try to keep this up-to-date).

My main objectives for the release of Alpha 1 (should be out very early Jan) is completion of the profile plug-in, tidying up the new LDAP routines (it is spaghetti junction atm), and adding the on-demand sync in the component.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

forkman
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Dec 05, 2011 12:08 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby forkman » Tue Jan 03, 2012 12:00 pm

ShMaunder wrote:@forkman - I'm not sure how much I can help. This sounds like a security policy that has been configured somewhere. I will try to find out what is going on over the weekend when I get time.


@ShMaunder - If are my problems caused by internal security policy, I'll try to revolve them with our domain administrator. But it seems the plugin needs allowed login to domain controller for all users using it. For example Kerberos don't need it - this difference was the reason of my question.

llau34
Joomla! Intern
Joomla! Intern
Posts: 59
Joined: Tue Apr 20, 2010 9:29 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby llau34 » Wed Jan 04, 2012 6:34 pm

Hello,

We're about to build a Joomla 1.7 intranet website which uses Active Directory. Would it be possible to have the main homepage or any page of this website detect who is currently logged into the workstation of this intranet and pass his/her credentials into the application without having him or her having to login to the site?

If not, is there a way that we could use a cookie to store the user login credentials after they log in for the first time so they wouldn't need to login to the website on future visits, and would we need to use another extension or maybe cookies to enable it to work this way?

Also, the user would not be accessing the Joomla 1.7 intranet website from anywhere outside of the intranet domain.

Thanks very much in advance,
Victoria

User avatar
fatbear
Joomla! Apprentice
Joomla! Apprentice
Posts: 36
Joined: Tue Mar 28, 2006 4:09 pm
Location: Raleigh, NC
Contact:

Multiple JMapMyLDAP Instances

Postby fatbear » Tue Jan 24, 2012 12:02 pm

Thanks for JMapMyLDAP! Great product!

In my company, we have multiple LDAP servers (e.g., one for Europe, one for Asia, one for the Americas). What I want is to have 3 instances of the JMapMyLDAP, each with information for the different LDAP servers we use. Each would be tried and if any succeed, the user is logged in with the first one to pass.

How can I "install" 3 copies of the JMapMyLDAP, or otherwise how can I authenticate against each of these servers?
Steve Amerige, Fat Bear Incorporated, http://www.fatbear.com
Server Leasing | Web Software Development | User Experience & Graphic Design
Managed Services, Website, Java, and Source-Code Hosting

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby ShMaunder » Wed Jan 25, 2012 8:24 pm

My goodness, its been a month since I last replied here - exam season finished.

@forkman - Hmm interesting, did you manage to fix this? All I could think of was security policy issues but I haven't had too much experience on this.

@llau34 - I'm sure you've resolved this now but the SSO HTTP should allow you to do this.

@fatbear - This must be a feature that people want; I've been asked how to query from more than one LDAP server at least 3 times now. I always assumed that everybody used trusts in the case of multiple directories to allow binding on a single LDAP server. OK, the only way I see is to create 3 authentication plug-ins (i.e. each with a unique name). To change the name to say, jmmLdap2 then:
1) extract the plg_authentication_jmapmyldap.
2) change the filename of both jmapmyldap.php and jmapmyldap.xml to jmmldap2.php and jmmldap2.xml. Also change the language files from en-GB.plg_authentication_jmapmyldap.* to en-GB.plg_authentication_jmmldap2.*
3) open the jmmldap2.php and change the class name definition from plgAuthenticationJMapMyLdap to plgAuthenticationJmmLdap2
4) open the jmmldap2.xml and change

Code: Select all

<filename plugin="jmapmyldap">jmapmyldap.php</filename>

to

Code: Select all

<filename plugin="jmmldap2">jmmldap2.php</filename>

Also change

Code: Select all

<language tag="en-GB">language/en-GB/en-GB.plg_authentication_jmapmyldap.ini</language>
<language tag="en-GB">language/en-GB/en-GB.plg_authentication_jmapmyldap.sys.ini</language>

to

Code: Select all

<language tag="en-GB">language/en-GB/en-GB.plg_authentication_jmmldap2.ini</language>
<language tag="en-GB">language/en-GB/en-GB.plg_authentication_jmmldap2.sys.ini</language>

5) Zip them up and try to install them into Joomla. You may want to change the display name of the extensions in the respected language file.

^ I haven't tested this so if you experience any problems then give me a shout on here, email or skype.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

kanzy
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sat Feb 18, 2012 4:58 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby kanzy » Sat Feb 18, 2012 5:02 pm

Hi,

this is a great plugin! i would like to know if it works also with Joomla 2.5?

Best Regards

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby ShMaunder » Mon Feb 20, 2012 4:11 pm

@kanzy - I've heard it works with 2.5 but haven't fully tested it myself. There is a non-fatal error that is presented during the installation due to no client_id in the XMLs (well I think thats the problem). This shouldn't cause any problems though.


I will add some extra SSO HTTP info to the site soon.
When using SSO HTTP you must ensure that you have either a AUTH_USER OR REMOTE_USER defined somewhere in your phpinfo (J! Backend->Site->System Information->PHP Information). This is outside of Joomla and must be setup depending on your platform.

If you're using AD and Apache on Linux then you could use Kerberos to authenticate. This guide http://acksyn.org/diary/?p=460 is a very good resource to get things setup.

If you're using AD and Apache on Windows then you could use SSPI to authenticate. More information on this can be found here http://wiki.apache.org/httpd/ModAuthSSPI . A guide for setting it up can be found here http://docs.moodle.org/22/en/NTLM_authe ... on_Windows (remember that guide is for Moodle, so you will need to modify it slightly to work for Joomla).


EDIT: jmmLDAP 1.x works fine on Joomla 2.5.1 from what I tested. The error I mentioned above no longer happens. Guess it was fixed in J!.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby crony » Tue Feb 21, 2012 10:43 am

Hello Shaun!

I've been able to use your plugin suite with Open Ldap and Joomla! 2.5.1 :)
I do have my users well created, and I try to setup group mapping...
Unfortunatly, and as other posters asked, could it be possible to assign the groups to an attribute ?

I also would like to be able to add multiple ldap servers...

Thanks for your help !
Enjoy J!

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby ShMaunder » Tue Feb 21, 2012 2:33 pm

@crony - Just to make sure I'm on the same thinking; do you want to use attributes that are non DN's as the mapping (i.e. any string attributes). This wouldn't require much work to get working - just need an extra parameter to disable DN validation. As for multiple LDAP servers - I still do not have any working plans on getting this to work. For now you will need to duplicate the authentication plug-in.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby crony » Tue Feb 21, 2012 4:14 pm

Yes Shaun, I think this is it !
I'm not very good with this ldap thing, I hope you get it better with this explanation :
In fact, we do have proper statics groups using DN and populating these groups manually, but it concerns few applications, and it seems not relevant for our intranet.
So we use a simple attribute that specifies a group for most of our users, and this is this attribute I would like to use to populate the groups.

To duplicate the plugin I'll use the how to you provide to @fatbear, that's good enough :)

Thanks !
Enjoy J!

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby ShMaunder » Tue Feb 21, 2012 5:24 pm

As I thought. OK, I think I will implement with an extra parameter called "Validate DNs" defaulted to Yes.

When it is set to Yes: full or partial DNs must be used in the mapping list. For example if the lookup attribute was set to "groupMembership", then the mapping list may contain "cn=public relations:4 [NEWLINE] cn=finance:7".

When it is said to No: full DNs or any string value can be used in the mapping list. For example if the lookup attribute was set to "department", then the mapping list may contain "Public Relations:4 [NEWLINE] Finance:7".

Should be easy to implement - I will be back soon.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

dthy
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed Feb 22, 2012 7:08 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby dthy » Wed Feb 22, 2012 7:20 am

Hi,

I'm try to get your SSO plugin working, but no luck yet. (still have to login manually).

I get this debug message: SSO: Failed to authenticate user 'testuser'.

REMOTE_USER is available in phpinfo and has the username testuser. I'm a bit out of options what this could be.

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby ShMaunder » Fri Feb 24, 2012 6:13 pm

@dthy - do you have a valid "Connect User" in the authentication plug-in? You may need to send over some of your config so I can try to work out what is going on. Unfortunately the debugging is total trash in these extensions and really doesn't provide much insight.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby crony » Fri Feb 24, 2012 7:44 pm

Shaun,
Sorry didn't saw your answer ! This will be great ! I have my test platform running if you need beta testers on Open ldap !

Thanks again , have a nice week-end !
Enjoy J!

threemcc
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Feb 24, 2012 7:40 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby threemcc » Fri Feb 24, 2012 10:01 pm

First let me say your code saved me a ton of time (Thank You!), this is just because of our implementation here at The Clinic, I am required me to use Windows (2k8R2), IIS7, MySQL, and PHP5 for our web server.
I am certain there are others out there with this requirement.

To make this work it took me a couple days to get it right, but in the end I got it to go with only a couple modifications.
Just wanted to pass the modifications along to you so you could incorporate them if you wished, or at the very least help anyone else who runs into this issue.
I put the modified files into the attached zip file, I assume you guys can figure out what I changed pretty easily. (I provided in-line documentation and the folder structure to the two files are all in the zip file)

With these modifications your plugin should work on any platform as it no longer is dependent on Apache.
Basically I manually send the 'WWW-Authenticate: NTLM' header if the $remote_user string is empty or null, before assuming authentication failure and returning null.

Please also note how I had to make it map the name out of the data structure… I assume this is because you are getting the name in a module prior to where I am interjecting my code, but Joomla cries when it tries to make the new account with out this modification.
----I know there is a more eloquent way of doing that but I was kinda pressed for time so I just parsed the output of the “print_r($response->jmapmyentry, true);” command using a preg_match_all.
----If you could make it access the “[dn:protected]” piece of the array directly it would work better.

In http.php I found that the location of your implementation for the statement:
“if(is_null($remote_user) || $remote_user=='') return null;”
fails -> if the “WWW-Authentication: NTLM” header hasn’t been sent yet.

So I did this:

Code: Select all

   public function detectRemoteUser()
   {
      // Get the $_SERVER key and ensure its lowercase and doesn't filter
      $remote_user = strtolower(
         JRequest::getVar($this->params->get('userkey','REMOTE_USER'), null, 'server', 'string', JREQUEST_ALLOWRAW)
      );
      //Do not allow return null here as first round in new IE / IIS
      //interaction does not send credentials until you send the header below
      //then you will get your authentication headers
      /**************************************************************/
      if(is_null($remote_user) || $remote_user=='') header('WWW-Authenticate: NTLM', false);
      /**************************************************************/
      // Get a username replacement parameter in lowercase and split by semi-colons
      $replace_set = explode(';', strtolower($this->params->get('username_replacement','')));
      
      foreach($replace_set as $replacement) {
         $remote_user = str_replace(trim($replacement),'',$remote_user);
      }
      //Now if still null or empty set, then return null
      //Moved here from above
      /**************************************************************/
      if(is_null($remote_user) || $remote_user=='') return null;
      /**************************************************************/
      return $remote_user;
   }

(NOTE: The return null on empty conditional statement most likely could go directly after the send header on empty conditional statement to avoid parsing null.)

Let me know if you update your extension I would be interested in seeing the final implementation for this aspect of your code.
You do not have the required permissions to view the files attached to this post.

mikesturmey
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Wed Mar 07, 2007 4:22 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby mikesturmey » Wed Feb 29, 2012 11:35 pm

Hi,

The plugin is great - I have 2 instances one for staff and one for student AD. I have mapped the student groups but something weird seems to happen on the first login - an alert error message comes up "LDAP can not have blank password", however the student is actually logged in and there are no problems. On the students second login there is no issue. Any ideas? - how can I prevent the error coming up (Joomla 2.5.1)

Also, how difficult would it be to map fields from an AD user field to a field in Joomla? I want to populate a profile file in Joomla containing the students enrolled courses - this data is stored in a field in their AD profile,

regards

Mike

chrisyeung168
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Mon Oct 31, 2005 6:52 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby chrisyeung168 » Sun Mar 04, 2012 2:29 am

ShMaunder wrote:My goodness, its been a month since I last replied here - exam season finished.

@forkman - Hmm interesting, did you manage to fix this? All I could think of was security policy issues but I haven't had too much experience on this.

@llau34 - I'm sure you've resolved this now but the SSO HTTP should allow you to do this.

@fatbear - This must be a feature that people want; I've been asked how to query from more than one LDAP server at least 3 times now. I always assumed that everybody used trusts in the case of multiple directories to allow binding on a single LDAP server. OK, the only way I see is to create 3 authentication plug-ins (i.e. each with a unique name). To change the name to say, jmmLdap2 then:
1) extract the plg_authentication_jmapmyldap.
2) change the filename of both jmapmyldap.php and jmapmyldap.xml to jmmldap2.php and jmmldap2.xml. Also change the language files from en-GB.plg_authentication_jmapmyldap.* to en-GB.plg_authentication_jmmldap2.*
3) open the jmmldap2.php and change the class name definition from plgAuthenticationJMapMyLdap to plgAuthenticationJmmLdap2
4) open the jmmldap2.xml and change

Code: Select all

<filename plugin="jmapmyldap">jmapmyldap.php</filename>

to

Code: Select all

<filename plugin="jmmldap2">jmmldap2.php</filename>

Also change

Code: Select all

<language tag="en-GB">language/en-GB/en-GB.plg_authentication_jmapmyldap.ini</language>
<language tag="en-GB">language/en-GB/en-GB.plg_authentication_jmapmyldap.sys.ini</language>

to

Code: Select all

<language tag="en-GB">language/en-GB/en-GB.plg_authentication_jmmldap2.ini</language>
<language tag="en-GB">language/en-GB/en-GB.plg_authentication_jmmldap2.sys.ini</language>

5) Zip them up and try to install them into Joomla. You may want to change the display name of the extensions in the respected language file.

^ I haven't tested this so if you experience any problems then give me a shout on here, email or skype.

actually, I setup my 1.5 by using this method long time ago, just duplicate the plugin and change two or three parameters, then you will have another set ldap plugin, lets say if you have 3 domain, then make sure 3 ldap plugin there, each set with the corresponding AD info, the joomla authen process will search the available login plugin to do the process. by the way, what i want to do is, since some users may have account in the 3 domains, such as the administrator, if set it in this way, the authen process will look into the ldap from top to down position, so, this will have problem with the login on the lower position plugin with the same account name, in order to handle this problem, i think the most easy way is to modify the mob_login, make a domain drop down menu, and let user to select the suitable domain, the selection will call the suitable domain plugin to carry the process, this can make sure the account will go to the target domain, which will avoid the above problem. however, i 'm not a programmer, even go to make such a simple domain selection and call corresponding ldap plugin, anyway know how to modify it?

tisugol
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Tue Oct 26, 2010 4:22 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby tisugol » Mon Mar 05, 2012 6:29 am

Can this plugin do the other way round? I have joomla 2.5 installation configured to accept user logins from opeldap. Than i have some other sensitive sites which are protected with apache basic auth via ldap. They are placed inside joomla via iframe. So is it possible that a user logins from the joomla frontend and when he reaches the sensitive iframe - his credentials are passed to apache?

P.S. If it is not possible with this plugin - maybe some suggestions where to look for it?

amwotil
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed Mar 07, 2012 6:56 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby amwotil » Wed Mar 07, 2012 7:24 am

Hello and really thanks for the plugin. I have gotten it working and now I can authenticate my intranet users on LDAP using the plugin.

The next aim is to allow users edit their LDAP profiles and I landed on your documentation about LDAP-Profile.

The download link in the post is below:

http://shmanic.com/media/file.php?proje ... ap_profile

Unfortunately, the link is broken as it generates an invalid file error on trying to download it. I will highly appreciate it if you sent me another link.

Meanwhile, thanks for the plugin

chrisyeung168
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Mon Oct 31, 2005 6:52 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby chrisyeung168 » Wed Mar 07, 2012 3:12 pm

chrisyeung168 wrote:
ShMaunder wrote:My goodness, its been a month since I last replied here - exam season finished.

@forkman - Hmm interesting, did you manage to fix this? All I could think of was security policy issues but I haven't had too much experience on this.

@llau34 - I'm sure you've resolved this now but the SSO HTTP should allow you to do this.

@fatbear - This must be a feature that people want; I've been asked how to query from more than one LDAP server at least 3 times now. I always assumed that everybody used trusts in the case of multiple directories to allow binding on a single LDAP server. OK, the only way I see is to create 3 authentication plug-ins (i.e. each with a unique name). To change the name to say, jmmLdap2 then:
1) extract the plg_authentication_jmapmyldap.
2) change the filename of both jmapmyldap.php and jmapmyldap.xml to jmmldap2.php and jmmldap2.xml. Also change the language files from en-GB.plg_authentication_jmapmyldap.* to en-GB.plg_authentication_jmmldap2.*
3) open the jmmldap2.php and change the class name definition from plgAuthenticationJMapMyLdap to plgAuthenticationJmmLdap2
4) open the jmmldap2.xml and change

Code: Select all

<filename plugin="jmapmyldap">jmapmyldap.php</filename>

to

Code: Select all

<filename plugin="jmmldap2">jmmldap2.php</filename>

Also change

Code: Select all

<language tag="en-GB">language/en-GB/en-GB.plg_authentication_jmapmyldap.ini</language>
<language tag="en-GB">language/en-GB/en-GB.plg_authentication_jmapmyldap.sys.ini</language>

to

Code: Select all

<language tag="en-GB">language/en-GB/en-GB.plg_authentication_jmmldap2.ini</language>
<language tag="en-GB">language/en-GB/en-GB.plg_authentication_jmmldap2.sys.ini</language>

5) Zip them up and try to install them into Joomla. You may want to change the display name of the extensions in the respected language file.

^ I haven't tested this so if you experience any problems then give me a shout on here, email or skype.

actually, I setup my 1.5 by using this method long time ago, just duplicate the plugin and change two or three parameters, then you will have another set ldap plugin, lets say if you have 3 domain, then make sure 3 ldap plugin there, each set with the corresponding AD info, the joomla authen process will search the available login plugin to do the process. by the way, what i want to do is, since some users may have account in the 3 domains, such as the administrator, if set it in this way, the authen process will look into the ldap from top to down position, so, this will have problem with the login on the lower position plugin with the same account name, in order to handle this problem, i think the most easy way is to modify the mob_login, make a domain drop down menu, and let user to select the suitable domain, the selection will call the suitable domain plugin to carry the process, this can make sure the account will go to the target domain, which will avoid the above problem. however, i 'm not a programmer, even go to make such a simple domain selection and call corresponding ldap plugin, anyway know how to modify it?

anyone can help to modify the mod_login in order to use muti domain login? please

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby crony » Wed Mar 14, 2012 10:52 pm

Hello Shawn,

Hope I'm not pushing too much but assigning the groups to an attribute is a feature that I really need now...
Any idea of a possible release ? Of a v2 maybe ?
Thanks so much !
Enjoy J!

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby ShMaunder » Sat Mar 17, 2012 12:16 am

Sorry guys, I've been ill and University has got a bit insane lately.

I will get through the posts above in time though if you have a quick question - or have a problem that shouldn't take too long to fix then IM me on Skype (shaun.maunder). I'm also responding to emails rather slowly until University disappears.

JoomlaCode SVN is no longer being updated for version 2 at the moment. The latest is here https://github.com/ShMaunder/JMapMyLDAP - I will include a full build script and 'template' directory so everyone can build their own packages automatically to install directly into Joomla 2.5. I may also release an alpha (or beta) after I get SSO back in.

@crony - Hopefully will have something by the weekend's end.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

pop3
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sat Mar 17, 2012 8:55 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby pop3 » Sat Mar 17, 2012 9:20 am

Hello ShMaunder,

I've been trying out your plugin and works great!
But I've some problems with group Mappings. All users are added to group Registered, and y don't know why.

I've tryied ldapdebug.php and this is the result:
http://imageshack.us/f/15/ldapdebug.png/
Edit:
solved errors Map User ID-->dn
and Map Full Name-->name
(this is also the current configuration in Auth Plugin)


I think, the correct configuration in user's plugin is:
Use Group Mapping: Yes
Allow Additions: Yes
Allow Removals: Yes
Unmanaged Groups: 1,2,8
Public Group: 1

Mapping List: CN=G_Recepcion,OU=Recepcion,OU=Staff,OU=CCAFONO,DC=XXXXXXXX,DC=com
Lookup Type: Forward
Lookup Attribute: MemberOf
Lookup Member: dn

Do you know, what I'm doing wrong?
My joomla version is 2.5.2

Many thanks

pop3
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sat Mar 17, 2012 8:55 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby pop3 » Sat Mar 17, 2012 12:13 pm

OMG!

I found the problem:
In the Plug-in: User - JMapMyLDAP>Access, the option selected was Registered. I change it to Public, and all my headaches go away! This option is selected by default?!?

Thank you for your plugin! It's really, really interesting and useful!

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby ShMaunder » Sat Mar 17, 2012 4:35 pm

@threemcc - not sure if i replied via email. Anyway, it looks good - may have to add an extra parameter depending on how this code performs on non-IIS platforms otherwise I will certainly add in version 2. Thanks!

@chrisyeung168 - yea, this makes sense. Much better then attempting each LDAP server in order. Modifying a new version of mod_login shouldn't be too difficult. Without checking, I think we can use the $options to store the domain from the module to the authentication plug-in (bit like the remember me from module to user plug-in). This certainly isn't for V2. I guess the best thing to do is drop the J! parameters currently used on the jmmLDAP authentication and either use a new SQL table or use config files to store multiple configurations.

@tisugol - I haven't got a clue. Guess you would want to send Joomla's session ID over the iframe, then on the iFrame script check it against local cookies, get the username from it then set the header for username HTTP then redirect. <- that is a total guess without any research.

@amwotil - The documentation has been posted early. It refers to version 2 that still doesn't have any releases. Look at https://github.com/ShMaunder/JMapMyLDAP for the latest code.

@pop3 - Bit weird. That certainly shouldn't be defaulted to Registered. The plug-in XML doesn't specify anything so I would guess that Joomla decided to default to it.


Ah yea, the ?nosso variable is bugged since 1.7 (only worked for 1.6 that is). The J! routing is removing the variable on a redirect. I guess session variables will need to be set for this now.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby crony » Sat Mar 17, 2012 6:02 pm

Shaun,

Sorry for the dumb question...
I've installed the release 1.05 of pkg_jmapmyldap.zip.
Then I've been there :
https://github.com/ShMaunder/JMapMyLDAP
And downloaded the archive generated.
For the upgrade, I guess I need to launch the build.sh in the console but :

I just have to upload the all directory unziped of the new archive, then launch the build.sh on the root directory ?

Also, it seems ther's a bug with Community Builder, first authentification works, then, at 2nd time it does not...
CB team has fixed a bug very recently on CB 1.8 (available next release or on the forge) but there was something else wrong, and seems to be related to your plugin.
Just to let you know...I'll come back with more infos soon...
Thanks !
Enjoy J!

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby ShMaunder » Sat Mar 17, 2012 6:55 pm

Theres gonna be a few things to note about version 2. One is that I haven't generated a script for an upgrade path yet. So the "User - JMapMyLDAP" is gonna get left behind. You'll have to manually disable this. Edit: actually, I would go as far as removing all of version 1 before installing version 2.

I forgot to adjust the build script to take the current directory as the trunk. It currently takes TRUNK="$DIR/git" and should be TRUNK="$DIR". I will upload the template directory (probably rename it to extras to avoid confusion) and make this little adjustment once my Internet at home restores itself. Then run the build script something like "bash build.sh", type in a version like "2.0.0.25", then all the packages should be built inside the directory 2.0.0.25/public/. I'll add these instructions to the build script itself. I'll further test this script on a Mac as well.

I haven't done the direct string comparasion yet btw on version 2 - hopefully will figure out a quick way to do it either tonight or tomorrow night.

As for CB - I shall investigate. At a guess, its probably to do with the bodge job in jmmLDAP version 1's user plugin (like setting the login session maybe). Wonder if its the same for version 2 as it doesn't use a user plugin or set the login session.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby crony » Sat Mar 17, 2012 7:05 pm

Hmm...Ok :)
Thanks !
Enjoy J!

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Postby ShMaunder » Sun Mar 18, 2012 4:44 am

Right, I believe that packages are now being built correctly. If anybody can test building them, then install into a clean test Joomla (e.g. no version 1 installed) that would be great.

I still have to do:
- Direct string comparison / Disable DN validation (as described some posts back)
- SSO

If you don't need those things above then go ahead and try using version 2.

To build package (Mac/Linux with xmlstarlet package installed):
1) Download the git repository https://github.com/ShMaunder/JMapMyLDAP (e.g. "git init && git pull git://github.com/ShMaunder/JMapMyLDAP.git " or download a zipball).

2) Run build.sh with "bash build.sh".

3) Put some random version in like "2.0.0.30" then press enter.

4) If no errors occurred, then ./_build/2.0.0.30/public/ should contain all the installable Joomla packages.

5) Try to install pkg_ldap_core & pkg_ldap_profile & pkg_ldap_mapping.

6) You must enable "System - LDAP Dispatcher" for anything to work. Also either using "Authentication - LDAP" or "Authentication - JMapMyLDAP" should work though JMapMyLDAP one is better.

Documentation for the profile is online.

Note: in components->ldap admin->options there are global ldap options such as logging levels.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Return to “Extensions for Joomla! 2.5”

Who is online

Users browsing this forum: No registered users and 10 guests