Page 8 of 12

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Mon Jul 23, 2012 12:36 pm
by avi_davidowitz
Hi. I have the LDAP authentication working, but I cannot get the SSO to work.

Current setup is Joomla 2.5.6 running on Windows Server 2008 (x64) - on Apache 2.4.

Every time I try to enable mod_auth_sspi in httpd.conf, Apache wont start. Is there any other way to get SSo working without mod_auth_sspi? I can't seem to confirm whether or not it will even run in the config that I have described above.....

Thanks.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Sun Jul 29, 2012 10:48 pm
by ShMaunder
Apologies for the delay - have been away.

@bancil31
You will need to email/PM me over your debug table (or just the groups row) to work out whats happening (make sure you remove any confidential information before sending). I can only think that your groups aren't valid DNs.

@avi_davidowitz
I can only think of the alternative mod_auth_ldap library.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Mon Jul 30, 2012 10:18 am
by Purejet
Hello,

At the moment we have an issue with the JMapMyLDAP plugin. Login works good but the mapping doesn't. Hope so that someone can help me with this problem. I've tried to download the latest version, but that was not the solution. I've made an mapping to put the domain admins into the 7 group but it becomes always to the registered group.

Much thanks for the answer

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Aug 01, 2012 11:18 pm
by ShMaunder
@Purejet

I'm not sure if you're the same person that has emailed me...

What LDAP vendor are you using ?

Does the values of your LDAP group attribute look like "cn=group1,ou=mine,dc=domain" or "group1" (you can check this using the PHP LDAP debug tool) ?

What are your plug-in parameters ?

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Mon Aug 20, 2012 3:50 pm
by jbdjbd
What a great plugin! The functionality/flexibility has allowed us to do so much more with our site. I'm using jmap and group mapping and had no problems getting it up and running and mapping AD users to their joomla groups.

I do have a question about email addresses and mapping. I've got around 2500 users, and not all of them have an email attribute in AD. I saw using [username]@domain.com to create the generic email which will sync up in joomla ('cause i have it set to in the User Jmap..), but that then stops them from receiving email notifications (as our usernames are not part of actual email addresses).

Is there a way to write and "if" statement (i.e., use the mail attribute if one exists or if not, use generic) in the map e-mail field?

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Mon Aug 20, 2012 8:40 pm
by rsogo
I recently had the JMapMyLDAP extension setup on a development server for a business Intranet and it worked perfectly. We just wanted the ability to have AD users login to the site without having to go through a complete registration process.

However, once development was complete - we moved the site to an external host and now JMapMyLDAP cannot connect to the AD server and we have A records pointing to our external IP correctly.

Can't determine what needs to change to get this back up and running. The Base DN shouldn't change if users are authenticating from the internet as opposed to the intranet, should it?

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Tue Aug 21, 2012 5:49 pm
by ShMaunder
@jbdjbd

That would require some custom code. I reckon the best way to do this would be to put the attribute key into the "map email" field, then check if the returning email value is empty. If is empty then use a fake email instead.

Assuming you're using V1 then you could modify /plugins/authentication/jmapmyldap/jmapmyldap.php and find:

Code: Select all

	if(isset($details[$ldap->ldap_email][0]))
		$response->email = $details[$ldap->ldap_email][0];
then use something like instead:

Code: Select all

	if(empty($details[$ldap->ldap_email][0]))
	{
		$response->email = $response->username . '@example.com';
	}
	else
	{
		$response->email = $details[$ldap->ldap_email][0];
	}

@rsogo

Communicated via email. It appears to be a port forwarding issue.

Using a tool like nmap can discover whether appropriate ports are open and/or reachable.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Aug 22, 2012 7:12 pm
by jbdjbd
@ShMaunder

That did the trick! Thank you so much for you help.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Thu Aug 23, 2012 8:47 pm
by robinpryor
Everything seems to be perfect except one thing. Every new user is auto-registered to the Registered group and I want them to register to a custom group I created.

I am NOT using group mapping. Here are my current User-JMapMyLDAP settings:

BASIC
Authentication Plugin = jmapmyldap
Auto Register = Override - Yes
Sync Name = Y
Sync Email = N

GROUP
All defaults except Public Group = 9 (the id of my custom group)

Obviously, setting the Public Group didn't do anything - I suspect because I'm not using group mapping.

Following along in this topic and your replies, I've also made the following changes in \libraries\shmanic\jmapmyldap.php :

Changed line 88 to

Code: Select all

protected $group_map_public = 9;
Changed line 494 to

Code: Select all

self::addUserToGroup($joomlaUser, 9);
Changed line 979 to

Code: Select all

$defaultUserGroup = $config->get('new_usertype', 9);
Do I have to use group mappings to be able to control which group people are auto-registered to? What do I need to do?

Thanks in advance - Robin

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Aug 29, 2012 8:34 am
by bancil31
Hello everybody,
I'm back !
Have you spent good holidays ?
Did you think about my issue this summer ? ;-)

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Oct 03, 2012 6:06 pm
by GJSchaller
Hello! Two questions for you...

1) I'm sure everyone is asking this, about every extension - will this be updated for Joomla 3.X compatibility?

2) Is there any chance of combining this with, or implementing, a SAML solution?

Thank you!

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Mon Nov 05, 2012 9:26 pm
by robinpryor
I have this implemented and working great... as long as the user is on the same domain. The problem is that our organization implements several domains and I need to give everyone the ability to get to this site. Any thoughts or advice?

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Tue Nov 13, 2012 7:47 pm
by rentawebguy
I've installed this and when I try to login I get this error:

Username and password do not match or you do not have an account yet.
You do not have access to the administrator section of this site.


this tells me that it is hitting the LDAP server.

I know my login is correct.

What can I look at to troubleshoot this?

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Tue Nov 20, 2012 12:40 am
by drammar
Is there an ETA on version 2 as of yet?
In the previous threads, you mentioned that version 2 should be able to create LDAP users, as well as syncing the user database with LDAP. This is the issue I am trying to solve.

JAuthTools did this for J1.5 however..... I don't believe JAuthTools is supported in J2.5 or J3, so there is definately a need for an extension that can do this.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Dec 26, 2012 4:43 pm
by ShMaunder
Apologies for not being active here again. If you add a post here then please email me as well.

Multiple domains can be hacked on using this post http://forum.joomla.org/viewtopic.php?f ... 0#p2727858 - will be a native feature one day.

@drammar - I'm still committing stuff to version 2's repos but its quite slow work at the moment. So no ETA of version 2. I have a few days free where I'll get some more stuff written and committed.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jan 23, 2013 7:52 am
by andacod
G'day,

I just found your plugin in on JED and would like to know if I can use it do what I need.

I run a community based website that has a large number of school based audiences. I want to be be able to set up a membership subscription service for the schools so I can offer schools memberships and any one of their students or teachers can login via a LDAP connection. So, put simply, I need to be able to provide multiple LDAP connections to my site. Is this possible?

I'm currently running J2.5, jomsocial, and payplans as the backbone of the site.

Cheers

Andrew

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Tue Jan 29, 2013 4:15 pm
by ShMaunder
@andacod

Running multiple LDAP instances is only possible in the yet to be released version 2. The code is there, but there is no components to administer/configure it. So if this system you need is a few months off then you should be OK, but if you need it now I suggest you pick up what I've done so far and create a component for it.

I can't get my hands on Jomsocial due to licensing so I can't comment on that - though if it uses the Joomla user authentication sequence & databases, then it should work. After I release V2 I will look at getting my hands on Jomsocial.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Tue Feb 05, 2013 8:22 pm
by bmmcwhirt
I am having trouble configuring JMapMyLDAP to allow authentication.

Here is an LDAP entry from my FreeIPA server:

Code: Select all

[root@auth ~]# ldapsearch -Y GSSAPI -b "dc=MYHHCA,dc=COM" uid=bmcwhirt
SASL/GSSAPI authentication started
SASL username: admin@MYHHCA.COM
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <dc=MYHHCA,dc=COM> with scope subtree
# filter: uid=bmcwhirt
# requesting: ALL
#

# bmcwhirt, users, compat, myhhca.com
dn: uid=bmcwhirt,cn=users,cn=compat,dc=myhhca,dc=com
objectClass: posixAccount
objectClass: top
gecos: Bryan McWhirt
cn: Bryan McWhirt
uidNumber: 154200001
gidNumber: 154300000
loginShell: /bin/sh
homeDirectory: /home/bmcwhirt
uid: bmcwhirt

# bmcwhirt, users, accounts, myhhca.com
dn: uid=bmcwhirt,cn=users,cn=accounts,dc=myhhca,dc=com
displayName: Bryan McWhirt
cn: Bryan McWhirt
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixaccount
objectClass: krbprincipalaux
objectClass: krbticketpolicyaux
objectClass: ipaobject
objectClass: ipasshuser
objectClass: ipaSshGroupOfPubKeys
objectClass: mepOriginEntry
loginShell: /bin/sh
sn: McWhirt
gecos: Bryan McWhirt
homeDirectory: /home/bmcwhirt
krbPwdPolicyReference: cn=global_policy,cn=MYHHCA.COM,cn=kerberos,dc=myhhca,dc
 =com
mail: bmcwhirt@myhhca.com
krbPrincipalName: bmcwhirt@MYHHCA.COM
givenName: Bryan
uid: bmcwhirt
initials: BM
ipaUniqueID: 2d330e8a-6c39-11e2-9c6c-0002a5517755
uidNumber: 154200001
gidNumber: 154300000
krbPasswordExpiration: 20130201063239Z
krbLastPwdChange: 20130201063239Z
krbExtraData:: 
mepManagedEntry: cn=bmcwhirt,cn=groups,cn=accounts,dc=myhhca,dc=com
memberOf: cn=ipausers,cn=groups,cn=accounts,dc=myhhca,dc=com
mobile: 5551212
postalCode: 10000
street: 123 some street
l: City
st: State
facsimileTelephoneNumber: 1112220000
telephoneNumber: 1015551212
title: Director of IT
ou: myhhca
krbLoginFailedCount: 0
krbLastSuccessfulAuth: 20130204213611Z

# search result
search: 4
result: 0 Success

# numResponses: 3
# numEntries: 2
[root@auth ~]# 
If someone could advise me on the proper setup to allow this to authenticate I would be greatly appreciative.

Currently I have this for connect user: uid=admin,cn=users,cn=accounts,dc=myhhca,dc=com
and the Connect password it the appropriate admin password.
Server IP and ports are correct.

Use search is on

Base DN: cn=users,cn=accounts,dc=myhhca,dc=com
Uer DN Filter: uid=[username]

Map User ID: uid
Map Full Name: cn
Map Email: mail


If anyone can help please let me know.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Thu Feb 07, 2013 9:38 am
by Mike74000
Hi,

First of all : thanks a lot for this great plugin !
I configure it with an openldap server, using authentification plugin and group mapping plugin and it works like a charm.
I have some question about improvement/capabilities : is it possible to configure the plugin to sync password and other things between joomla profile fields and the ldap ? (e.g. the user go to his profile, change password and for exemple email, and it will be sync between joomla base and ldap)

I find the profile plugin, but it can't be download ("File type not allowed" error), I don't know if it can help me ...

Thanks a lot for your feedback.

Regards,

Mike.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Tue Mar 12, 2013 7:44 pm
by Beedi
Found this github link, not sure if this is the right file.
https://github.com/ShMaunder/JMapMyLDAP ... ap/profile

Can somebody confirm?

BT

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Thu Mar 14, 2013 12:32 pm
by Cooperl
I have LDAP authentication working fine but just can't seem to get SSO to work.

My PHP error log reports the following line every time i open a page:
2013-03-14 12:22:50 INFO 10.19.16.18 SSO Fail: SSO: Failed to import SSO plugins.

The SSO-HTTP and System-JSSOMySite plugins are enabled. I just don't seem to be getting anywhere with this, has anyone else seen this problem? :(

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Tue Mar 19, 2013 4:09 pm
by giorgio61
hello. where do u suggest me to investigate if my JMapmyldap works perfectly but i cannot make the SSO work? something missing in apache configuration or the SSO_HTML plug not configured properly? how can i get the proper values of the _SERVER array?

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Tue Apr 16, 2013 2:55 pm
by sdiaz
Good day, I have a little trouble:

I need to modify your plugin. I mean, I need to add a new attribute to mapping a LDAP account. Is that possible? (ex: an internal code different to email).

Thanks for answering.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Mon Apr 22, 2013 10:43 am
by Tanathka
I’ve come across your Joomla module to authenticate ldap users and groups.

I’m unfortunately having difficulties with it. (Including the testing tool)

It seems Joomla’s own LDAP authentication module works, but jmapmyldap doesn’t. Which suggests it’s not the settings. I have a sneaking suspicion that it may be to do with either the version of php (5.4) or that the Active Directory structure that I’m using requires recursive searching. Which can be switched on with the Joomla extension, but not your modules’ components.

The PHP LDAP debug also binds ok, but doesn’t find any users either.

Code: Select all

:: PHP LDAP Debug V1.06 Script Started :: 

Attempting to bind to LDAP server using connect username and password... 
LDAP bind successful.

Attempting to use search to find user... 
Failed: cannot find the authenticating user. 


:: PHP LDAP Debug V1.06 Script Finished ::
The only other thing of note is that I’m using Joomla 3.0.3 which although should in theory work. Your Debug tool fails so I don’t believe Joomla is at fault here.

Is there a recursion switch lurking somewhere or perhaps missing?

Regards

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Mon Apr 22, 2013 3:29 pm
by Tanathka
As is almost always the case when I post something on forums.... I solve it shortly afterwards

Resolved the search issue (and then I found the solution on the website :laugh: )

Joomla ldap module uses: sAMAccountName=[search]
Were as your module uses: (sAMAccountName=[username])

Search of course has to be on. :-[

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Sat May 11, 2013 1:01 pm
by ShMaunder
Once again apologise for the delay in responses, I've been very busy with version 2 which will hopefully resolve a lot of issues being reported here and on email including that missing download link.

Version 2 Beta 1 will be published late on May 12th. It will initially have a lack of documentation as I try to update the project site to accommodate the new version. It will also be missing key parts of the component meaning the configuration will need direct editing either through SQL or using the new temporary LDAP debug tool.

Features include: Group Mapping, Profile support, User creation, User deletion, Password changing and Support for multiple LDAP servers.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Sun Jun 02, 2013 4:01 pm
by jbdjbd
Instead of just using displayName, is it possible to combine attributes in AD for this field? In our AD, displayName is backwards (Last First). I'd like to try to combine two different fields so it will display First Last.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jul 10, 2013 9:09 am
by beck0r
Hello everybody,

I've installed Joomla 3.1 on a Windows 8 x64 VM. Joomla is running on Apache 2.2.2.
I've managed to configure LDAP requests successful, but I'm stucked with SSO.
Unfortunately REMOTE_USER or AUTH_USER are not shown in php information, so I've started to google and finally came to the mod_auth_sspi.so apache extension, which I've added to the webserver. Since then Apache doesn't start showing useless error messages. I don't have any idea what to do anymore.. Of course I can uncomment these lines and everythink works fine again... but I want to enable SSO for our Intranet webpage. I've also read the guides for NTLM and Kerberos but none of them worked for me. Honestly I'm quite new to this as well!

Screenshot for SSO HTTP and SSOMYSITE are attached

Added to httpd.conf


<IfModule !mod_auth_sspi.c>
LoadModule sspi_auth_module modules/mod_auth_sspi.so
</IfModule>


<IfModule mod_auth_sspi.c>
<Location "C:\xampp\htdocs\">
#AuthName "A Protected Place"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
# SSPIBasicPreferred
# SSPIUsernameCase lower
require valid-user
</Location>
</IfModule>

Thanks in advance

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jul 10, 2013 7:52 pm
by edmondt
Did anyone have any luck on the instruction on: http://forum.joomla.org/viewtopic.php?f ... 0#p2727858 ?

We want to authenticate both OpenLDAP and AD, with different group mappings...

I tried the instruction and re-packaged plg_authentication_jmapmyldap.zip, but I'm not seeing another instance of Authentication - JMapMyLDAP

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Fri Jul 19, 2013 1:24 pm
by gmip
I'm trying to use your Joomla extension but i have this error message: ERROR jmapmyldapfail JLDAP2: No user dn/filter parameter.

I'm using Joomla 3, and your last plugin version. And trying to use Joomla Autenthication Plugin with Users JMapMyLDAP.

Using native joomla authentication plugin with native user login plugin it works, but I want to set the group from users.


My configuration is this one:

Authentication LDAP:
Server: 10.27.4.36
Port 389
DN Base: DC=senaces,DC=com,DC=br
Search charters: userPrincipalName=[search]@senaces.com.br
DN User: [username]@senaces.com.br
Map User: displayName
Map Email: userPrincipalName
Map UserID: sAMAccountName

User - JMapMyLDAP
Authentication plugin: ldap
Auto Register: Override yes
Sync Name, Sync Email: yes
Use Group Mapping: yes
Allow Additions: yes
Allow Removals: Yes & Default Managed

Unmanaged Groups: 1;2;8
Public Group; 1
Mapping List: cn=Grupos DR, ou=Nti, o=senaces : 7

Lookup Type: Forward
Lookup Attribute: memberOf
Lookup Member: dn
Use Recursion: No
DN Attribute: distinguishedName
Max Depth; 0


Using the Authentication - JMapMyLDAP, it doesn't works, the configuration is:
LDAP V3: Yes
Start TLS; No
Follow Referrals: No

Connection
Host: 10.27.4.36
Port: 389

Credentials
Connect User: gmpecanha@senaces.com.br
Connect Password: ...

Binding
Use Search: Yes
Base DN: DC=senaces,DC=com,DC=br
User DN / Filter: (sAMAccountName=[username])

Mapping Attributes
Map User ID: sAMAccountName
Map Full Name: displayName
Map Email: userPrincipalName



Can you help me?!