The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 321 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6, 7, 8 ... 11  Next
Author Message
PostPosted: Sun Mar 18, 2012 12:46 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Oct 15, 2006 10:17 pm
Posts: 113
Shaun,
Will test that ASAP (my ubuntu/virtualbox is broken at home... :( )
But I think a proper beta package to download should help testing to a larger audience...
I've checked the documentation, and it seems assigning a group to an attribute is not yet included. Soon maybe ? :)

Thanks again for all this work !

_________________
Enjoy J!


Top
 Profile  
 
PostPosted: Sun Mar 18, 2012 6:10 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
"assigning a group to an attribute" hopefully tonight depending on the state of our Internet connection at home which is currently down again (thanks Virgin Media!).

I firstly want to throughly test everything before any beta packages are made available. This includes triple checking the SQL queries. I don't want a repeat of version 1 where I released too many alpha/beta's and consequently spent too much time preparing for each of them (it took half a day to test and package. Finding a bug meant the whole process repeating again). However, if anybody knows how to automatically build the packages on GitHub, then I'll be interested.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Sun Mar 18, 2012 7:22 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Oct 15, 2006 10:17 pm
Posts: 113
Ok, I'll test this week...Thanks again !

_________________
Enjoy J!


Top
 Profile  
 
PostPosted: Mon Mar 19, 2012 5:50 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
@crony - just added validated dn - I hope this is what you wanted ;)

I haven't set a description for it yet. However, if you turn off "Validate DNs" in the "LDAP - Group Mapping" plug-in, you should be able to type in anything like:

Mapping List:
Finance : 4
IT : 7
HR: 5,6

Validate DNs: No

Lookup Attribute: department

Use Recursion: No

Some things to note: the string is case insensitive and the string is trimmed of white spacing at the start and end.

Also, this obviously will not work with recursion, so switch it off. I will add a condition to ensure that it is automatically disabled.


Whats left to do:
- SSO
- Various things (like language strings to resource files)
- Lots and lots of testing

Edit: I should also add that there is some dodgy coding left over in the "LDAP - Group Mapping" library which makes it a slight debugging nightmare. I've tried to replace some of it.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Tue Mar 20, 2012 7:49 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Oct 31, 2005 6:52 am
Posts: 17
Quote:
@chrisyeung168 - yea, this makes sense. Much better then attempting each LDAP server in order. Modifying a new version of mod_login shouldn't be too difficult. Without checking, I think we can use the $options to store the domain from the module to the authentication plug-in (bit like the remember me from module to user plug-in). This certainly isn't for V2. I guess the best thing to do is drop the J! parameters currently used on the jmmLDAP authentication and either use a new SQL table or use config files to store multiple configurations.

hello Shaun,
thanks for your reply, by the way, how to modify the code in the module in order to acheive it? can you help on this? really need your help....


Top
 Profile  
 
PostPosted: Tue Mar 20, 2012 4:51 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
I haven't got time to do it at the moment. University is priority for the next 2 and a half months. I will stabilise & release version 2.0 first though (there lots of requests for the LDAP profile plug-in). Several things will need to be changed in the LDAP sources in addition to creating a new mod_login.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Tue Mar 20, 2012 6:24 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Oct 15, 2006 10:17 pm
Posts: 113
Shaun,
Just made the package with git + xmlstarlet, works like a charm.
I will test it tomorrow normally.
We will made a donation soon to support your great work !

_________________
Enjoy J!


Top
 Profile  
 
PostPosted: Tue Mar 20, 2012 7:00 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
OK, cool. I forgot to set the default for "On-screen Reporting Level" to None. I would recommend this setting for a live site. It can be found under components->ldap admin->options. You don't want errors printing out that may confuse users.


I've half baked SSO for version 2 for those interested. Instead of separating the SSO, I decided to embed it into the ldap dispatcher and ldap admin component.

The last feature to be added after SSO is on-demand synchronisation. The rest of the development for 2.0 after will be code refactoring and bug fixing.

Version 2.1 will have multiple LDAP server support (second most requested feature here and over email), password plug-in and a built in debugger - this version won't be started until at least June though.

EDIT:
I have now committed SSO to Git however, I haven't included it in the package builder yet - I will do that tomorrow. You will be able to use the plg_sso_http from version 1. The JAuthTools SSO plugins should also work as long as you also install any of the JAuthTools library dependencies.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Wed Mar 21, 2012 2:26 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Oct 31, 2005 6:52 am
Posts: 17
ShMaunder wrote:
I haven't got time to do it at the moment. University is priority for the next 2 and a half months. I will stabilise & release version 2.0 first though (there lots of requests for the LDAP profile plug-in). Several things will need to be changed in the LDAP sources in addition to creating a new mod_login.

wish that we will have a mult domain login ldap later, hope you everythings well in uni! by the way, you said that 2.1 will have multiple LDAP server support, is that the same thing as what i'm looking for?


Top
 Profile  
 
PostPosted: Wed Mar 21, 2012 5:38 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
There is a (potential) security issue with the way connect_password is stored in the database. Currently, it is stored in plain text. With version 2's profile plugin requiring more rights than just a very basic LDAP account, a SQL vulnerability within the site could expose the password to a unauthorised persons. Just to confirm, this does affect versions 1 and 2 currently, though version 1 should be just a proxy user and therefore shouldn't be a problem.

The inbuilt J! LDAP plug-in also stores it in plain text.

I believe there is a J! form rule for this, however I've decided to store the LDAP parameters in a new database table. A few more lines of code should allow multiple LDAP servers as well.

Once my Internet is back at home (yes, down again), I will push the SSO package builder to Git as well as a few tweaks.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Thu Mar 22, 2012 2:46 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Oct 15, 2006 10:17 pm
Posts: 113
Shaun,
The mapping with an attribute works perfectly ! :D
I'll be updating the package till official release.
Change your ISP ;)

_________________
Enjoy J!


Top
 Profile  
 
PostPosted: Thu Mar 22, 2012 5:54 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Oct 15, 2006 10:17 pm
Posts: 113
Hmmm, it works perfect with the native login joomla! module, but still have an issue with Community Builder login module...

While using cb login, I'm well identified first time, but have this message :
Quote:
Incorrect email or password. Please try again.

(and I'm login !)

While I try to access the profile :
Quote:
This user has not yet confirmed his email address and account!
This user has not yet been approved by a moderator!


In the admin area, I see the profile is not confirmed and approved.

So I logout, I login again, I got :

Quote:
Your registration process is not yet complete! Please check again your email for further instructions that have just been resent. If you don't find the email, check your spam-box. Make sure that your email account options are not set to immediately delete spam. If that was the case, just try logging in again to receive a new instructions email.


But in admin of CB, my user IS confirmed and approved !

So I use the Joomla! module login, and I can login, AND access CB profile !!!

I guess it's a CB issue, it was just to let you know about this...

_________________
Enjoy J!


Top
 Profile  
 
PostPosted: Fri Mar 23, 2012 12:31 am 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
A Virgin Media engineer is hopefully coming out tomorrow to fix our home internet (again)!


OK, after searching around, I have no idea :p. I've just seen the thread you have contributed to at http://www.joomlapolis.com/forum/153-pr ... 6&start=12. I've just compared the authentication response returns between inbuilt J! LDAP and jmmLDAP - both are returning the status, type, fullname, username and email.

Can you test using the inbuilt J! LDAP authenticator? Change the authentication plugin from 'jmapmyldap' to 'ldap' in Components->ldap admin->options as well. If the inbuilt one works fine but not jmmldap... then i will post in that thread edit: posting is for professional members only, oh dear...

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Fri Mar 23, 2012 8:56 am 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Oct 15, 2006 10:17 pm
Posts: 113
Argh, I'm looking for a username for my ldap user...I don't understand, username and user id for the ldap user to connect... :-\


You do not have the required permissions to view the files attached to this post.

_________________
Enjoy J!


Top
 Profile  
 
PostPosted: Fri Mar 23, 2012 5:14 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
^^ You managed to get that working before didn't you? Does the bind direct as user work?

I have internet back so I've tested this myself. I installed CB 1.8.0 and manually applied the patch at http://forge.joomlapolis.com/attachment ... 3303.patch. Using default settings I was getting incorrect username/password all the time. The email registration error also showed after one successful login using J! login form then using CB's login form. I then switched the "Login field type" to "Username, email or enabled CMS authentication plugins" and everything worked correctly on both jmmldap and J! ldap. I also tested toggling "Require Admin Approval" and "Require Email Confirmation" and I think it worked as described. Note: the only plugin i enabled using jmmldap was the authentication so I haven't tested it with everything else.

I have also pushed out the update to include SSO in the build script.

Do not install the package pkg_ldap_core. You should now install pkg_jmmldap_basics. Once you have installed pkg_jmmldap_basics, you can install any of the SSO and/or LDAP plugins. I will put a doc onto the website with a full set of instructions.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Fri Mar 23, 2012 6:18 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Oct 15, 2006 10:17 pm
Posts: 113
Quote:
Does the bind direct as user work?


You mean with the native J! ldap plugin ? I need to add a username (like administrator they said) but I don't know what it is...
Or with the php file test you provide ?

So everything works fine for you ?

I also only enabled "Authentification - LDAP"...
Need to reinstall my virtual box to create a package...Well...Week end time... :)

_________________
Enjoy J!


Top
 Profile  
 
PostPosted: Fri Mar 23, 2012 6:29 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
crony wrote:
You mean with the native J! ldap plugin ? I need to add a username (like administrator they said) but I don't know what it is...
Or with the php file test you provide ?

Yes, with the J! LDAP plugin. If you used bind direct as user, you do not need to supply a connect username and password. Though you need to put cn=[search],o=company in the user's dn parameter. You could use that configuration as a test.

crony wrote:
So everything works fine for you ?

Yes, everything works correctly using the mod_cblogin when I changed "Login field type" within the CB config to "Username, email or enabled CMS authentication plugins". I tested it using both plg_authentication_ldap and plg_authentication_jmapmyldap.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Fri Mar 23, 2012 6:47 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Oct 15, 2006 10:17 pm
Posts: 113
I don't know what to add in this field... (see screen shot)

I also enable the CMS authentification...I'll check the logs on monday, I don't get it, but I suspect a problem with our ldap...


You do not have the required permissions to view the files attached to this post.

_________________
Enjoy J!


Top
 Profile  
 
PostPosted: Fri Mar 23, 2012 6:53 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
It should be a full DN like:
uid=[username],ou=people,dc=domain,dc=local

Look here for examples http://sammoffatt.com.au/jauthtools/LDA ... figuration

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
PostPosted: Sat Mar 31, 2012 11:48 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Oct 15, 2006 10:17 pm
Posts: 113
Ok, it seems to work now !
In fact, the attribute used for searching was the email,lets say "anOtherAttribute" but was not the mail attribute (which is also used in our ldap)

So the process was almost working, because with CB it checks the username, mail or plugin. I just unpublished a part of code of CB, republish it, and now everything works...
A bit strange, but I know how to shake this to make it work :laugh:

_________________
Enjoy J!


Top
 Profile  
 
PostPosted: Thu Apr 05, 2012 4:28 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Jan 30, 2011 10:09 am
Posts: 202
Location: Leicester, UK
I'm still having the unconfirmed, pending approval problem with CB and SSO. New accounts are created and appear to be logged in, but you can't view their profiles. In the CB User Manager they show as unconfirmed, pending approval, and there is no entry for them in the jos_comprofiler table. I have installed the CB patch 3303.


Top
 Profile  
 
PostPosted: Thu Apr 05, 2012 6:48 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Oct 15, 2006 10:17 pm
Posts: 113
@ Nick :
Do you use the search attribute ? Are you testing with an email ?
If yes, try your "primary" uid attribute, normaly it should work, and let us know...
I'll detail my "dumb no patch way" :D

_________________
Enjoy J!


Top
 Profile  
 
PostPosted: Thu Apr 05, 2012 7:25 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Jan 30, 2011 10:09 am
Posts: 202
Location: Leicester, UK
crony wrote:
@ Nick :
Do you use the search attribute ? Are you testing with an email ?
If yes, try your "primary" uid attribute, normaly it should work, and let us know...
I'll detail my "dumb no patch way" :D


Yes, using search with JMapMyLDAP, not native J! LDAP.

Base DN: DC=demo, DC=local
User DN / Filter: (sAMAccountName=[username])
Map User ID: sAMAccountName
Map Full Name: name
Map Email: [username]@demo.local

Sorry, I'm not sure what you mean by "primary" uid attribute or testing with email, this LDAP stuff is all new to me! Thanks for your help.


Last edited by NickC4555 on Thu Apr 05, 2012 7:44 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Thu Apr 05, 2012 7:35 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Oct 15, 2006 10:17 pm
Posts: 113
Try to comment these lines into cb.authentication.php :

Code:
if ( $loginType != 2 ) {
                  // login by username:
                  $foundUser                  =   $row->loadByUsername( $username ) && ( ( $password === false ) || $row->verifyPassword( $password ) );
               }
               
               if ( ( ! $foundUser ) && ( $loginType >= 1 ) ) {
                  // login by email:
                  $foundUser                  =   $row->loadByEmail( $username ) && ( ( $password === false ) || $row->verifyPassword( $password ) );
                  if ( $foundUser ) {
                     $username               =   $row->username;
                  }
               }


Does it work now ?

_________________
Enjoy J!


Top
 Profile  
 
PostPosted: Thu Apr 05, 2012 7:56 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Jan 30, 2011 10:09 am
Posts: 202
Location: Leicester, UK
crony wrote:
Does it work now ?


No, still the same!


Top
 Profile  
 
PostPosted: Thu Apr 05, 2012 8:28 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Oct 15, 2006 10:17 pm
Posts: 113
Could you try with a Map Email: mail ?
Hoping you have the mail attribute in your ldap...

_________________
Enjoy J!


Top
 Profile  
 
PostPosted: Thu Apr 05, 2012 8:49 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Jan 30, 2011 10:09 am
Posts: 202
Location: Leicester, UK
No mail attribute, it's a proof of concept so there is no mail server integrated with it. It seems to be happy using [username]@demo.local for populating the jos_users table.


Top
 Profile  
 
PostPosted: Thu Apr 05, 2012 10:07 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Oct 15, 2006 10:17 pm
Posts: 113
I guess you are using the git version of Jldap ? (should not be a problem with 1.05 version, but just to know which version you are using.)
Also did you activate into the configuration of CB "username, email or enabled CMS authentication plugin" ?
Then into cb configuration/registration Allow User Registration: "yes independeantly..."
Seems obious at this point,just double checking.

Then can you check the logs of your ldap testing server ?

Then can you change :
Map Email: [username]@demo.local
to
Map Email: sAMAccountName

Or create an attribute into ldap populated with a mail , then replace :
Map Email: mymailattribute

Also, does it works with the original J! login module ?

_________________
Enjoy J!


Top
 Profile  
 
PostPosted: Fri Apr 06, 2012 11:32 am 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sun Jan 30, 2011 10:09 am
Posts: 202
Location: Leicester, UK
I have narrowed the issue down to single sign on. If I disable it and log in manually using the CB Login module, the new account is created in Joomla and CB and automatically approved. When SSO is on, the account is created in Joomla and shows the user logged in, but when you try to view the profile it throws an error, and the account shows as pending approval in the CB user manager.


Top
 Profile  
 
PostPosted: Fri Apr 06, 2012 4:40 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Jul 05, 2010 7:22 pm
Posts: 483
Location: UK
@Nick
I've just read the thread progress at http://www.joomlapolis.com/forum/153-pr ... =6&start=6

Are you using Version 1.0.5 or 2.0 Alpha? The 2.0 Alpha SSO does things far more Joomla natively then 1.0.5.

I can't post in the CB forums but 2.0 Alpha uses onUserAuthorisation() to login. Joomla then calls the standard onUserLogin() when onUserAuthorisation() succeeds through its own native call functions.

In version 1.0.5, it uses a custom function (due to J! 1.6) called onSSOAuthenticate() which still calls onUserLogin() on success. Both versions pass the full $user values in the onUserLogin().

My question to CB devs would be what other triggers does CB require with their approval/registration system. Surely it only acts upon onUserLogin()?
Did anybody get CB working in J!1.5 with JAuthTools' SSO?

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 321 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6, 7, 8 ... 11  Next



Who is online

Users browsing this forum: arnold_101, Google Adsense [Bot], pslane and 30 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group