LDAP

Discuss the development and implementation of Joomla! bots/Plugins here.
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
xamarshahx
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Tue Apr 24, 2007 2:17 pm

LDAP

Postby xamarshahx » Tue Apr 24, 2007 2:33 pm

Does anyone know how to implement this LDAP tool?  The site does not have documentation yet.

http://joomlacode.org/gf/project/jauthtools/

Thank you.

rmarkin
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Sun Mar 05, 2006 1:21 pm

Re: LDAP

Postby rmarkin » Thu Apr 26, 2007 10:42 pm

Hello,

I am attempting to implement it now.  I can not get the bots to install though.  Have you been able to get past this point?  I simply zipped the joomla.ldap.php and joomla.ldap.xml files and attempted to install them as a mambot.  I received the "ERROR: Could not find a Joomla! XML setup file in the package." error.

I then tried copying the two files into the mambots/system/ folder but they do not show up under "Site Mambots". 

We have a Win2003 AD environment that we would like to utilize for Joomla authentication.  Let me know what your progress is, if any, and maybe we can help each other.

Robert

xamarshahx
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Tue Apr 24, 2007 2:17 pm

Re: LDAP

Postby xamarshahx » Fri Apr 27, 2007 2:10 am

Yeah, I just used the zip files he has on his site under the Files tab.  They installed immediately, but now I have to play with the settings.  I have the same environment as you.  I am getting Warning messages on the home page now, reading through his wiki seems to help a little.

rmarkin
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Sun Mar 05, 2006 1:21 pm

Re: LDAP

Postby rmarkin » Fri Apr 27, 2007 5:11 am

Thank you,

The site that I had been looking at did not have the files packaged up like that.  I will install it in the morning and run it by our AD guys to begin testing.  I will post the results.

Robert

xamarshahx
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Tue Apr 24, 2007 2:17 pm

Re: LDAP

Postby xamarshahx » Mon Apr 30, 2007 7:42 pm

rmarkin wrote:Thank you,

The site that I had been looking at did not have the files packaged up like that.  I will install it in the morning and run it by our AD guys to begin testing.  I will post the results.

Robert


any luck?

xamarshahx
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Tue Apr 24, 2007 2:17 pm

Re: LDAP

Postby xamarshahx » Mon Apr 30, 2007 8:13 pm

I am new to LDAP so here are the settings I am trying, let me know where I am wrong if you guys see the mistakes.
Thanks!

Using MS AD:
Joomla LDAP and HTTP Single Signon are published
" " = Items replaced for security

Joomla LDAP
Host is correct.
Port is 389
LDAP V3 - Yes
Negociate TLS - No
Don't follow referrals - Yes
Base DN: Cn="connectusername",ou=service accounts,ou=staff,dc="company",dc=org
Search String: uid=[sAMAccountName], ou="department",ou=staff,dc="company",dc=org
User DN: ou="department",ou=staff,dc="company",dc=org
Map FullName: displayName
Map Email: mail
Map User ID: sAMAccountName
Map Password: userPassword

HTTP Single Signon set to use Global Settings
Set to Bind as User

rmarkin
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Sun Mar 05, 2006 1:21 pm

Re: LDAP

Postby rmarkin » Tue May 01, 2007 4:59 am

Our AD guys aren't going to be able to start testing until the day after tomorrow.  I will post with our settings / results then, but hopefully it will work.

amattas
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Fri Apr 13, 2007 6:54 pm
Location: Portage, MI
Contact:

Re: LDAP

Postby amattas » Tue May 01, 2007 4:05 pm

I'm having problems with this as well. We have nested OU's! :-\ I don't know how to get this to work.

xamarshahx
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Tue Apr 24, 2007 2:17 pm

Re: LDAP

Postby xamarshahx » Thu May 03, 2007 6:32 pm

I switched my base DN to: ou="department",ou=staff,dc="company",dc=org
Search String to: CN=*\([login]\)
Connect username: Cn="connectusername",ou=service accounts,ou=staff,dc="company",dc=org
Users DN: Cn="connectusername",ou=service accounts,ou=staff,dc="company",dc=org

This stuff is confusing, but it still doesn't work.

User avatar
VisiGod
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 171
Joined: Fri Sep 02, 2005 2:26 am
Location: Portugal
Contact:

Re: LDAP

Postby VisiGod » Tue Jun 05, 2007 2:04 pm

I've been testing LDAP with Joomla and IPB. So far both Joomla and IPB are working with LDAP (consulting users) but i still have to make the custom pages for registration and password/email change.

Regarding Joomla, the 2 required mambots are "Joomla LDAP" and "LDAP SSI". One of the most important things (i've found it somewhere on the net) is that the mambot JoomlaLDAP must be above the LDAPSSI mambot in the mambot ordering.

The test was made with openldap 2.2.29 (windows version), Joomla 1.0.12 and IPB 2.2.2

If anyone is interested in the configurations i will gladly post them here (as an example)

xamarshahx
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Tue Apr 24, 2007 2:17 pm

Re: LDAP

Postby xamarshahx » Tue Jun 05, 2007 9:42 pm

That would be great if you can post the example.  Just mask the personal info with generic words like company, departname , etc...

User avatar
VisiGod
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 171
Joined: Fri Sep 02, 2005 2:26 am
Location: Portugal
Contact:

Re: LDAP

Postby VisiGod » Tue Jun 05, 2007 10:45 pm

Ok, let's see if i can make it so that you can understand it  :D

1 - Install the Joomla/Ldap mambot (joomla_ldap.bot.tgz)
2 - Configure the mambot as in image below:
Image

3 - Install the Joomla/SSI mambot (ldap.ssi.bot.tgz)

4 - Configure the mambot as in image below:
Image


5 - Move the Joomla/LDAP mambot above the Joomla/SSI mambot as in image below:
Image



6 -The configuration for IPB is simple but i will post it here just in case someone wants to try it with IPB
edit the file /sources/loginauth/ldap/conf.php and change the values below to fit your configuration

Code: Select all

$LOGIN_CONF['ldap_server'] = 'localhost';
$LOGIN_CONF['ldap_server_username'] = 'cn=Manager,dc=domain,dc=ext';
$LOGIN_CONF['ldap_server_password'] = 'PASSWORD';
$LOGIN_CONF['ldap_uid_field'] = 'uid';
$LOGIN_CONF['ldap_base_dn'] = 'ou=People,dc=domain,dc=ext';




I've made a uid search in my test server and the result is as shown:
Image


You can now login with the users that are in your LDAP

My LDAP details (bare with me because it's my first LDAP experience) are:

dc=domain,dc=ext

My users are in ou=People,dc=domain,dc=ext

The users that exist in LDAP but doesn't exist in Joomla will be auto-created. The same will happen in IPB: if they don't exist they will be created. I will now test the IPB ldap hack so that the display name and the email address are auto passed into IPB database when creating a new user since currently it's asked in the first user login.

Hope it helped.

xamarshahx
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Tue Apr 24, 2007 2:17 pm

Re: LDAP

Postby xamarshahx » Wed Jun 06, 2007 12:14 am

Thank you, I'll try this at work tommorrow, project had been on the back burner.  I had all the settings, but wasn't exactly sure where to put them since Joomla has a lot more options in this mambot then other LDAP configs such as the one in Wordpress (which I did get to work).

mt
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Tue May 15, 2007 3:39 pm

Re: LDAP

Postby mt » Wed Jun 06, 2007 3:28 pm

I have made that's issues. I must really have a administrator user from the ldap that i want to connect?
Thanks

User avatar
VisiGod
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 171
Joined: Fri Sep 02, 2005 2:26 am
Location: Portugal
Contact:

Re: LDAP

Postby VisiGod » Wed Jun 06, 2007 3:38 pm

mt wrote:I have made that's issues. I must really have a administrator user from the ldap that i want to connect?
Thanks


You must have a user in LDAP that can do queries/searches on the tree you wish to use (in this example 'ou=People,dc=domain,dc=ext')

mt
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Tue May 15, 2007 3:39 pm

Re: LDAP

Postby mt » Wed Jun 06, 2007 4:29 pm

Thank you very much.
I must have basic autentication on iis ou anonymous autentication?

User avatar
VisiGod
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 171
Joined: Fri Sep 02, 2005 2:26 am
Location: Portugal
Contact:

Re: LDAP

Postby VisiGod » Wed Jun 06, 2007 4:48 pm

mt wrote:Thank you very much.
I must have basic autentication on iis ou anonymous autentication?


By IIS i understand that you are referring to ActiveDirectory. If so i cannot help you because i didn't tested it with AD nor i have access to any AD to test it.

But i guess that basic authentication is the best since it's a little more secure than anonymous authentication

mt
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Tue May 15, 2007 3:39 pm

Re: LDAP

Postby mt » Wed Jun 06, 2007 10:10 pm

Thank you again.  :D
What kind of autentication do you have in your linux server? Is it possible to have anonymous autentication, but in jooma when you log on in login module, log with a user from my AD?  ???

User avatar
VisiGod
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 171
Joined: Fri Sep 02, 2005 2:26 am
Location: Portugal
Contact:

Re: LDAP

Postby VisiGod » Wed Jun 06, 2007 10:28 pm

It is possible to have anonymous authentication. In the "LDAP SSI" mambot put "Anonymous Compare" in the "Authorization Method" field and leave "Connect username" and "Connect password" blank.

The authentication in the mambot is only to check if the users exists in LDAP and if the password provided in the frontend login matches the one in the LDAP.

Then you can use your AD account to login into Joomla.

Don't forget that the default usergroup in Jooma is set to "Registered". You can always login in Joomla with your LDAP user and with your local Joomla account (the admin i.e.)

mt
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Tue May 15, 2007 3:39 pm

Re: LDAP

Postby mt » Fri Jun 08, 2007 2:54 pm

Visigod, WONDERFULL!! It Works!!
But now, when i do the login on the login module, i have the message that cookies are not enabled. I have the cookies enabled on my browser.
Do you not what is wrong?
Thank very much!
;)

User avatar
VisiGod
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 171
Joined: Fri Sep 02, 2005 2:26 am
Location: Portugal
Contact:

Re: LDAP

Postby VisiGod » Fri Jun 08, 2007 5:39 pm

That's strange. I never got that problem. I will see if i can find any solution on the mambot developer site.

mt
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Tue May 15, 2007 3:39 pm

Re: LDAP

Postby mt » Mon Jun 11, 2007 3:34 pm

That's not a problem  ;) resolved!
I also installed the http single sign on, it works perfectly, but i cannot logout from frontend.

venom14
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Jun 14, 2007 10:53 am

Re: LDAP

Postby venom14 » Thu Jun 14, 2007 11:00 am

Guys some off topic help please?
Any particular way of creating ou=People dn and putting users in it?

User avatar
VisiGod
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 171
Joined: Fri Sep 02, 2005 2:26 am
Location: Portugal
Contact:

Re: LDAP

Postby VisiGod » Thu Jun 14, 2007 12:40 pm

venom14 wrote:Guys some off topic help please?
Any particular way of creating ou=People dn and putting users in it?


Right now i'm using ldapbrowser ( http://www-unix.mcs.anl.gov/~gawor/ldap/ ) to connect to the ldap and creating the users. I'm also developing a component to manager the users from LDAP via Joomla but since i'm new to the LDAP stuff things are moving slowly.

venom14
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Jun 14, 2007 10:53 am

Re: LDAP

Postby venom14 » Thu Jun 14, 2007 3:03 pm

VisiGod cheers mate...!
I found a way and thanks to your really helping "guide" worked just great!
;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D

THAAAAANKS!

User avatar
VisiGod
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 171
Joined: Fri Sep 02, 2005 2:26 am
Location: Portugal
Contact:

Re: LDAP

Postby VisiGod » Thu Jun 14, 2007 10:03 pm

venom14 wrote:VisiGod cheers mate...!
I found a way and thanks to your really helping "guide" worked just great!
;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D

THAAAAANKS!


Glad i could help :)

I'm now working on the components/modules to replace the current "Lost Password/Change Details/Register" of Joomla with LDAP ones. Things are moving slowly but moving positively :)

When i have a working version i will release them to the public so that people can test them and use them

teesnna
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Fri Jun 15, 2007 7:26 am

Re: LDAP

Postby teesnna » Fri Jun 15, 2007 8:13 am

mt wrote:That's not a problem  ;) resolved!
I also installed the http single sign on, it works perfectly, but i cannot logout from frontend.


mt wrote:You need to go to php.ini and on line:
; extension=php_ldap.dll place with this one:
extension=php_ldap.dll



Hi

I am still testing Joomla 1.0.12 and have installed all mambots from the LDAP Tools - that is: LDAP SSI, LDAP SSO and Joomla LDAP - published in the order mentioned. I'm using Windows 2003 Active Directory.

I am currently testing Joomla 1.0.12 (with IIS, PHP, windows server 2003) and did the following LDAP installation and publish these two: Joomla LDAP followed by HTTP SSO.

I have tried the above method given and dl the php_ldap.dll in the ext of PHP folder, however it still shows the error " ldap not enabled -please install LDAP in your PHP instance to continue". 

Could you advise me on this. really wish to get my http sso to work..


Thanks!

User avatar
VisiGod
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 171
Joined: Fri Sep 02, 2005 2:26 am
Location: Portugal
Contact:

Re: LDAP

Postby VisiGod » Fri Jun 15, 2007 9:31 am

Don't feel offended with some basic questions I'm making but it's always good to take some issues off the way first.

1 - Did you restarted your IIS service?

2 - Can you please see with phpinfo if you have the LDAP extension loaded like in image below (I'm using openldap but you should get something different there):
Image

Also, you don't need the SSO mambot, only the SSI. If you check on the JAuthTools page ( http://sammoffatt.com.au/jauthtools/ind ... tall_Guide ) the mambot's should be used like:
    * Joomla LDAP
    * LDAP Single Sign In aka SSI (applicable for appropriately configured Active Directory, openLDAP or Novell Directory Services (eDirectory) systems).
    * LDAP Single Sign On aka SSO (only supported on Novell Directory Services based systems using Netware [not OES] servers).
    * LDAP Synchronization.


You can also check the page http://sammoffatt.com.au/jauthtools/ind ... _Directory to see how to configure it for AD.

Hope it helped
Last edited by VisiGod on Fri Jun 15, 2007 9:35 am, edited 1 time in total.

teesnna
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Fri Jun 15, 2007 7:26 am

Re: LDAP

Postby teesnna » Mon Jun 25, 2007 2:59 am

Hi,

I did restart my IIS.
I do not have the PHP extension loaded image page. (I did place the the libraries php_ldap.dll in my PHP ext folder)..
I have the error " Ldap not enabled -Please install in your PHP instance to continue"
Could you advise me on that ?


Another question: Did u successfully integrate mircosoft AD with Joomla 1.0.12 with openldap?


Teesnna

User avatar
ViperFish
Joomla! Intern
Joomla! Intern
Posts: 63
Joined: Sun Oct 09, 2005 2:14 pm
Location: Western Australia
Contact:

Re: LDAP

Postby ViperFish » Mon Jun 25, 2007 6:40 am

Hi everyone,

I finally got LDAP to work on J1.0.12.

For myself and my client, the whole point of getting LDAP to work was to enable customers to access serveral different sites with one login and maintain user details in one location.

Something which I think I misunderstood is user autocreation. When a user is created in LDAP, they are automatically created in Joomla when they try to log in. Fantastic!.

However, can the J!authtools automatically create the user in LDAP when they register at my site? At the moment it seems we have to manually create them in LDAP first.

Regards
John.


Return to “Plugins/Mambots”

Who is online

Users browsing this forum: No registered users and 3 guests