LDAP
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Apprentice
- Posts: 10
- Joined: Tue Apr 24, 2007 2:17 pm
LDAP
Does anyone know how to implement this LDAP tool? The site does not have documentation yet.
http://joomlacode.org/gf/project/jauthtools/
Thank you.
http://joomlacode.org/gf/project/jauthtools/
Thank you.
-
- Joomla! Apprentice
- Posts: 16
- Joined: Sun Mar 05, 2006 1:21 pm
Re: LDAP
Hello,
I am attempting to implement it now. I can not get the bots to install though. Have you been able to get past this point? I simply zipped the joomla.ldap.php and joomla.ldap.xml files and attempted to install them as a mambot. I received the "ERROR: Could not find a Joomla! XML setup file in the package." error.
I then tried copying the two files into the mambots/system/ folder but they do not show up under "Site Mambots".
We have a Win2003 AD environment that we would like to utilize for Joomla authentication. Let me know what your progress is, if any, and maybe we can help each other.
Robert
I am attempting to implement it now. I can not get the bots to install though. Have you been able to get past this point? I simply zipped the joomla.ldap.php and joomla.ldap.xml files and attempted to install them as a mambot. I received the "ERROR: Could not find a Joomla! XML setup file in the package." error.
I then tried copying the two files into the mambots/system/ folder but they do not show up under "Site Mambots".
We have a Win2003 AD environment that we would like to utilize for Joomla authentication. Let me know what your progress is, if any, and maybe we can help each other.
Robert
-
- Joomla! Apprentice
- Posts: 10
- Joined: Tue Apr 24, 2007 2:17 pm
Re: LDAP
Yeah, I just used the zip files he has on his site under the Files tab. They installed immediately, but now I have to play with the settings. I have the same environment as you. I am getting Warning messages on the home page now, reading through his wiki seems to help a little.
-
- Joomla! Apprentice
- Posts: 10
- Joined: Tue Apr 24, 2007 2:17 pm
Re: LDAP
any luck?rmarkin wrote: Thank you,
The site that I had been looking at did not have the files packaged up like that. I will install it in the morning and run it by our AD guys to begin testing. I will post the results.
Robert
-
- Joomla! Apprentice
- Posts: 10
- Joined: Tue Apr 24, 2007 2:17 pm
Re: LDAP
I am new to LDAP so here are the settings I am trying, let me know where I am wrong if you guys see the mistakes.
Thanks!
Using MS AD:
Joomla LDAP and HTTP Single Signon are published
" " = Items replaced for security
Joomla LDAP
Host is correct.
Port is 389
LDAP V3 - Yes
Negociate TLS - No
Don't follow referrals - Yes
Base DN: Cn="connectusername",ou=service accounts,ou=staff,dc="company",dc=org
Search String: uid=[sAMAccountName], ou="department",ou=staff,dc="company",dc=org
User DN: ou="department",ou=staff,dc="company",dc=org
Map FullName: displayName
Map Email: mail
Map User ID: sAMAccountName
Map Password: userPassword
HTTP Single Signon set to use Global Settings
Set to Bind as User
Thanks!
Using MS AD:
Joomla LDAP and HTTP Single Signon are published
" " = Items replaced for security
Joomla LDAP
Host is correct.
Port is 389
LDAP V3 - Yes
Negociate TLS - No
Don't follow referrals - Yes
Base DN: Cn="connectusername",ou=service accounts,ou=staff,dc="company",dc=org
Search String: uid=[sAMAccountName], ou="department",ou=staff,dc="company",dc=org
User DN: ou="department",ou=staff,dc="company",dc=org
Map FullName: displayName
Map Email: mail
Map User ID: sAMAccountName
Map Password: userPassword
HTTP Single Signon set to use Global Settings
Set to Bind as User
-
- Joomla! Apprentice
- Posts: 10
- Joined: Tue Apr 24, 2007 2:17 pm
Re: LDAP
I switched my base DN to: ou="department",ou=staff,dc="company",dc=org
Search String to: CN=*\([login]\)
Connect username: Cn="connectusername",ou=service accounts,ou=staff,dc="company",dc=org
Users DN: Cn="connectusername",ou=service accounts,ou=staff,dc="company",dc=org
This stuff is confusing, but it still doesn't work.
Search String to: CN=*\([login]\)
Connect username: Cn="connectusername",ou=service accounts,ou=staff,dc="company",dc=org
Users DN: Cn="connectusername",ou=service accounts,ou=staff,dc="company",dc=org
This stuff is confusing, but it still doesn't work.
-
- Joomla! Enthusiast
- Posts: 171
- Joined: Fri Sep 02, 2005 2:26 am
- Location: Portugal
- Contact:
Re: LDAP
I've been testing LDAP with Joomla and IPB. So far both Joomla and IPB are working with LDAP (consulting users) but i still have to make the custom pages for registration and password/email change.
Regarding Joomla, the 2 required mambots are "Joomla LDAP" and "LDAP SSI". One of the most important things (i've found it somewhere on the net) is that the mambot JoomlaLDAP must be above the LDAPSSI mambot in the mambot ordering.
The test was made with openldap 2.2.29 (windows version), Joomla 1.0.12 and IPB 2.2.2
If anyone is interested in the configurations i will gladly post them here (as an example)
Regarding Joomla, the 2 required mambots are "Joomla LDAP" and "LDAP SSI". One of the most important things (i've found it somewhere on the net) is that the mambot JoomlaLDAP must be above the LDAPSSI mambot in the mambot ordering.
The test was made with openldap 2.2.29 (windows version), Joomla 1.0.12 and IPB 2.2.2
If anyone is interested in the configurations i will gladly post them here (as an example)
-
- Joomla! Apprentice
- Posts: 10
- Joined: Tue Apr 24, 2007 2:17 pm
Re: LDAP
That would be great if you can post the example. Just mask the personal info with generic words like company, departname , etc...
-
- Joomla! Enthusiast
- Posts: 171
- Joined: Fri Sep 02, 2005 2:26 am
- Location: Portugal
- Contact:
Re: LDAP
Ok, let's see if i can make it so that you can understand it
1 - Install the Joomla/Ldap mambot (joomla_ldap.bot.tgz)
2 - Configure the mambot as in image below:
3 - Install the Joomla/SSI mambot (ldap.ssi.bot.tgz)
4 - Configure the mambot as in image below:
5 - Move the Joomla/LDAP mambot above the Joomla/SSI mambot as in image below:
6 -The configuration for IPB is simple but i will post it here just in case someone wants to try it with IPB
edit the file /sources/loginauth/ldap/conf.php and change the values below to fit your configuration
I've made a uid search in my test server and the result is as shown:
You can now login with the users that are in your LDAP
My LDAP details (bare with me because it's my first LDAP experience) are:
dc=domain,dc=ext
My users are in ou=People,dc=domain,dc=ext
The users that exist in LDAP but doesn't exist in Joomla will be auto-created. The same will happen in IPB: if they don't exist they will be created. I will now test the IPB ldap hack so that the display name and the email address are auto passed into IPB database when creating a new user since currently it's asked in the first user login.
Hope it helped.
1 - Install the Joomla/Ldap mambot (joomla_ldap.bot.tgz)
2 - Configure the mambot as in image below:
3 - Install the Joomla/SSI mambot (ldap.ssi.bot.tgz)
4 - Configure the mambot as in image below:
5 - Move the Joomla/LDAP mambot above the Joomla/SSI mambot as in image below:
6 -The configuration for IPB is simple but i will post it here just in case someone wants to try it with IPB
edit the file /sources/loginauth/ldap/conf.php and change the values below to fit your configuration
Code: Select all
$LOGIN_CONF['ldap_server'] = 'localhost';
$LOGIN_CONF['ldap_server_username'] = 'cn=Manager,dc=domain,dc=ext';
$LOGIN_CONF['ldap_server_password'] = 'PASSWORD';
$LOGIN_CONF['ldap_uid_field'] = 'uid';
$LOGIN_CONF['ldap_base_dn'] = 'ou=People,dc=domain,dc=ext';
I've made a uid search in my test server and the result is as shown:
You can now login with the users that are in your LDAP
My LDAP details (bare with me because it's my first LDAP experience) are:
dc=domain,dc=ext
My users are in ou=People,dc=domain,dc=ext
The users that exist in LDAP but doesn't exist in Joomla will be auto-created. The same will happen in IPB: if they don't exist they will be created. I will now test the IPB ldap hack so that the display name and the email address are auto passed into IPB database when creating a new user since currently it's asked in the first user login.
Hope it helped.
-
- Joomla! Apprentice
- Posts: 10
- Joined: Tue Apr 24, 2007 2:17 pm
Re: LDAP
Thank you, I'll try this at work tommorrow, project had been on the back burner. I had all the settings, but wasn't exactly sure where to put them since Joomla has a lot more options in this mambot then other LDAP configs such as the one in Wordpress (which I did get to work).
-
- Joomla! Enthusiast
- Posts: 171
- Joined: Fri Sep 02, 2005 2:26 am
- Location: Portugal
- Contact:
Re: LDAP
You must have a user in LDAP that can do queries/searches on the tree you wish to use (in this example 'ou=People,dc=domain,dc=ext')mt wrote: I have made that's issues. I must really have a administrator user from the ldap that i want to connect?
Thanks
-
- Joomla! Enthusiast
- Posts: 171
- Joined: Fri Sep 02, 2005 2:26 am
- Location: Portugal
- Contact:
Re: LDAP
By IIS i understand that you are referring to ActiveDirectory. If so i cannot help you because i didn't tested it with AD nor i have access to any AD to test it.mt wrote: Thank you very much.
I must have basic autentication on iis ou anonymous autentication?
But i guess that basic authentication is the best since it's a little more secure than anonymous authentication
-
- Joomla! Enthusiast
- Posts: 171
- Joined: Fri Sep 02, 2005 2:26 am
- Location: Portugal
- Contact:
Re: LDAP
It is possible to have anonymous authentication. In the "LDAP SSI" mambot put "Anonymous Compare" in the "Authorization Method" field and leave "Connect username" and "Connect password" blank.
The authentication in the mambot is only to check if the users exists in LDAP and if the password provided in the frontend login matches the one in the LDAP.
Then you can use your AD account to login into Joomla.
Don't forget that the default usergroup in Jooma is set to "Registered". You can always login in Joomla with your LDAP user and with your local Joomla account (the admin i.e.)
The authentication in the mambot is only to check if the users exists in LDAP and if the password provided in the frontend login matches the one in the LDAP.
Then you can use your AD account to login into Joomla.
Don't forget that the default usergroup in Jooma is set to "Registered". You can always login in Joomla with your LDAP user and with your local Joomla account (the admin i.e.)
-
- Joomla! Enthusiast
- Posts: 171
- Joined: Fri Sep 02, 2005 2:26 am
- Location: Portugal
- Contact:
Re: LDAP
Right now i'm using ldapbrowser (http://www-unix.mcs.anl.gov/~gawor/ldap/) to connect to the ldap and creating the users. I'm also developing a component to manager the users from LDAP via Joomla but since i'm new to the LDAP stuff things are moving slowly.venom14 wrote: Guys some off topic help please?
Any particular way of creating ou=People dn and putting users in it?
-
- Joomla! Enthusiast
- Posts: 171
- Joined: Fri Sep 02, 2005 2:26 am
- Location: Portugal
- Contact:
Re: LDAP
Glad i could helpvenom14 wrote: VisiGod cheers mate...!
I found a way and thanks to your really helping "guide" worked just great!
THAAAAANKS!
I'm now working on the components/modules to replace the current "Lost Password/Change Details/Register" of Joomla with LDAP ones. Things are moving slowly but moving positively
When i have a working version i will release them to the public so that people can test them and use them
-
- Joomla! Fledgling
- Posts: 4
- Joined: Fri Jun 15, 2007 7:26 am
Re: LDAP
mt wrote: That's not a problem resolved!
I also installed the http single sign on, it works perfectly, but i cannot logout from frontend.
mt wrote: You need to go to php.ini and on line:
; extension=php_ldap.dll place with this one:
extension=php_ldap.dll
Hi
I am still testing Joomla 1.0.12 and have installed all mambots from the LDAP Tools - that is: LDAP SSI, LDAP SSO and Joomla LDAP - published in the order mentioned. I'm using Windows 2003 Active Directory.
I am currently testing Joomla 1.0.12 (with IIS, PHP, windows server 2003) and did the following LDAP installation and publish these two: Joomla LDAP followed by HTTP SSO.
I have tried the above method given and dl the php_ldap.dll in the ext of PHP folder, however it still shows the error " ldap not enabled -please install LDAP in your PHP instance to continue".
Could you advise me on this. really wish to get my http sso to work..
Thanks!
-
- Joomla! Enthusiast
- Posts: 171
- Joined: Fri Sep 02, 2005 2:26 am
- Location: Portugal
- Contact:
Re: LDAP
Don't feel offended with some basic questions I'm making but it's always good to take some issues off the way first.
1 - Did you restarted your IIS service?
2 - Can you please see with phpinfo if you have the LDAP extension loaded like in image below (I'm using openldap but you should get something different there):
Also, you don't need the SSO mambot, only the SSI. If you check on the JAuthTools page (http://sammoffatt.com.au/jauthtools/ind ... tall_Guide) the mambot's should be used like:
Hope it helped
1 - Did you restarted your IIS service?
2 - Can you please see with phpinfo if you have the LDAP extension loaded like in image below (I'm using openldap but you should get something different there):
Also, you don't need the SSO mambot, only the SSI. If you check on the JAuthTools page (http://sammoffatt.com.au/jauthtools/ind ... tall_Guide) the mambot's should be used like:
You can also check the page http://sammoffatt.com.au/jauthtools/ind ... _Directory to see how to configure it for AD.* Joomla LDAP
* LDAP Single Sign In aka SSI (applicable for appropriately configured Active Directory, openLDAP or Novell Directory Services (eDirectory) systems).
* LDAP Single Sign On aka SSO (only supported on Novell Directory Services based systems using Netware [not OES] servers).
* LDAP Synchronization.
Hope it helped
Last edited by VisiGod on Fri Jun 15, 2007 9:35 am, edited 1 time in total.
-
- Joomla! Fledgling
- Posts: 4
- Joined: Fri Jun 15, 2007 7:26 am
Re: LDAP
Hi,
I did restart my IIS.
I do not have the PHP extension loaded image page. (I did place the the libraries php_ldap.dll in my PHP ext folder)..
I have the error " Ldap not enabled -Please install in your PHP instance to continue"
Could you advise me on that ?
Another question: Did u successfully integrate mircosoft AD with Joomla 1.0.12 with openldap?
Teesnna
I did restart my IIS.
I do not have the PHP extension loaded image page. (I did place the the libraries php_ldap.dll in my PHP ext folder)..
I have the error " Ldap not enabled -Please install in your PHP instance to continue"
Could you advise me on that ?
Another question: Did u successfully integrate mircosoft AD with Joomla 1.0.12 with openldap?
Teesnna
- ViperFish
- Joomla! Intern
- Posts: 67
- Joined: Sun Oct 09, 2005 2:14 pm
- Location: Western Australia
- Contact:
Re: LDAP
Hi everyone,
I finally got LDAP to work on J1.0.12.
For myself and my client, the whole point of getting LDAP to work was to enable customers to access serveral different sites with one login and maintain user details in one location.
Something which I think I misunderstood is user autocreation. When a user is created in LDAP, they are automatically created in Joomla when they try to log in. Fantastic!.
However, can the J!authtools automatically create the user in LDAP when they register at my site? At the moment it seems we have to manually create them in LDAP first.
Regards
John.
I finally got LDAP to work on J1.0.12.
For myself and my client, the whole point of getting LDAP to work was to enable customers to access serveral different sites with one login and maintain user details in one location.
Something which I think I misunderstood is user autocreation. When a user is created in LDAP, they are automatically created in Joomla when they try to log in. Fantastic!.
However, can the J!authtools automatically create the user in LDAP when they register at my site? At the moment it seems we have to manually create them in LDAP first.
Regards
John.