JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

This forum is for general questions about extensions for Joomla! 2.5.

Moderators: pe7er, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 114
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by crony » Sun Mar 18, 2012 12:46 pm

Shaun,
Will test that ASAP (my ubuntu/virtualbox is broken at home... :( )
But I think a proper beta package to download should help testing to a larger audience...
I've checked the documentation, and it seems assigning a group to an attribute is not yet included. Soon maybe ? :)

Thanks again for all this work !
Enjoy J!

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Sun Mar 18, 2012 6:10 pm

"assigning a group to an attribute" hopefully tonight depending on the state of our Internet connection at home which is currently down again (thanks Virgin Media!).

I firstly want to throughly test everything before any beta packages are made available. This includes triple checking the SQL queries. I don't want a repeat of version 1 where I released too many alpha/beta's and consequently spent too much time preparing for each of them (it took half a day to test and package. Finding a bug meant the whole process repeating again). However, if anybody knows how to automatically build the packages on GitHub, then I'll be interested.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 114
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by crony » Sun Mar 18, 2012 7:22 pm

Ok, I'll test this week...Thanks again !
Enjoy J!

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Mon Mar 19, 2012 5:50 pm

@crony - just added validated dn - I hope this is what you wanted ;)

I haven't set a description for it yet. However, if you turn off "Validate DNs" in the "LDAP - Group Mapping" plug-in, you should be able to type in anything like:

Mapping List:
Finance : 4
IT : 7
HR: 5,6

Validate DNs: No

Lookup Attribute: department

Use Recursion: No

Some things to note: the string is case insensitive and the string is trimmed of white spacing at the start and end.

Also, this obviously will not work with recursion, so switch it off. I will add a condition to ensure that it is automatically disabled.


Whats left to do:
- SSO
- Various things (like language strings to resource files)
- Lots and lots of testing

Edit: I should also add that there is some dodgy coding left over in the "LDAP - Group Mapping" library which makes it a slight debugging nightmare. I've tried to replace some of it.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

chrisyeung168
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Mon Oct 31, 2005 6:52 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by chrisyeung168 » Tue Mar 20, 2012 7:49 am

@chrisyeung168 - yea, this makes sense. Much better then attempting each LDAP server in order. Modifying a new version of mod_login shouldn't be too difficult. Without checking, I think we can use the $options to store the domain from the module to the authentication plug-in (bit like the remember me from module to user plug-in). This certainly isn't for V2. I guess the best thing to do is drop the J! parameters currently used on the jmmLDAP authentication and either use a new SQL table or use config files to store multiple configurations.
hello Shaun,
thanks for your reply, by the way, how to modify the code in the module in order to acheive it? can you help on this? really need your help....

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Tue Mar 20, 2012 4:51 pm

I haven't got time to do it at the moment. University is priority for the next 2 and a half months. I will stabilise & release version 2.0 first though (there lots of requests for the LDAP profile plug-in). Several things will need to be changed in the LDAP sources in addition to creating a new mod_login.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 114
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by crony » Tue Mar 20, 2012 6:24 pm

Shaun,
Just made the package with git + xmlstarlet, works like a charm.
I will test it tomorrow normally.
We will made a donation soon to support your great work !
Enjoy J!

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Tue Mar 20, 2012 7:00 pm

OK, cool. I forgot to set the default for "On-screen Reporting Level" to None. I would recommend this setting for a live site. It can be found under components->ldap admin->options. You don't want errors printing out that may confuse users.


I've half baked SSO for version 2 for those interested. Instead of separating the SSO, I decided to embed it into the ldap dispatcher and ldap admin component.

The last feature to be added after SSO is on-demand synchronisation. The rest of the development for 2.0 after will be code refactoring and bug fixing.

Version 2.1 will have multiple LDAP server support (second most requested feature here and over email), password plug-in and a built in debugger - this version won't be started until at least June though.

EDIT:
I have now committed SSO to Git however, I haven't included it in the package builder yet - I will do that tomorrow. You will be able to use the plg_sso_http from version 1. The JAuthTools SSO plugins should also work as long as you also install any of the JAuthTools library dependencies.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

chrisyeung168
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Mon Oct 31, 2005 6:52 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by chrisyeung168 » Wed Mar 21, 2012 2:26 am

ShMaunder wrote:I haven't got time to do it at the moment. University is priority for the next 2 and a half months. I will stabilise & release version 2.0 first though (there lots of requests for the LDAP profile plug-in). Several things will need to be changed in the LDAP sources in addition to creating a new mod_login.
wish that we will have a mult domain login ldap later, hope you everythings well in uni! by the way, you said that 2.1 will have multiple LDAP server support, is that the same thing as what i'm looking for?

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Wed Mar 21, 2012 5:38 pm

There is a (potential) security issue with the way connect_password is stored in the database. Currently, it is stored in plain text. With version 2's profile plugin requiring more rights than just a very basic LDAP account, a SQL vulnerability within the site could expose the password to a unauthorised persons. Just to confirm, this does affect versions 1 and 2 currently, though version 1 should be just a proxy user and therefore shouldn't be a problem.

The inbuilt J! LDAP plug-in also stores it in plain text.

I believe there is a J! form rule for this, however I've decided to store the LDAP parameters in a new database table. A few more lines of code should allow multiple LDAP servers as well.

Once my Internet is back at home (yes, down again), I will push the SSO package builder to Git as well as a few tweaks.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 114
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by crony » Thu Mar 22, 2012 2:46 pm

Shaun,
The mapping with an attribute works perfectly ! :D
I'll be updating the package till official release.
Change your ISP ;)
Enjoy J!

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 114
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by crony » Thu Mar 22, 2012 5:54 pm

Hmmm, it works perfect with the native login joomla! module, but still have an issue with Community Builder login module...

While using cb login, I'm well identified first time, but have this message :
Incorrect email or password. Please try again.
(and I'm login !)

While I try to access the profile :
This user has not yet confirmed his email address and account!
This user has not yet been approved by a moderator!
In the admin area, I see the profile is not confirmed and approved.

So I logout, I login again, I got :
Your registration process is not yet complete! Please check again your email for further instructions that have just been resent. If you don't find the email, check your spam-box. Make sure that your email account options are not set to immediately delete spam. If that was the case, just try logging in again to receive a new instructions email.
But in admin of CB, my user IS confirmed and approved !

So I use the Joomla! module login, and I can login, AND access CB profile !!!

I guess it's a CB issue, it was just to let you know about this...
Enjoy J!

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Fri Mar 23, 2012 12:31 am

A Virgin Media engineer is hopefully coming out tomorrow to fix our home internet (again)!


OK, after searching around, I have no idea :p. I've just seen the thread you have contributed to at http://www.joomlapolis.com/forum/153-pr ... 6&start=12. I've just compared the authentication response returns between inbuilt J! LDAP and jmmLDAP - both are returning the status, type, fullname, username and email.

Can you test using the inbuilt J! LDAP authenticator? Change the authentication plugin from 'jmapmyldap' to 'ldap' in Components->ldap admin->options as well. If the inbuilt one works fine but not jmmldap... then i will post in that thread edit: posting is for professional members only, oh dear...
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 114
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by crony » Fri Mar 23, 2012 8:56 am

Argh, I'm looking for a username for my ldap user...I don't understand, username and user id for the ldap user to connect... :-\
You do not have the required permissions to view the files attached to this post.
Enjoy J!

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Fri Mar 23, 2012 5:14 pm

^^ You managed to get that working before didn't you? Does the bind direct as user work?

I have internet back so I've tested this myself. I installed CB 1.8.0 and manually applied the patch at http://forge.joomlapolis.com/attachment ... 3303.patch. Using default settings I was getting incorrect username/password all the time. The email registration error also showed after one successful login using J! login form then using CB's login form. I then switched the "Login field type" to "Username, email or enabled CMS authentication plugins" and everything worked correctly on both jmmldap and J! ldap. I also tested toggling "Require Admin Approval" and "Require Email Confirmation" and I think it worked as described. Note: the only plugin i enabled using jmmldap was the authentication so I haven't tested it with everything else.

I have also pushed out the update to include SSO in the build script.

Do not install the package pkg_ldap_core. You should now install pkg_jmmldap_basics. Once you have installed pkg_jmmldap_basics, you can install any of the SSO and/or LDAP plugins. I will put a doc onto the website with a full set of instructions.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 114
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by crony » Fri Mar 23, 2012 6:18 pm

Does the bind direct as user work?
You mean with the native J! ldap plugin ? I need to add a username (like administrator they said) but I don't know what it is...
Or with the php file test you provide ?

So everything works fine for you ?

I also only enabled "Authentification - LDAP"...
Need to reinstall my virtual box to create a package...Well...Week end time... :)
Enjoy J!

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Fri Mar 23, 2012 6:29 pm

crony wrote: You mean with the native J! ldap plugin ? I need to add a username (like administrator they said) but I don't know what it is...
Or with the php file test you provide ?
Yes, with the J! LDAP plugin. If you used bind direct as user, you do not need to supply a connect username and password. Though you need to put cn=[search],o=company in the user's dn parameter. You could use that configuration as a test.
crony wrote: So everything works fine for you ?
Yes, everything works correctly using the mod_cblogin when I changed "Login field type" within the CB config to "Username, email or enabled CMS authentication plugins". I tested it using both plg_authentication_ldap and plg_authentication_jmapmyldap.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 114
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by crony » Fri Mar 23, 2012 6:47 pm

I don't know what to add in this field... (see screen shot)

I also enable the CMS authentification...I'll check the logs on monday, I don't get it, but I suspect a problem with our ldap...
You do not have the required permissions to view the files attached to this post.
Enjoy J!

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Fri Mar 23, 2012 6:53 pm

It should be a full DN like:
uid=[username],ou=people,dc=domain,dc=local

Look here for examples http://sammoffatt.com.au/jauthtools/LDA ... figuration
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 114
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by crony » Sat Mar 31, 2012 11:48 pm

Ok, it seems to work now !
In fact, the attribute used for searching was the email,lets say "anOtherAttribute" but was not the mail attribute (which is also used in our ldap)

So the process was almost working, because with CB it checks the username, mail or plugin. I just unpublished a part of code of CB, republish it, and now everything works...
A bit strange, but I know how to shake this to make it work :laugh:
Enjoy J!

NickC4555
Joomla! Explorer
Joomla! Explorer
Posts: 457
Joined: Sun Jan 30, 2011 10:09 am
Location: Leicester, UK

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by NickC4555 » Thu Apr 05, 2012 4:28 pm

I'm still having the unconfirmed, pending approval problem with CB and SSO. New accounts are created and appear to be logged in, but you can't view their profiles. In the CB User Manager they show as unconfirmed, pending approval, and there is no entry for them in the jos_comprofiler table. I have installed the CB patch 3303.

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 114
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by crony » Thu Apr 05, 2012 6:48 pm

@ Nick :
Do you use the search attribute ? Are you testing with an email ?
If yes, try your "primary" uid attribute, normaly it should work, and let us know...
I'll detail my "dumb no patch way" :D
Enjoy J!

NickC4555
Joomla! Explorer
Joomla! Explorer
Posts: 457
Joined: Sun Jan 30, 2011 10:09 am
Location: Leicester, UK

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by NickC4555 » Thu Apr 05, 2012 7:25 pm

crony wrote:@ Nick :
Do you use the search attribute ? Are you testing with an email ?
If yes, try your "primary" uid attribute, normaly it should work, and let us know...
I'll detail my "dumb no patch way" :D
Yes, using search with JMapMyLDAP, not native J! LDAP.

Base DN: DC=demo, DC=local
User DN / Filter: (sAMAccountName=[username])
Map User ID: sAMAccountName
Map Full Name: name
Map Email: [username]@demo.local

Sorry, I'm not sure what you mean by "primary" uid attribute or testing with email, this LDAP stuff is all new to me! Thanks for your help.
Last edited by NickC4555 on Thu Apr 05, 2012 7:44 pm, edited 1 time in total.

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 114
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by crony » Thu Apr 05, 2012 7:35 pm

Try to comment these lines into cb.authentication.php :

Code: Select all

if ( $loginType != 2 ) {
						// login by username:
						$foundUser						=	$row->loadByUsername( $username ) && ( ( $password === false ) || $row->verifyPassword( $password ) );
					}
					
					if ( ( ! $foundUser ) && ( $loginType >= 1 ) ) {
						// login by email:
						$foundUser						=	$row->loadByEmail( $username ) && ( ( $password === false ) || $row->verifyPassword( $password ) );
						if ( $foundUser ) {
							$username					=	$row->username;
						}
					}
Does it work now ?
Enjoy J!

NickC4555
Joomla! Explorer
Joomla! Explorer
Posts: 457
Joined: Sun Jan 30, 2011 10:09 am
Location: Leicester, UK

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by NickC4555 » Thu Apr 05, 2012 7:56 pm

crony wrote:Does it work now ?
No, still the same!

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 114
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by crony » Thu Apr 05, 2012 8:28 pm

Could you try with a Map Email: mail ?
Hoping you have the mail attribute in your ldap...
Enjoy J!

NickC4555
Joomla! Explorer
Joomla! Explorer
Posts: 457
Joined: Sun Jan 30, 2011 10:09 am
Location: Leicester, UK

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by NickC4555 » Thu Apr 05, 2012 8:49 pm

No mail attribute, it's a proof of concept so there is no mail server integrated with it. It seems to be happy using [username]@demo.local for populating the jos_users table.

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 114
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by crony » Thu Apr 05, 2012 10:07 pm

I guess you are using the git version of Jldap ? (should not be a problem with 1.05 version, but just to know which version you are using.)
Also did you activate into the configuration of CB "username, email or enabled CMS authentication plugin" ?
Then into cb configuration/registration Allow User Registration: "yes independeantly..."
Seems obious at this point,just double checking.

Then can you check the logs of your ldap testing server ?

Then can you change :
Map Email: [username]@demo.local
to
Map Email: sAMAccountName

Or create an attribute into ldap populated with a mail , then replace :
Map Email: mymailattribute

Also, does it works with the original J! login module ?
Enjoy J!

NickC4555
Joomla! Explorer
Joomla! Explorer
Posts: 457
Joined: Sun Jan 30, 2011 10:09 am
Location: Leicester, UK

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by NickC4555 » Fri Apr 06, 2012 11:32 am

I have narrowed the issue down to single sign on. If I disable it and log in manually using the CB Login module, the new account is created in Joomla and CB and automatically approved. When SSO is on, the account is created in Joomla and shows the user logged in, but when you try to view the profile it throws an error, and the account shows as pending approval in the CB user manager.

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Fri Apr 06, 2012 4:40 pm

@Nick
I've just read the thread progress at http://www.joomlapolis.com/forum/153-pr ... =6&start=6

Are you using Version 1.0.5 or 2.0 Alpha? The 2.0 Alpha SSO does things far more Joomla natively then 1.0.5.

I can't post in the CB forums but 2.0 Alpha uses onUserAuthorisation() to login. Joomla then calls the standard onUserLogin() when onUserAuthorisation() succeeds through its own native call functions.

In version 1.0.5, it uses a custom function (due to J! 1.6) called onSSOAuthenticate() which still calls onUserLogin() on success. Both versions pass the full $user values in the onUserLogin().

My question to CB devs would be what other triggers does CB require with their approval/registration system. Surely it only acts upon onUserLogin()?
Did anybody get CB working in J!1.5 with JAuthTools' SSO?
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Locked

Return to “Extensions for Joomla! 2.5”