The Joomla! Forum ™

Breakthrough!
Shaun... so i didn't actually do anything. but something changed over night...
as you can see in my message above, i get an error that says "the email is already registered" when i use the user rbruski
so... that being said... i went to the debugger that you recommended again and tried to run the test and boom.... everything connected with a whole bunch of ldap attributes and values! this is good news.
Now... to further test this out... i went to another employee at the office and asked them to login and logout a few times with his user name and he were successful with no errors! this is excellent...
so... maybe you can help me with this

1.) why is that user able to log in and i am not? (i get the email registered error)
2.) how to i setup an autologon? so when they open the site they automatically are logged on using the ldap connection? i think this is called single logon.

Robert

The email registered error is because there is already a user in Joomla with the email provided from LDAP (look in the J! User Manager) - for example, did you use your own email address to setup J!'s "Super Admin" account in Joomla?

As long as the employees use workstations that are members of the domain to log into their computer, then you'll want to setup HTTP SSO. You'll first need to setup HTTP authentication on your web server. To setup: if you're using IIS then just turn off anonymous access and turn on integrated windows authentication. If you're using Apache on some platform then look at the links provided at http://shmanic.com/tools/jmapmyldap/doc ... -setup.htm


As for your earlier problems, this may have been a login time policy on your account.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 1.7/2.5 LDAP Group Mapping & SSO
http://shmanic.com/tools/jmapmyldap/

Thanks Shaun,

I'll try this right now and let you know how it goes.

Robert

Shaun,

do you know where i can find these instructions for joomla? i only see them for moodle through your link?

Robert

It is virtually the same in terms of instructions. Just update the directory and file names for Joomla. e.g.



Once you have a REMOTE_USER populated, install the JSSOMySite & plugins extension on my site into your Joomla site.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 1.7/2.5 LDAP Group Mapping & SSO
http://shmanic.com/tools/jmapmyldap/

where do i enter this code? into the configuration.php file for joomla?

i added the below to the bottom of the httpd.conf file:

</IfModule>
<IfModule !mod_auth_sspi.c>
LoadModule sspi_auth_module modules/mod_auth_sspi.so
</IfModule>
<Directory "C:\xampp\htdocs\joomla25">
<Files index.php>
AuthName "Burgundy Grapevine"
AuthType SSPI
SSPIAuth On
SSPIOfferBasic Off
SSPIAuthoritative On
SSPIDomain burgundyasset.com
require valid-user
</Files>
</Directory>


I hope i put this into the right place. i downloaded the sso package and plugins from your site and installed them. i know get the white screen of death that says
Authentication required!

This server could not verify that you are authorized to access the URL "/joomla25/". You either supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

In case you are allowed to request the document, please check your user-id and password and try again.

If you think this is a server error, please contact the webmaster.

Error 401

Apache/2.2.6 (Win32) DAV/2 mod_ssl/2.2.6 OpenSSL/0.9.8e mod_autoindex_color mod_auth_sspi/1.0.1 PHP/5.2.4

Is your Windows server a member of the domain ?

Are you trying to authenticate as a local host ? I'm not sure about Apache, but with IIS, a user cannot log into a site on the machine it is hosted.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 1.7/2.5 LDAP Group Mapping & SSO
http://shmanic.com/tools/jmapmyldap/

Shaun,

my apologies for being so new to this. but i believe that the windows server is not a member of the domain.
the authentication error that i'm receiving is happening from whatever machine i try. we've got about 100 machines here i can choose from. I wonder if maybe i have some of parameters setup wrong for SSO?

Robert

Never mind about SSO as such for the moment (disable it and ignore it).

You need to get HTTP authentication working (which is not the same as SSO... e.g. SSO uses the HTTP authentication value to login). The Windows Server must be a member of the domain for this to work. You must have a REMOTE_USER populated in your phpinfo before moving onto SSO.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 1.7/2.5 LDAP Group Mapping & SSO
http://shmanic.com/tools/jmapmyldap/

ok... hmmm...
so i've disabled the plugins (both the JSSOMySite and the SSO-HTTo)
i've added the mod_auth_sspi file to the modules folder in apache. and i've removed the "#" from the httpd.conf corresponding to the mod_auth_sspi line to enable it,and i've added the above code to the httpd.conf file at the end as i mentioned. and i'm still getting that authentication error
but when i go to the php settings in joomla, i now have a remote_user line, which is exciting. it is set to BURGUNDY\rbruski
ideas?

"The email is already registered" means that a Joomla user already have a user with that email address. Maybe from an earlier attempt with user name mapped differently.

Delete the user from Jooml's User Manager.

Per Yngve Berg,

thanks for the info. i think that bit is solved.. but if you mean maybe the user is causing the authentication error, i've tried it with a new user and am still getting that error.
i feel i may have set it up wrong in the httpd.conf file.

Robert

Excellent. You have a REMOTE_USER. Do not touch the httpd.conf file any longer.

Now the "dodgy" bit (its dodgy because the HTTP SSO is dodgy to initially get going). Have you set the username replacement for the HTTP SSO plugin? It should either be 'BURGUNDY' or 'BURGUNDY\'.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 1.7/2.5 LDAP Group Mapping & SSO
http://shmanic.com/tools/jmapmyldap/

okay so i've set that as the user name (both of them) and enabled the plugin and now the site is back... no more error. but then i give it a few seconds and reload, and the error is back.
user key: REMOTE_USER
username replacement: BURGUNDY\
IP rule: allow all
IP Exception list: empty

What do you mean by "the site is back" ? Are we still talking about a "white screen of death" situation?

Has Joomla automatically logged on at any point ?

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 1.7/2.5 LDAP Group Mapping & SSO
http://shmanic.com/tools/jmapmyldap/

well sorry... when i had all of the plugins enabled i was getting the white screen of death. but when they are disabled the site is up and running... just not auto logging in. so when i changed the user name to what you recommended and enabled the plugin the site was up and running but after a few seconds i reload it again and it is at the white screen of death. it seems to be something when that plugin is enabled

Maybe the SSO library hasn't installed... Can you look at your Apache log (not the Joomla log) and tell me what its printing out.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 1.7/2.5 LDAP Group Mapping & SSO
http://shmanic.com/tools/jmapmyldap/

What is that log? Or where woul I find it?

do you mean the apache error log?

Yep, the Apache error log. There should be something in there about the a fatal PHP error.

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 1.7/2.5 LDAP Group Mapping & SSO
http://shmanic.com/tools/jmapmyldap/

Hello Shaun,
Thank you for the responses.
This morning i went to the website again to see if the same is happening, and indeed it it. I'm receiving this authentication required error from the front and and the back end... so i can't log into joomla to edit the plugins now either.
The exact error is:

Authentication required!

This server could not verify that you are authorized to access the URL "/joomla25/". You either supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

In case you are allowed to request the document, please check your user-id and password and try again.

If you think this is a server error, please contact the webmaster.

Error 401

emily
04/11/12 08:45:49
Apache/2.2.6 (Win32) DAV/2 mod_ssl/2.2.6 OpenSSL/0.9.8e mod_autoindex_color mod_auth_sspi/1.0.4 PHP/5.2.4


so with regards to to the apache error log i was unable to open it with the apache server still running because the error.log file was in use. so i stopped the server to open the log and the following is what i see:

[Wed Apr 11 08:41:39 2012] [notice] Parent: Received shutdown signal -- Shutting down the server.
[Wed Apr 11 08:41:39 2012] [notice] Child 3528: Exit event signaled. Child process is ending.
[Wed Apr 11 08:41:40 2012] [notice] Child 3528: Released the start mutex
[Wed Apr 11 08:41:41 2012] [notice] Child 3528: Waiting for 250 worker threads to exit.
[Wed Apr 11 08:41:41 2012] [notice] Child 3528: All worker threads have exited.
[Wed Apr 11 08:41:42 2012] [notice] Child 3528: Child process is exiting
[Wed Apr 11 08:41:42 2012] [notice] Parent: Child process exited successfully.

i don't see any fatal php errors in this log.
and what's worse is now that i can't get into the back end either i can't turn off the plugin to continue editing the website.

Is there anywhere else i can check to help you on this?

Robert

Well thats confusing. Have you checked with the LDAP admin as to whether your LDAP account has a time restriction (or any other restriction for that matter that would disable successful binds at any time).

I believe you have more than one problem here. The first is a problem with what seems your intermittent LDAP account. You can get your site working again by temporarily removing the HTTP authentication code from the httpd.conf file (make a copy of it as you'll want to use it again after your LDAP account behaves itself).

Second problem is what sounds like a PHP fatal problem. You can try to debug it without fixing problem 1 by enabling the system and sso plugin. I assume you are using "Authentication - JMapMyLDAP" as your authentication plug-in?

Hmm, the error log is of no help whats so ever :/

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 1.7/2.5 LDAP Group Mapping & SSO
http://shmanic.com/tools/jmapmyldap/

Hmm okay.
so i've removed the authentication codes as you recommended and made a copy... now it's back to working okay. The website comes up and i'm able to login with my ldap user and i can access the admin page as well where i'm able to disable the sso plugin.

so now it's back to trying to get this SSO working. so you say i should debug this plugin? is there a debugger available for that? yes you're correct i am using JMapMyLDAP

Robert

hmmmm you know what i noticed:
i'm able to log in with my ldap account just fine without the SSPI edits made to httpd.conf file. Once I enable the conf adjustments the webpage displays just fine except when i try to login i get the authentication error. but from the back end i see that i successfully logged in.

So... the remote_user is BURGUNDY\rbruski but when we originally setup the LDAP the doman we were using was dc=burgundyasst,dc=com

could the difference between these domains be the reason for this possibly?

Ah, it depends on if there are any trusts between the two domains? This could be the problem. The system SSO plugin basically does this:
1) Gets a username from any SSO plugin (http in this case)
2) Tries to authenticate it with the "Authentication - JMapMyLDAP" plugin using onSSOAuthentication()
3) Sets the session data so you can logon

I'm going to check the authentication code in a second, but did you say it was a white screen with authentication error written across it ? Or is it a Joomla screen with a red box ?

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 1.7/2.5 LDAP Group Mapping & SSO
http://shmanic.com/tools/jmapmyldap/

It's the white screen with the authentication error.
Thank you Shaun, i really appreciate your help

Hmm, I've just tested what happens if the authentication - jmapmyldap settings are not correct. It displays Joomla with a red box with "SSO: Failed to authenticate user 'shaun'.". So I don't believe this is the problem.

Look inside <joomla>/logs/error.php and see if any SSO errors are being printed in there.

I'm really stumped to what is causing the white screen. All my plugins report an error to Joomla, they don't halt execution. BTW, when you get that authentication error, is there any other HTML included in the source?

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 1.7/2.5 LDAP Group Mapping & SSO
http://shmanic.com/tools/jmapmyldap/

Shaun,

with regards to the error log in the joomla folder, the most recent errors are from yesterday and they are:

2012-04-10 12:59:51 INFO 10.10.10.17 LDAP CANCELED:
2012-04-10 13:00:52 INFO 10.10.10.17 LDAP CANCELED:
2012-04-10 13:12:20 INFO 10.10.10.17 LDAP FAILURE: Unable to bind to LDAP
2012-04-10 13:21:31 INFO 10.10.10.17 LDAP CANCELED:
2012-04-10 14:13:27 INFO 10.10.10.17 LDAP FAILURE: JLDAP2: Could not bind to connect user parameter. LDAP reported: Invalid credentials
2012-04-10 14:13:46 INFO 10.10.10.17 LDAP CANCELED:
2012-04-10 14:14:30 INFO 10.10.10.17 LDAP FAILURE: JLDAP2: The dn/filter parameter requires a valid dn.
2012-04-10 14:19:13 INFO 10.10.10.17 LDAP FAILURE: Failed binding to LDAP server
2012-04-10 14:19:53 INFO 10.10.10.17 LDAP FAILURE: Failed binding to LDAP server
2012-04-10 14:20:24 INFO 10.10.10.17 LDAP FAILURE: Failed binding to LDAP server
2012-04-10 14:28:58 INFO 10.10.10.17 LDAP CANCELED:
2012-04-10 14:31:22 INFO 10.10.10.17 LDAP CANCELED:
2012-04-10 14:34:28 INFO 10.10.10.17 LDAP CANCELED:
2012-04-10 18:06:58 INFO 10.10.10.17 LDAP CANCELED:


There is no additional HTML in the authentication error. the full message is:

Authentication required!

This server could not verify that you are authorized to access the URL "/joomla25/". You either supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

In case you are allowed to request the document, please check your user-id and password and try again.

If you think this is a server error, please contact the webmaster.

Error 401

emily
04/11/12 10:48:23
Apache/2.2.6 (Win32) DAV/2 mod_ssl/2.2.6 OpenSSL/0.9.8e mod_autoindex_color mod_auth_sspi/1.0.4 PHP/5.2.4


I wonder if there were any errors that happened in the installation of XAMPP or JOOMLA or during the transfer of the website from the online server to the internal one. maybe there is a "fix tool" available that could do a scan of my setup and check to see if anything is incorrect.

Oh an HTTP 401 .... OK, what web browser are you using? Not Chrome by any chance because I kept getting strange stuff with Chrome?

As for the "LDAP CANCELED" - something is firing a onUserLoginFailure() even though its successfully authenticatied. Maybe some other plugin or extension...

_________________
Shaun Maunder
JMapMyLDAP extensions - Joomla! 1.7/2.5 LDAP Group Mapping & SSO
http://shmanic.com/tools/jmapmyldap/