JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Moderators: pe7er, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Explorer
- Posts: 457
- Joined: Sun Jan 30, 2011 10:09 am
- Location: Leicester, UK
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
I'm using 1.0.5. Where do I find 2.0 Alpha? Do I need to replace all of your plugins or just the SSO ones?
-
- Joomla! Explorer
- Posts: 486
- Joined: Mon Jul 05, 2010 7:22 pm
- Location: UK
- Contact:
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Version 2.0 is on Git (you'll need to build the packages yourself, or alternativly I can email it - instructions are a few posts back). Yes, you would need to replace them all.
OK, hang fire, got a bit of work to do then I will test version 1's SSO on the latest CB with 3303.patch and see if I get the same issues. It could be a trivial problem like a missing flag in the onUserLogin(). I'll get back soon.
OK, hang fire, got a bit of work to do then I will test version 1's SSO on the latest CB with 3303.patch and see if I get the same issues. It could be a trivial problem like a missing flag in the onUserLogin(). I'll get back soon.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/
-
- Joomla! Explorer
- Posts: 486
- Joined: Mon Jul 05, 2010 7:22 pm
- Location: UK
- Contact:
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
This is certainly a problem with the SSO portion.
I can confirm that mapping + authentication after setting a few CB settings works fine after typing in username & password manually, even on first login. This is for version 1.0.5.
Not sure where the problem is in CB's code, but I came across something I was thinking would fix the issue - http://www.joomlapolis.com/forum/40-cb- ... s-with-sso - that plugin, though requires updating a bit, will insert a new entry into CB's profile table.
I can confirm that mapping + authentication after setting a few CB settings works fine after typing in username & password manually, even on first login. This is for version 1.0.5.
Not sure where the problem is in CB's code, but I came across something I was thinking would fix the issue - http://www.joomlapolis.com/forum/40-cb- ... s-with-sso - that plugin, though requires updating a bit, will insert a new entry into CB's profile table.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/
-
- Joomla! Explorer
- Posts: 457
- Joined: Sun Jan 30, 2011 10:09 am
- Location: Leicester, UK
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Thanks, Shaun. I'll have a look at that plugin tomorrow and report back.
-
- Joomla! Explorer
- Posts: 457
- Joined: Sun Jan 30, 2011 10:09 am
- Location: Leicester, UK
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Decided to try it before bed! It didn't work.
-
- Joomla! Explorer
- Posts: 486
- Joined: Mon Jul 05, 2010 7:22 pm
- Location: UK
- Contact:
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
^^ did you modify it at all?
Is it even adding the entries to the table?
Wait a moment, I forgot I now have a site with CB in. I will test it as well.
Edit: wow, I just re-wrote it from scratch. Damn, that was really old code. Here we go http://shmanic.com/media/file.php?proje ... create.zip - seems to activate fine for me on SSO now .
If you can test it and all works, then I'll create a doc for it on the site.
Is it even adding the entries to the table?
Wait a moment, I forgot I now have a site with CB in. I will test it as well.
Edit: wow, I just re-wrote it from scratch. Damn, that was really old code. Here we go http://shmanic.com/media/file.php?proje ... create.zip - seems to activate fine for me on SSO now .
If you can test it and all works, then I'll create a doc for it on the site.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/
-
- Joomla! Explorer
- Posts: 457
- Joined: Sun Jan 30, 2011 10:09 am
- Location: Leicester, UK
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Sorted! Thanks very much for all your help.
-
- Joomla! Explorer
- Posts: 486
- Joined: Mon Jul 05, 2010 7:22 pm
- Location: UK
- Contact:
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Cool. No probs. I will produce a doc for this at some point.
@crony - cheers for the review
@crony - cheers for the review
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/
-
- Joomla! Fledgling
- Posts: 1
- Joined: Mon Apr 09, 2012 3:22 pm
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Hey Shaun - Hoping you can help me. I need a way to sync the user list in AD with the user list in Joomla!. I have the integrated plugin configured and i can log in as domain users just fine, but i want to have users and groups and access all squared away before i go live. I can't log in with each individual user as there are over 200+ accounts. Is there any way your program can do this? To rephrase, i want to click something that automatically copies AD users into my J users list. Thanks in advance!
Also, forgot to add that SSO really won't work for me, as we have several 'general' AD login accounts for shared computers, but each user has their own AD login.
-Steve
Also, forgot to add that SSO really won't work for me, as we have several 'general' AD login accounts for shared computers, but each user has their own AD login.
-Steve
-
- Joomla! Explorer
- Posts: 486
- Joined: Mon Jul 05, 2010 7:22 pm
- Location: UK
- Contact:
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Yes and No. Yes in the sense that the version 2 alpha framework I'm building for the next release of jmmldap can support on-demand sync. No in the sense that you would need to create a script that searches for the LDAP users from a base_dn then execute the ldap plugin onLdapSync() event.
That is a confusing answer, but basically I plan to have this as an "out of the box" feature in version 2's stable release. However, don't expect a stable version for sometime yet. I have a final year project to complete as well as a set of exams in a months time.
You could have a go at building something based on what is already there https://github.com/ShMaunder/JMapMyLDAP - there is still a lot of changes required to lower the dependencies within some of the libraries. In fact I really want to implement namespaces and an autoloader though I will restrict the extension to PHP 5.3+ which may not be a good idea.
That is a confusing answer, but basically I plan to have this as an "out of the box" feature in version 2's stable release. However, don't expect a stable version for sometime yet. I have a final year project to complete as well as a set of exams in a months time.
You could have a go at building something based on what is already there https://github.com/ShMaunder/JMapMyLDAP - there is still a lot of changes required to lower the dependencies within some of the libraries. In fact I really want to implement namespaces and an autoloader though I will restrict the extension to PHP 5.3+ which may not be a good idea.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/
-
- Joomla! Explorer
- Posts: 457
- Joined: Sun Jan 30, 2011 10:09 am
- Location: Leicester, UK
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Does version 2 have the ability to sync other AD fields to CB profiles? It would be great to pull over phone number, job title and department.
-
- Joomla! Fledgling
- Posts: 2
- Joined: Fri Apr 27, 2012 9:02 pm
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
I am about to pull my hair out in regards to this >< I have run your debug script to make sure I am putting everything in correctly and I receive a full report that shows my information and mappings.
When I go to Joomla and input the same information, I get the following error:
JLDAP2: Could not get dn for username '[email protected]'. Check user dn/filter parameter and the authenticating user exists. LDAP reported: Success
no matter what I do, it does the same thing. My settings are as follows:
LDAPv3: yes
Start TLS: No
Follow Referrals: No
Host: xxxxxxx.local
Port: 389
connect user: xxxxxxx\administrator
password: xxxxxxxxxxx
Use Search: Yes
Base DN: dc=xxxxxxx,dc=local
User DN/Filter (sAMAccountName=[username])
map user name: sAMAccountName
Map Full Name: displayName
Map Email: mail
I have been working on variations of usernames and such to try and get this working for over a week now with no luck.
I am the server admin but the server was setup by other people and not sure if something in the group policy is blocking it.
Pleas help
When I go to Joomla and input the same information, I get the following error:
JLDAP2: Could not get dn for username '[email protected]'. Check user dn/filter parameter and the authenticating user exists. LDAP reported: Success
no matter what I do, it does the same thing. My settings are as follows:
LDAPv3: yes
Start TLS: No
Follow Referrals: No
Host: xxxxxxx.local
Port: 389
connect user: xxxxxxx\administrator
password: xxxxxxxxxxx
Use Search: Yes
Base DN: dc=xxxxxxx,dc=local
User DN/Filter (sAMAccountName=[username])
map user name: sAMAccountName
Map Full Name: displayName
Map Email: mail
I have been working on variations of usernames and such to try and get this working for over a week now with no luck.
I am the server admin but the server was setup by other people and not sure if something in the group policy is blocking it.
Pleas help
-
- Joomla! Explorer
- Posts: 457
- Joined: Sun Jan 30, 2011 10:09 am
- Location: Leicester, UK
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
I'm using name instead of displayName, but either should be ok. The rest of my settings are exactly the same as yours and it's working. Is your email field in AD populated? If it isn't you will need to replace mail with a dummy value such as [username]@xxxxxxx.local
-
- Joomla! Fledgling
- Posts: 2
- Joined: Fri Apr 27, 2012 9:02 pm
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Nick,
Thank you for pointing the email out to me!
In AD, the email field was populated with the employees correct email. But since the companys internal domain is not the same as our email, it was breaking so to speak.
I changed the users email in AD to reflect the internal Domain and people were able to log in with their windows username and password. Thank you!!
Barbie
Thank you for pointing the email out to me!
In AD, the email field was populated with the employees correct email. But since the companys internal domain is not the same as our email, it was breaking so to speak.
I changed the users email in AD to reflect the internal Domain and people were able to log in with their windows username and password. Thank you!!
Barbie
-
- Joomla! Apprentice
- Posts: 15
- Joined: Sun Jan 01, 2006 11:32 pm
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
I've tried everything, but no way, I've installed a new server and test against two different AD one W2k and W2k3,and no success. Could be a problem at Domain or OS configuration?
This is the config:
LDAP V3
Host: 10.10.11.2
Port: 389
Connect User: mydomain\administrator
Connect Password: password
Use Search
Base DN: DC=mydoamin,DC=local
User DN/Filter: sAMAccountName=[username]
Map User ID: sAMAccountName
Map Full Name: name
Map Email: mail
Test User: administrator
Test Password: password
Joomla 2.54 (new install) on Centos 6.2
And get this message from PHP LDAP debug:
:: PHP LDAP Debug V1.05 Script Started ::
Attempting to bind to LDAP server using connect username and password...
LDAP bind successful.
Attempting to use search to find user...
Failed: search has been used but 'sAMAccountName=Administrator' is NOT a filter. Check this for more information.
This is the config:
LDAP V3
Host: 10.10.11.2
Port: 389
Connect User: mydomain\administrator
Connect Password: password
Use Search
Base DN: DC=mydoamin,DC=local
User DN/Filter: sAMAccountName=[username]
Map User ID: sAMAccountName
Map Full Name: name
Map Email: mail
Test User: administrator
Test Password: password
Joomla 2.54 (new install) on Centos 6.2
And get this message from PHP LDAP debug:
:: PHP LDAP Debug V1.05 Script Started ::
Attempting to bind to LDAP server using connect username and password...
LDAP bind successful.
Attempting to use search to find user...
Failed: search has been used but 'sAMAccountName=Administrator' is NOT a filter. Check this for more information.
-
- Joomla! Explorer
- Posts: 457
- Joined: Sun Jan 30, 2011 10:09 am
- Location: Leicester, UK
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
You are missing the brackets around your User DN/Filter. It should be:
(sAMAccountName=[username])
(sAMAccountName=[username])
-
- Joomla! Apprentice
- Posts: 15
- Joined: Sun Jan 01, 2006 11:32 pm
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Thanks it works
-
- Joomla! Apprentice
- Posts: 15
- Joined: Sun Jan 01, 2006 11:32 pm
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Another question, in Joomla I must create the users or there is a way to import (sync from AD) fron the AD
Thanks
Thanks
-
- Joomla! Explorer
- Posts: 457
- Joined: Sun Jan 30, 2011 10:09 am
- Location: Leicester, UK
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
If you implement the full JMapMyLDAP suite (http://shmanic.com/tools/jmapmyldap/) you will get:
Automatic Joomla user creation
AD to Joomla security groups mapping
Authentication with password sync
Single sign on
Automatic Joomla user creation
AD to Joomla security groups mapping
Authentication with password sync
Single sign on
-
- Joomla! Apprentice
- Posts: 15
- Joined: Sun Jan 01, 2006 11:32 pm
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
I must disable Joomla Native LDAP suppoprt plugins?
Thanks for your help.
Thanks for your help.
-
- Joomla! Explorer
- Posts: 457
- Joined: Sun Jan 30, 2011 10:09 am
- Location: Leicester, UK
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Yes. Just follow the guides here: http://shmanic.com/tools/jmapmyldap/guide.htm
-
- Joomla! Apprentice
- Posts: 15
- Joined: Sun Jan 01, 2006 11:32 pm
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Many thanks, I got it working, users are created, but not assigned to the Mapping List group, always go to Registered Group, what could be wrong? here is the configuration:
For a test_joomla user from LDAP Debug Tool I get:
dn CN=test_joomla,OU=Sistemas,OU=Division,OU=Usuarios,DC=mydomain,DC=local
User - JMapMyLDAP
Use Group Mapping Yes
Allow Additions Yes
Allow Removals Yes&Default Managed
Unmanaged Groups 1;2;8
Public Group 1
Mapping List (try following options)
cn=Domain Users,OU=Sistemas,OU=Division,OU=Usuarios:10
cn=Users,OU=Sistemas,OU=Division,OU=Usuarios:10
OU=Sistemas,OU=Division,OU=Usuarios:10
Lookup Type Forward
Lookup Attribute memberOf
Lookup Member dn
Use Recursion Yes
DN Attribute distinguishedName
Max Depth 0
For a test_joomla user from LDAP Debug Tool I get:
dn CN=test_joomla,OU=Sistemas,OU=Division,OU=Usuarios,DC=mydomain,DC=local
User - JMapMyLDAP
Use Group Mapping Yes
Allow Additions Yes
Allow Removals Yes&Default Managed
Unmanaged Groups 1;2;8
Public Group 1
Mapping List (try following options)
cn=Domain Users,OU=Sistemas,OU=Division,OU=Usuarios:10
cn=Users,OU=Sistemas,OU=Division,OU=Usuarios:10
OU=Sistemas,OU=Division,OU=Usuarios:10
Lookup Type Forward
Lookup Attribute memberOf
Lookup Member dn
Use Recursion Yes
DN Attribute distinguishedName
Max Depth 0
-
- Joomla! Explorer
- Posts: 457
- Joined: Sun Jan 30, 2011 10:09 am
- Location: Leicester, UK
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
I just use AD Groups, e.g.:
CN=HR Content Manager:9
CN=HR:10
CN=Directors:15
I also have recursion set to No.
CN=HR Content Manager:9
CN=HR:10
CN=Directors:15
I also have recursion set to No.
-
- Joomla! Fledgling
- Posts: 4
- Joined: Tue Jan 18, 2011 5:12 am
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Hi Guys,
I'm planning an SSO project for a client whereby Joomla 2.5.4 will be used for their internal intranet type purposes however the site is hosted outside of their firewall on our servers.
They are looking to use Oracle Enterprise Single Sign-On to manage all their SSO requirements (http://www.oracle.com/technetwork/middl ... 86728.html).
Can anyone please let me know if:
1) you have worked with this Oracle product?
2) if you think it will work with JMapMyLDAP Joomla extension?
3) if you think it will work with a joomla installation on the web (i.e. outside of the company's firewall and network infrastructure?
Any help and advice is greatly appreciated.
Kind regards.
I'm planning an SSO project for a client whereby Joomla 2.5.4 will be used for their internal intranet type purposes however the site is hosted outside of their firewall on our servers.
They are looking to use Oracle Enterprise Single Sign-On to manage all their SSO requirements (http://www.oracle.com/technetwork/middl ... 86728.html).
Can anyone please let me know if:
1) you have worked with this Oracle product?
2) if you think it will work with JMapMyLDAP Joomla extension?
3) if you think it will work with a joomla installation on the web (i.e. outside of the company's firewall and network infrastructure?
Any help and advice is greatly appreciated.
Kind regards.
-
- Joomla! Apprentice
- Posts: 9
- Joined: Fri Mar 30, 2012 12:40 pm
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
afrugone,afrugone wrote:Many thanks, I got it working, users are created, but not assigned to the Mapping List group, always go to Registered Group, what could be wrong? here is the configuration:
For a test_joomla user from LDAP Debug Tool I get:
dn CN=test_joomla,OU=Sistemas,OU=Division,OU=Usuarios,DC=mydomain,DC=local
User - JMapMyLDAP
Use Group Mapping Yes
Allow Additions Yes
Allow Removals Yes&Default Managed
Unmanaged Groups 1;2;8
Public Group 1
Mapping List (try following options)
cn=Domain Users,OU=Sistemas,OU=Division,OU=Usuarios:10
cn=Users,OU=Sistemas,OU=Division,OU=Usuarios:10
OU=Sistemas,OU=Division,OU=Usuarios:10
Lookup Type Forward
Lookup Attribute memberOf
Lookup Member dn
Use Recursion Yes
DN Attribute distinguishedName
Max Depth 0
have you got the mapping working yet? I'm having the same issue. please share if you have solved the problem.
Thanks!
-
- Joomla! Apprentice
- Posts: 15
- Joined: Sun Jan 01, 2006 11:32 pm
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
I Made two mistakes:
1.- First mistake was to omit brackets in (sAMAccountName=[username]), the brackets () must be included.
2.- Associate 'cn' parameter to and OU, but must groups:
I create two test groups testgroup and JoomlaAdmins, and assign mappings to these groups:
cn=testgroup,OU=Usuarios:9
cn=JoomlaAdmins,OU=Usuarios:7
'cn' are associated to groups.
For this test I used windows 2003 AD.
I don't try SSO, it requires configuration at user's computers, and for me this is more difficult to manage with about 200 users.
I' hope this help you.
1.- First mistake was to omit brackets in (sAMAccountName=[username]), the brackets () must be included.
2.- Associate 'cn' parameter to and OU, but must groups:
I create two test groups testgroup and JoomlaAdmins, and assign mappings to these groups:
cn=testgroup,OU=Usuarios:9
cn=JoomlaAdmins,OU=Usuarios:7
'cn' are associated to groups.
For this test I used windows 2003 AD.
I don't try SSO, it requires configuration at user's computers, and for me this is more difficult to manage with about 200 users.
I' hope this help you.
-
- Joomla! Explorer
- Posts: 457
- Joined: Sun Jan 30, 2011 10:09 am
- Location: Leicester, UK
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Only with Firefox, IE doesn't.afrugone wrote: I don't try SSO, it requires configuration at user's computers, and for me this is more difficult to manage with about 200 users.
-
- Joomla! Apprentice
- Posts: 15
- Joined: Sun Jan 01, 2006 11:32 pm
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
And work's with Chrome?
-
- Joomla! Explorer
- Posts: 457
- Joined: Sun Jan 30, 2011 10:09 am
- Location: Leicester, UK
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
It looks like Chrome does need some client side work:afrugone wrote:And work's with Chrome?
http://ben-tech.[URL banned].co.uk/2011/09/ ... ation.html
-
- Joomla! Apprentice
- Posts: 15
- Joined: Sun Jan 01, 2006 11:32 pm
Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7
Interesting, I'll try to use SSO. Thanks