JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

This forum is for general questions about extensions for Joomla! 2.5.

Moderators: pe7er, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
desperandos
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Fri Sep 15, 2006 5:04 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by desperandos » Thu Jul 25, 2013 9:49 am

Hi Shaun and thanks for the great plugin, i try to make it work and i have some issues so if you can please help. I have try to follow all the conversation in this threat but i could find a solution to my error....please see below

Code: Select all

JLDAP2: Could not get dn for username 'x.xxxxxx@mydomain.gr'. Check user dn/filter parameter and the authenticating user exists. LDAP reported: Success
I have worked with your ldapdebug.php and with the credentials i use in this i get the error i mention above. My joomla installation is

Code: Select all

PHP Built On	 Linux NASSRV 3.4.6 #1 SMP Fri Apr 26 00:12:30 CST 2013 i686
Database Version	 5.1.36
Database Collation	 utf8_general_ci
PHP Version	 5.3.14
Web Server	 Apache
WebServer to PHP Interface	 apache2handler
Joomla! Version	 Joomla! 2.5.11 Stable [ Ember ] 26-April-2013 14:00 GMT
Joomla! Platform Version	 Joomla Platform 11.4.0 Stable [ Brian Kernighan ] 03-Jan-2012 00:00 GMT
User Agent	 Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36

The result from the ldapdebug.php is
Both functions credentials are valid and below is the result

Authentication

Code: Select all

:: PHP LDAP Debug V1.06 Script Started :: 

Attempting to bind to LDAP server using connect username and password... 
LDAP bind successful.

Attempting to use search to find user... 
Successfully found user

Attempting to logon with user CN=xxxxxxx,OU=my_Users,OU=my Users,DC=xxxxxxx,DC=gr ...
Successfully logged on with user

Attempting to retrieve all user attributes then process the results request...

User ID: x.xxxxxxxx
Full Name: xxxxxxx xxxxxxxx
Email: x.xxxxx@xxxxxxxx.gr

Group Mapping

Code: Select all

:: PHP LDAP Debug V1.06 Script Started :: 

Attempting to bind to LDAP server using connect username and password... 
LDAP bind successful.

Attempting to use search to find user... 
Successfully found user

Attempting to logon with user CN=xxxxxx,OU=xxxxxx_Users,OU=xxxxxx Users,DC=xxxxxx,DC=gr ...
Successfully logged on with user

Attempting to retrieve all user attributes then process the results request...

User ID: x.xxxxxx

Forward Lookup
Attempting a forward lookup...
Found the forward lookup attribute and the following groups will be mapped:
CN=Access Global Users,OU=Group_Access,OU=xxxxxx Users,DC=xxxxxx,DC=gr
CN=Domain Users,CN=Users,DC=xxxxxx,DC=gr
CN=Remote Desktop Users,CN=Builtin,DC=xxxxxx,DC=gr

Reverse Lookup
Attempting a reverse lookup...
Searching LDAP for (member=CN=username,OU=xxxxxx_Users,OU=xxxxxx Users,DC=xxxxxx,DC=gr)
Found the reverse lookup attribute and the following groups will be mapped:
CN=Remote Desktop Users,CN=Builtin,DC=xxxxxx,DC=gr
CN=Domain Users,CN=Users,DC=xxxxxx,DC=gr
CN=Access Global Users,OU=Group_Access,OU=xxxxxx Users,DC=xxxxxx,DC=gr


:: PHP LDAP Debug V1.06 Script Finished :: 

The AD credentials i use in the ldapdebug.php also use them in the 2 plugins 1)Authentication - JMapMyLDAP and the 2) User - JMapMyLDAP
When i try to login with username@mydomain.gr or with my username without @mydomain.gr (Windows 2003 Server AD credentials) i get the error i mention.

If you are able to help would be nice :)

And last i want to ask that.... in the joomla user manager i see only the default joomla admin..... there is no account from my AD. I thought after the correct configuration in both 2 LDAP plugins the user manager will be populated with my AD LDAP users?? is that correct or i have misunderstood
Also the default Joomla's "Authentication - LDAP" plugin is disabled

Best regards
John

ricksebak
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Aug 01, 2013 8:37 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ricksebak » Thu Aug 01, 2013 9:08 pm

I found this plugin the other day and it looks useful, but I'm having a bit of trouble getting group mappings to work. I installed the plugin and attempted to configure it, but when I try to log in to Joomla with LDAP credentials the Joomla login is rejected. My ldap logs show that Joomla's ldap query is connecting but not returning any results. I suspect I messed up the user mapping somewhere.

If anyone can tell me how I should set up the user mapping I would appreciate it.

Here's the boring details:

Joomla 2.5.11, openldap, Apache, PHP 5.3.10, Ubuntu. The LDAP server is used with many other apps and is fine in general.

Here are the settings that I used (successfully) in ldapdebug.php and in the Authentication - JMapMyLDAP plugin:

LDAP v3: check
Host: myserver.mycompany.com
Port: 389
BaseDN: cn=joomla-admins,ou=groups,dc=mycompany,dc=com
UserDN/Filter: cn=[username],ou=people,dc=mycompany,dc=com
Map User ID: uid
Map Full Name: displayName
Map Email: mail

And here are screenshots of my LDAP database itself, so you can see how I've got my data in there.

Screenshot of cn=joomla-admins,ou=groups,dc=mycompany,dc=com group: Imagehttp://oi39.[removed].com/1z2et6u.jpg

Screenshot of an individual user account, in case that helps: Imagehttp://oi43.[removed].com/wvu8zm.jpg

Here's how I've got the user mapping set up now, but Joomla's ldap queries aren't returning any results, so obviously I'm still missing something:

Mapping list: cn=joomla-admins,ou=groups,dc=mycompany,dc=com:7
Lookup type: Reverse
Lookup attribute: uniqueMember
Lookup member: dn
Use recursion: no
DN attribute: distinguishedName
Depth: 0

Thanks in advance

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Thu Aug 01, 2013 9:38 pm

It looks like you have the correct mapping configuration based on your screenshots which should be calling the query:

(uniqueMember=[User DN])

Not sure about the authentication base dn ? I can't remember whether using a Full DN to a group object will still return it... maybe try just "dc=mycompany,dc=com" ?
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Thu Aug 01, 2013 9:56 pm

If anybody encounters the same issues that desperandos posted above (http://forum.joomla.org/viewtopic.php?f ... 7#p3059457), then the solution was to disable the K2 User Plug-in.

I'd recommend setting up the LDAP extensions in a fresh Joomla installation to ensure other extensions do not conflict.

Also, if you are reading this thread wanting to use any of the features from version 2 such as profile and user creation/deletion, then test builds are up http://shmanic.com/tools/jmapmyldap/doc ... tarted.htm
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

ricksebak
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Aug 01, 2013 8:37 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ricksebak » Fri Aug 02, 2013 6:10 pm

Thanks ShMaunder. I think I might be a bit closer, but it's still not letting me login to Joomla with credentials stored in LDAP. I changed the BaseDN as you suggested, dc=mycompany,dc=com, and every other setting remains the same as it was in my first post.

I can tell from my ldap logs that the plugin's query returned some results, so that's progress, but it still doesn't let me log in. Do you have any other ideas where I might be going wrong? Is there any other information or screenshot that might help?

Here's the full session in my ldap logs:

Code: Select all

slapd[11123]: conn=440045 fd=162 ACCEPT from IP=10.100.10.10:54506 (IP=0.0.0.0:389)
slapd[11123]: conn=440045 op=0 BIND dn="cn=john.lastname,ou=people,dc=mycompany,dc=com" method=128
slapd[11123]: conn=440045 op=0 BIND dn="cn=john.lastname,ou=people,dc=mycompany,dc=com" mech=SIMPLE ssf=0
slapd[11123]: conn=440045 op=0 RESULT tag=97 err=0 text=
slapd[11123]: conn=440045 op=1 SRCH base="cn=john.lastname,ou=people,dc=mycompany,dc=com" scope=0 deref=0 filter="(objectClass=*)"
slapd[11123]: conn=440045 op=1 SRCH attr=dn displayName uid mail
slapd[11123]: conn=440045 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[11123]: conn=440045 op=2 SRCH base="dc=mycompany,dc=com" scope=2 deref=0 filter="(uniqueMember=cn=john.lastname,ou=people,dc=hmsinc,dc=com)"
slapd[11123]: conn=440045 op=2 SRCH attr=dn
slapd[11123]: conn=440045 op=2 SEARCH RESULT tag=101 err=0 nentries=19 text=
slapd[11123]: conn=440045 op=3 UNBIND
slapd[11123]: conn=440045 fd=162 closed


ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Sat Aug 03, 2013 2:46 pm

Ah I missed that the authentication part was failing as well.

In that case, try to disable the "User - JMapMyLDAP". Next turn on the System Debug (JDEBUG) and try to log in again. If that fails, then see if anything is printed in /logs/error.php.

Though as it is attempting to do the group mapping search, then I guess the authentication is successful and something in Joomla is blocking the login for the user. Could be Autoregister, invalid fields (such as email), duplicate email with other Joomla users or the groups not being assigned correctly.

Are you only trying the one user from LDAP?

Hopefully the log might show up some results in JDEBUG mode.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Mon Aug 05, 2013 12:04 am

After lots of commits and documentation writing over the past week, version 2 is ready for testing. I should note this is for LDAP integration only (SSO/SSI is not ready, however SSO HTTP does work). It would be great if the community can help out with LDAP testing where possible.

Version 2 contains support for multiple LDAP host configurations, Group Mapping (bi-directional), User Profiles (bi-directional), Password Changing, User Creation, User Deletion, Domain Support (through form injection and a module), LDAP user sync through CLI script, inbuilt LDAP debugger and improved logging.

The getting started guide can be found at: http://shmanic.com/tools/jmapmyldap/doc ... tarted.htm

General version 2 documentation can be found under the version 2 heading: http://shmanic.com/tools/jmapmyldap/documentation

Please report issues by either emailing me, creating a issue on Github, posting a comment here or connecting to me on Skype. Please provide debug logs by enabling the debugging in the "SHLog - LDAP" plug-in.


I'm going to start updating and re-factoring the JAuthTools-SSO project for Joomla! 2.5+ where Sam left off.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

ricksebak
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Aug 01, 2013 8:37 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ricksebak » Tue Aug 06, 2013 5:10 pm

Thanks for your continuted help with this ShMaunder.

I created a new user in my ldap directory and then watched tcpdump so I could see the ldap server's response. It is responding successfully, so I think ldap itself is fine.

It must be the case that something else in Joomla is blocking the login as you suggested. But unfortunately the only thing I'm getting in error.php is:

Code: Select all

2013-08-06      16:33:53        INFO    10.100.11.14    LDAP CANCELED: 
2013-08-06      16:35:48        INFO    10.100.11.14    LDAP CANCELED: 
2013-08-06      16:45:16        INFO    10.100.11.14    LDAP CANCELED: 
2013-08-06      16:46:20        INFO    10.100.11.14    LDAP CANCELED: 
Is there any way to get the plugin's logging to be more verbose?

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Tue Aug 06, 2013 7:43 pm

For anybody else experiencing the issues ricksebak reported and trying to use the administrator / back-end, then ensure the Auto Register setting is set to "Override - Yes".

This is now documented for clearer instructions: http://shmanic.com/tools/jmapmyldap/doc ... issues.htm
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

mlaffoon
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sun Sep 01, 2013 7:23 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by mlaffoon » Sun Sep 01, 2013 7:28 pm

Hi,

I'm running into problems trying to use the cli to sync a large number of users (>2000). After about 1400 or so, I start receiving errors like:
"10511: Fatal error (Failed to save user 'f136207' due to table check error 'JLIB_DATABASE_ERROR_VALID_MAIL'.) for user: f136207."

Until I finally get:

"Users Success: 1447.
Users Failed: 1970.

PHP Warning: mysqli_ping(): Couldn't fetch mysqli in /var/www/html/libraries/joomla/database/database/mysqli.php on line 190

Warning: mysqli_ping(): Couldn't fetch mysqli in /var/www/html/libraries/joomla/database/database/mysqli.php on line 190"

Any ideas as to what I need to do?

Thanks!

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Mon Sep 02, 2013 12:29 pm

The mysql_ping warnings shouldn't be causing any issues.

Does the failed users have valid email addresses in their LDAP accounts? Also, does your "All User Filter" ignore any users with blank email addresses like (&(objectClass=person)(mail=*)) ?
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

mlaffoon
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sun Sep 01, 2013 7:23 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by mlaffoon » Wed Sep 04, 2013 6:53 pm

The failed users do have valid email addresses. The all user filter is as follows:

(&(objectCategory=Person)(sAMAccountName=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

Basically doesn't look at disabled accounts.

Thanks,
Mark

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Wed Sep 04, 2013 7:06 pm

Can you authenticate normally through the site with any of the failed users?

Also, I think the logging works through the cli. Can you enable the "SHLog - LDAP" plug-in and ensure all the debugging options in the plug-in is switched on, then run through it again. See if anything is printed to the specified log files.

I will try to replicate on my end over the next few days.


Edit: I've just realised the logging won't work in the CLI as SHLog::import('shlog'); is not called. But if you can check whether a failed user can log in to the site without issue will narrow down the potential causes.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

User avatar
deserteagle
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Sun Jan 16, 2011 4:24 am

JMapMyLDAP - LDAP Group Mapping work for 1.7, version2 can't

Post by deserteagle » Mon Sep 23, 2013 3:36 pm

I have the group mapping work on a joomla1.7+ jmapldap extension (verstion1 I think), user can be mapped to different group,or 2 or more group, like registed, manager,author.

I newly have a joomla 2.5 + jmapldap (version2) installation, but user can only map to registed, no other group can successfully mapped.

I compared and checked every configuration, almost same, maybe a bug.

wamp 2.1e, Active Directory, windows 2008
Life is a journey.

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Mon Sep 23, 2013 5:12 pm

can you send me screenshots of the LDAP dashboard, LDAP settings (middle tab) and Shmanic Config (SHConfig) screens? Can be via email if you don't want to post on public forum.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

paulf123
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Fri Dec 10, 2010 7:31 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by paulf123 » Mon Sep 23, 2013 10:48 pm

Hi Shaun. Thanks for this plugin(s.)

I AM able to get auth working but not group mapping. I tried going to v2 to see if that made any difference. Am using MS AD. In this example I want all members of the ou=main, ou=agents to be mapped to the joomla group "agents".

a) I have enabled all logging features but do not see anything in the logs to do with group mapping, just authentication. Example:
Attempt to retrieve user distinguished name using 'sAMAccountName=agent1' with search.
Successfully authenticated agent1 with distinguished name CN=agent1,OU=agents,OU=Main,DC=internal,DC=foo.


b) Shmanic LDAP: Host Config
Use Search: Yes
Base DN: ou=main,dc=internal,dc=foo

c) Tried almost every possible configuration for LDAP Group Mapping and variations for Mapping List ie:
ou=agents,ou=main,dc=internal,dc=foo:10

Most likely this is my lack of understanding LDAP?

Thanks!

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Thu Sep 26, 2013 1:09 pm

Did you sort this out Paul? From what I can gather you didn't specify a group only a OU?

Usually groups start with cn=mygroup,ou=agents....

You only require the first part as well in the mapping list so:
cn=mygroup : 10
would map the AD group mygroup to joomla id 10.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

paulf123
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Fri Dec 10, 2010 7:31 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by paulf123 » Sun Sep 29, 2013 8:21 am

Hi Shaun. Thanks for replying. Yes I guessed that was the problem. I was hoping to map though more by OU rather than security groups but I guess this isn't possible? Specifying cn=domain users, ou=xyz won't map the user to joomla group only if in that ou? Sorry if I'm AD/LDAP ignorant.

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Sun Sep 29, 2013 11:21 am

There is a catch where the default group of each user cannot be mapped. By default, AD sets the default group of all users to "Domain Users" so therefore that one group cannot be mapped.

If you're on version 2 then you can use the inbuilt debugger to list all attributes, else you can use the dedicated LDAP debug tool http://shmanic.com/tools/jmapmyldap/doc ... method.htm

Look at the memberOf attributes for values you can use from the debug.


But yea, you have to use groups with jmml. There was another plug-in from a different author that could do by OU - http://webdesignfavourites.com/portfoli ... -7-bridge/ - I've never tested this though.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

vielhuber
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Wed Oct 12, 2011 7:40 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by vielhuber » Tue Oct 15, 2013 5:45 pm

Hello Shaun, hello Community!

I'm testing JMapMyLDAP v2 (newest version from the build server).
Successfully tested
- User-Sync / Login with multiple hosts
- Group Mapping

You make an awesome work!

Now I am stuck with SSO HTTP.

It seems to me that the function is not yet implemented in v2?

The variable _SERVER["AUTH_USER"] and _SERVER["REMOTE_USER"] is filled in correctly with DOMAIN\name. So there is no problem in the Server configuration.

I did all the steps from http://shmanic.com/tools/jmapmyldap/doc ... ooting.htm (only Ver. 2).

If I go to the Joomla-frontpage, nothing happens (the user is simply not logged in automatically).

sso.debug.php says the following:

2013-10-15T17:37:20+00:00 15068 LIB_SHSSO_DEBUG_15068
which means No detection plug-ins found.

I also find no configuration method like "SSO - HTTP" like in version 1, where I can change User Replacement and so on.

What to do now?

Thanks in advance
David

nine8299
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Tue Oct 22, 2013 2:03 pm

IIS issue, but worth a shot!

Post by nine8299 » Tue Oct 22, 2013 2:21 pm

Hi, I'll preface it with what I am trying to achieve: a website functioning as both intranet and school website, with JMAP giving SSO from inside school, with logon available outside, giving public only news externally, but allowing students and staff to logon and access private materials as well.

Currently I run two nearly identical websites which is a real PITA! Copying settings and articles etc.

I've set up a new installation on IIS2007/Server 2008 and have got JMAP/SSO working from an authenticated user station. To get SSO working I had to turn off Anonymous Authentication in IIS and enable Windows Authentication. Works almost brilliantly, except if you use a non domain PC now it asks for credentials. If I turn AA back on, SSO stops working but anyone can access the website and log in with their AD details.

A little search says that IIS will always use AA first - I can't seem to find an option for it to fall back after trying to grab WA from the machine.

I'd really love to keep SSO, teachers wont generally log in, short of time etc etc. If anyone has any ideas, I'd love to hear them. Maybe just falling back to Apache might fix it, if we need to that's ok but I'd rather keep to one hosting app.

Thanks! And thanks for the plugin, all the help made it very easy to get running up to this point!

James

vielhuber
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Wed Oct 12, 2011 7:40 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by vielhuber » Tue Oct 22, 2013 2:42 pm

Hi James!

Can you tell me, which version of JMapMyLDAP do you use?

I am trying to get SSO with Version 2 running, but it does not work (see topic above).

Thanks in advance for your help
David

vielhuber
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Wed Oct 12, 2011 7:40 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by vielhuber » Wed Oct 23, 2013 7:16 am

@James

Perhaps this could help you:
http://blog.toolroom.at/post/MVC-Window ... lback.aspx

nine8299
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Tue Oct 22, 2013 2:03 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by nine8299 » Wed Oct 23, 2013 8:26 am

Thanks Viel, I'll have a look through the link :) I am starting to think it wont be possible this way from the various docs online, but I have an idea that might work and save me much hassle.

I am using the latest release of Joomla and most recent files from JMAP, IIS7/Server2008.

I am going to test whether I can set up 'another' website that is actually the same folder, database etc, have one WA, the other AA, with AA front facing and WA being internal. In theory a change made on either will reflect on both, and people can log in manually externally.

Will post back soon hopefully very happily!

Edit: She's alive! Hooray! :D just got to wait for EIS to update our DNS info and I can finally make the website how I want :)

vielhuber
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Wed Oct 12, 2011 7:40 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by vielhuber » Wed Oct 23, 2013 7:12 pm

most recent files from JMAP
Is this version 2?

How did you get SSO running?

Please post a simple link to information to set it up.

Thank you very very much, James!!

nine8299
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Tue Oct 22, 2013 2:03 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by nine8299 » Thu Oct 24, 2013 11:46 am

Hi buddy, have you made sure to install the SSO plugins, they come as a separate download? Next to check (if you are using IIS) is that windows authentication is installed. It was not for our installation, but was very simple to do:

http://www.iis.net/configreference/syst ... entication

Then on your site under authentication enable WA, and disable anonymous authentication, that did the trick for me. I'm very new to IIS, I have to admit I got by with google and looking at what an engineer had setup already when we set up our VM solution.

vielhuber
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Wed Oct 12, 2011 7:40 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by vielhuber » Fri Oct 25, 2013 12:19 pm

Hi James!

Windows Authentication is running, anonymous Authentication is disabled.
Everything is fine!
have you made sure to install the SSO plugins, they come as a separate download?
Which one? As i said, I use Version 2 of JmapMyLDAP (not version 1). And I don't find any separate downloads of SSO, please look here:
http://shmanic.com/tools/jmapmyldap/doc ... ooting.htm
Shmanic writes, that I don't need any downloads, or am i wrong?

Can you help me? THANKS :-)

vielhuber
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Wed Oct 12, 2011 7:40 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by vielhuber » Wed Oct 30, 2013 7:51 pm

Hi James! Can you please give me a short feedback to my question? This is very important. Thank you very much.

heleum
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Wed Nov 06, 2013 9:27 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by heleum » Wed Nov 06, 2013 1:14 pm

Hi Shaun,
sorry for double-posting, I postet here:
http://forum.joomla.org/viewtopic.php?f ... 0#p3102489

but I think this thread fits better:

my problem: I set up now Joomla 3.1 and I finally managed that it worked with ldap, nearly with the same installation like in the joomla 1.5, but new users are not added to the ldap. In the old Joomla 1.5 Version it worked very fine from Joomla to ldap.
It works vice versa, from ldap to Joomla, so a new ldap user is added by the login in ldap.

I'm using the plugins "Authentication - JMapMyLDAP" and "User - JMapMyLDAP". Is it possible to change the settings to input user in the ldap from joomla 3.1? Would it work with joomla 2.5?

Old setup: I had an old Joomla installation 1.5 with the plugins "Authentication - LDAP" and "User - LDAP". The Joomla and ldap installation was done like in the artikle "http://community.joomla.org/july-2008/a ... ffatt.html"
I'm not very common with ldap, but I was using it for Joomla and SVN.
New users where added via Joomla and then automatically added to the ldap. It worked very fine in the Joomla 1.5 installation.

Thanks!

sgvfr
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Mon Dec 09, 2013 6:02 am

Group mapping won't update existing Joomla users

Post by sgvfr » Sat Dec 14, 2013 8:41 pm

I thought I posted this to the correct place earlier, but did not so here we go.

I installed and configured JMapMyLDAP and it's working great to authenticate, but only partially to map the groups. I have created a group on my LDAP for administrators to do certain functions, and view special content on the website.. The issue is, if the user already exists in Joomla, the group mapping will not apply to the user. If I delete the user from Joomla, and they log in again, the mappings are created correctly and work fine.

Also, if I remove a user from the LDAP group, they are not downgraded in Joomla after authentication.

I've allowed removals, and override autoregister = yes. no change in any behaviour.

Does anyone have any thoughts??


Locked

Return to “Extensions for Joomla! 2.5”