Page 11 of 12

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Sun Jul 06, 2014 11:13 pm
by thiagofasano
Hello Congratulations and thanks for this great extension!

I Already have LDAP authentication work correctly. But the setting through the SSO is failing when active SSO-DicretoryLDAP. The error that appears is exactly this:

SSO-Debug:
2014-07-05T13: 06:50 +00:00 15068 No SSO detection plug-ins found.

ldap-Debug:
2014-07-06T23:06:45+00:00 101 Attempting connection to LDAP with host XX
2014-07-06T23:06:45+00:00 101 Successfully connected to XXX. Setting the following parameters: ldapV3
2014-07-06T23:06:45+00:00 101 Successfully connected.
2014-07-06T23:06:45+00:00 101 Closed connection.

Could you help me?

The authentication LDAP work perfectly out SSO.

My server:
XAMPP Win32-1.8.3-4-VC11-installer
Windows Server 2008 R2 Enterprise Edition Service Pack 1
Apache/2.4.9 (Win32) OpenSSL/1.0.1g
PHP 5.5.1
Joomla 3.3.1
Active Directory

Thx.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Tue Jul 08, 2014 12:44 am
by krj10
First, Thank you for this great extension.

I have a issue that I need to fix, if anyone can help me please.

The extension works well and create users in joomla, but when the person are logged in server and enter in joomla at his first time he gets a 500 error, if he reload then he is now automatically logged and everything works well without any other problems, but I need to stop this 500 error at users first login.

The 500 error page do not give me any other detail. I checked, despite the 500 error the user is created in the first login.

Thank you.

I am in Windows Server 2012 -Joomla 3.2.4 - with PHP 5.4.24

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jul 09, 2014 8:34 am
by MrFreezer
a friendly Warnung to everybody using joomla 3.3

it seems like the update from 3.3.0 to 3.3.1 broke the Group mapping inside the ldap-module.

first i suspected my ldap-installation but i took another joomla which is still @ 3.2.x and installed the shmanic ldap modules - and it works like a charme.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jul 09, 2014 8:42 am
by Kiran cheema
@MrFreezer I have it working fine in a 3.3.1 install... i did notice that the auto updater didn't update all the shmanic compoments to the latest version? I did a manual update with the latest package from the site and it all seemed to work fine again.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jul 09, 2014 9:02 am
by MrFreezer
hmm i'll give it a try and Report.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jul 09, 2014 9:31 am
by Classfan
Hello,

I'm using Joomla 3.3.1 and these plugins/components 2.0.1.16.

Actually the LDAP-login works fine with AD on a Windows Server 2008 R2. But is there a way to change the attributes this plugin uses to login a AD-user?

It currently uses his username and his password. I'd like to change the username attribute to the sAMAccountName attribute. Why? If a user logs in into Windows he also uses this attribute instead of the username. Would be great if someone could tell me how i can change this because username and sAMAccountName are different on our AD.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jul 09, 2014 12:30 pm
by Kiran cheema
@Classfan

you can define those attributes in the LDAP connection settings : go to components > shmanic LDAP > LDAP host configurations. select you connection... you will find the mapping attributes in there

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jul 09, 2014 1:08 pm
by Classfan
Well, thanks for the help @Kiran cheema.

I've checked my mapping setting now again, but i can't find where my mistake is.
That are my mapping settings:

Map User ID *: sAMAccountName
Map Full Name *: sAMAccountName
Map Email *: mail
Password Attribute: unicodePwd
Password Hash: unicode
Password Prefix: no

If i login by using the method with the AD-username, a joomla user ist created after successfull login. The name is like the sAMAccountName there, but i can't login somehow..


While writing this i've tested some things to get this to work. I think I know now why i can't login with the created joomla-user. I checked the database of my site and i could see that the user has no password. If i set a password for the user through the database, i can login.

Usually the plugin should grab the password from AD and save the password of the user in the database. Am I right with that?

As I said, I'm using AD, but is the password-mapping that i posted above not correct? I don't know what i should change there..

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jul 09, 2014 1:19 pm
by Kiran cheema
there is a setting somewhere that sets "null password" (yes/no option ) in components > shmanic config i think . I always have it to null and it works fine ... do you have any plugins active e.g. the profile or mapping plugings? check that they are not set to abort on login( i.e. abort if sync fails)

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jul 09, 2014 1:33 pm
by Classfan
I've checked my settings from the options you posted and changes them now to this:

Null password: Yes
Abort Login: No

Only the "Deletion" and "Injection" Plugin are now deactivated. The rest of the ldap plugins are activated.

Tested again, still the same. I can login by using the AD username, not the sAMAccountName. After that successfull login the joomla user gets created. The name there is like the sAMAccountName, like in the mapping settings. And there's still no password..

what now?

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jul 09, 2014 1:52 pm
by Kiran cheema
to get the password saved : Null Password = no

also check all instances of abort login

plus disable the password and creation plugins

the only ones you need (to start with) are the platform , authentication -user adapter (and maybe profile) disable everything else and then add them back in one by one

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jul 09, 2014 2:12 pm
by Classfan
Even if I set Null Password to No, theres still no password saved. (btw, the AD-user has a password)

Tried it with the plattform, the authentication-adapter and the profile plugins enabled. All other where disabled.
Tried to login, everything is still like before.. (except that the user is now in the default-group, because of the deactivated group mapping plugin)

Tried it then with the profile plugin deactivated too. No difference..

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jul 09, 2014 2:36 pm
by Kiran cheema
er running out of suggestions!
is the user autoregister set to override - true?
you could try re-ordering the authentication plugins to have the LDAP one first then the joomla one?

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Thu Jul 10, 2014 7:05 am
by Classfan
Autoregister ist set to override - true.

Tried several orderings. LDAP one first, joomla one first, joomla one disabled...

It's still the same, exactly the same as before..

I don't know what i could change to get it to work correctly.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Mon Jul 14, 2014 1:43 pm
by Classfan
Hey Guys,

I just wanted to say that i could get it working. I can login now by using the sAMAccountName with the password from AD. My User DN/Filter was wrong.

But there's one thing that still confuses me.. The password does still not get saved in the database of Joomla. Even after a successfull login, everything gets mapped like it should, except for the password. I'm wondering now, is that even possible?

And I have another question. After getting the ldap-part working, i tried the sso part. Configured all plugins and enabled them and tested it, but it didn't work.

I tried it then with the sso-dummy plugin. I enterd the AD username that I'm currently logged in on Windows and tried then to visit the website. The sso worked now.

The I tried to disable the sso-dummy again, visited the website and I wans't logged in. Then I ckecked the sso.debug.php:

Code: Select all

No SSO detection plug-ins found.
This line comes up everytime i try to visit my website with enabled sso. That means that it can't detect the User that is logged in windows, right? How can i fix that?

Some infos:
OS: Windows xp
Webserver: Apache from xampp. Running on same computer.
User-key in SSO-HTTP-plugin: REMOTE_USER

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Mon Jul 14, 2014 1:55 pm
by Kiran cheema
With Ldap there is no need to keep local copy of the password the system checks the AD everytime to confirm the password is current.

With sso you need to make sure your server is configured for it and it mostly works with Internet explorer you may need plugin for Firefox

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Mon Jul 14, 2014 2:16 pm
by Classfan
Hmm good to know. Thanks for the help for ldap. ;)

I already installed the plugin for firefox. I tried it also with internet explorer but it didn't work with that too.

Do you know any tutorial or something how i can configure my xampp server to let it allow sso?
I already found some, but you had to install some modules to the server, that seem not to work with the current version of apache. These threads that i found were already some years old..

Xampp 1.8.2 / PHP 5.4.27

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Mon Jul 14, 2014 4:04 pm
by thiagofasano
Please, someone already went through this? any tips?
thiagofasano wrote:Hello Congratulations and thanks for this great extension!

I Already have LDAP authentication work correctly. But the setting through the SSO is failing when active SSO-DicretoryLDAP. The error that appears is exactly this:

SSO-Debug:
2014-07-05T13: 06:50 +00:00 15068 No SSO detection plug-ins found.

ldap-Debug:
2014-07-06T23:06:45+00:00 101 Attempting connection to LDAP with host XX
2014-07-06T23:06:45+00:00 101 Successfully connected to XXX. Setting the following parameters: ldapV3
2014-07-06T23:06:45+00:00 101 Successfully connected.
2014-07-06T23:06:45+00:00 101 Closed connection.

Could you help me?

The authentication LDAP work perfectly out SSO.

My server:
XAMPP Win32-1.8.3-4-VC11-installer
Windows Server 2008 R2 Enterprise Edition Service Pack 1
Apache/2.4.9 (Win32) OpenSSL/1.0.1g
PHP 5.5.1
Joomla 3.3.1
Active Directory

Thx.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jul 16, 2014 8:24 am
by Classfan
SSO is working now too for me. I had to add the module "mod_authnz_sspi.so" to apache. Then it worked fine. :)

Here's the code I had to add to the httpd.conf:

Code: Select all

LoadModule authnz_sspi_module modules/mod_authnz_sspi.so 
LoadModule php5_module "c:/xampp/php/php5apache2_4.dll"

<Directory "c:/xampp/htdocs/WEBSITE">
Options None
AllowOverride All
Order allow,deny
Allow from all
#AuthName "SSPI Protected Place"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
SSPIOmitDomain Off
Require valid-user
</Directory>
You have to replace "WEBSITE" with the correct name..

@thiagofasano

as you're getting the error "No SSO detection plug-ins found." too, you may also have to add a plugin to your webserver. As you're running on a xampp on windows, maybe my short tutorial helps you out.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Jul 16, 2014 1:15 pm
by thiagofasano
Thanks for your help.

Through his tutorial plugin SSO-HTTP works internally.
But when access is external, it asks username and password through a box of the browser.

How do I get show login joomla for external access? Thanks for your help.

Obs.: The setting to my intranet site is offline so that only registered users to access.

see the image with error.
accessExternal.jpg

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Tue Jul 22, 2014 10:32 pm
by lt450
[SOLVED] - nevermind, it throws an error on the backend when you test/debug but appears to work fine on the front end.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Tue Aug 05, 2014 3:56 pm
by ssemegran
I contacted Shaun about this but I thought I'd post here too, for future reference:

I have an issue using your SSO plugin that I was hoping you could assist with. I'm using JmapMyLDAP ver 2 on the following setup:

Joomla! 3.3.3
Windows Server 2008 R2 Enterprise Edition Service Pack 1
MySQL 5.6.18
PHP 5.3.28
Apache 2.2.25

I have successfully configured for SSO and LDAP. When I browse to the frontend, my login module (I use CB Login for Community Builder) shows that I'm logged in properly. But when I click the edit link for an article, the page reloads without showing the text editor. When I disable the SSO - HTTP plugin then click the edit link for an article, the text editor does appear properly and I can edit the article. When I re-enable the SSO - HTTP plugin, then I can't edit articles again.

Here is some info from the sso.debug.php file:

2014-08-05T14:03:10+00:00 15066 Successfully detected user 'xxxxxxx' using SSO plug-in 'PlgSSOHTTP'.
2014-08-05T14:03:10+00:00 12612 Successfully logged in user 'xxxxxxx'.
2014-08-05T14:03:10+00:00 15079 Successfully logged in user 'xxxxxxx' via SSO.
2014-08-05T14:03:11+00:00 15066 Successfully detected user 'xxxxxxx' using SSO plug-in 'PlgSSOHTTP'.
2014-08-05T14:03:11+00:00 12612 Successfully logged in user 'xxxxxxx'.
2014-08-05T14:03:11+00:00 15079 Successfully logged in user 'xxxxxxx' via SSO.
2014-08-05T14:03:11+00:00 15068 No SSO detection plug-ins found.

'xxxxxxx' is my username (so that's correct). What does it mean by 'No SSO detection plug-ins found.'?

Any help would be greatly appreciated.
Thanks!
Scott

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Tue Aug 26, 2014 8:06 am
by MrFreezer
Kiran cheema wrote:there is a setting somewhere that sets "null password" (yes/no option ) in components > shmanic config i think . I always have it to null and it works fine ... do you have any plugins active e.g. the profile or mapping plugings? check that they are not set to abort on login( i.e. abort if sync fails)
the Problem is that i Need the exact opposite... i must have Passwords (or at least ANY string) inside the Password-field.

and the other Thing is that the plugin still acts as a showstopper when there is no account in the ldap and i add another user inside joomla (which on purpose is not injected into the ldap) while being logged in with an ldap-account.

Background is we got several Portals which we administer with a Team of 5 admins and several Project guys and salespeople. and we neither want to add the accounts to the sites everytime a new site or Person is added as well as we do not want to Keep the Passwords in sync over 20 or more sites.

but since every site is for another Client, we also Need "local" users for them and for now we prefer to Keep them inside the joomlas.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Tue Aug 26, 2014 8:10 am
by MrFreezer
Kiran cheema wrote:With Ldap there is no need to keep local copy of the password the system checks the AD everytime to confirm the password is current.
be ensured, there is ;)

in fact it does not have to be a valid Password hash but "anything" for several things to work.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Sep 10, 2014 6:03 pm
by 911technohill
I receive a failed to bind ldap user message when I do not have the User DN/ Filter field match the distinguished name field in AD exactly. The problem seems to be the CN. In AD the distinguished name is in the following format, CN=Smith\, Steve,OU=IT,DC=test,DC=org. What can I put in the User DN field to get this to work for eveyone in the IT OU? Thanks in advance for your help. I tried the following and it did not work, (sAMAccountName=[username]),OU=IT,DC=test,DC=org.

Travis

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Thu Sep 18, 2014 6:32 pm
by redcloud2
Well, Have spent all day trying to make this work with sso so if anyone have any tips I would be most grateful. I have a joomla 1.7 site on ubuntu. I am using version 1 off the plugin. I have successfully got ldap to work so I can login to joomla with ad login. I have also set up apache so I can se the REMOTE_USER in php info. I have created keys and tried it with the klist command. This works. The dummy sso plugin works as well.

However I just do not understand how to get the sso working. I get a login pop up on my site all the time. I use kerberos in apache but just do not get what should be in the apache file. In php info I can see my username and my domain.

Maybe anyone can assist me?

Please delete

Posted: Tue Sep 23, 2014 8:04 pm
by davkenrem
please delete

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Oct 01, 2014 9:47 am
by Kiran cheema
Just a bit of learning ... if your overide false isn't working in the JMapMyLDAP config settings check the joomla user plugin and switch of auto register in there as well... took me around 4 hours before I figured it out

Might be a bit of a bug - I had assumed that Override false would override the other plugin but it still created users from the front end .... I was planning on using the ldap_cron as a nightly job so didn't want the users to be auto created on the fly ...

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Thu Oct 02, 2014 3:01 pm
by Hobbes99
Hi there,

I'm having some trouble getting this extension to work over HTTPS - does anyone have any experience with this?

What I'm using:-
  • Joomla 3.3.6
  • Apache 2.4
  • PHP 5.5
  • MySQL 5.5
  • JMapMyLDAP v2.0.2.2 (this is NOT a thoroughly tested/stable release, but resolves a critical issue I was unable to circumvent with v2.0.1.6)
  • Connecting to a Windows Server with Active Directory
The problem I'm having:-
My site has recently changed from running on HTTP to exclusively using HTTPS/SSL.

On my test environment, using an exact copy of our live site (but running on HTTP) JMapMyLDAP works perfectly. I can connect to our AD Windows server, pull user data and have Joomla automatically create Joomla user accounts when an AD user logs in to the site.

On the live site (running on HTTPS), attempting to log into the site returns the message "Username and password do not match or you do not have an account yet." and a user account is NOT created by Joomla.

However ... if I test the connection by going to COMPONENTS > SHMANIC LDAP > LDAP HOSTS CONFIGURATION > (HOST NAME/RECORD), the test/debug feature is able to pull a user's data from the remote AD server without any problems. It works whether I test using a regular connection on port 389 OR if I connect via SSL using port 636. So if this test works flawlessly, why is a Joomla account not created when I attempt to login?!

Very confused. Any pointers or ideas as to how I can further debug this issue would be much appreciated ...

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Thu Oct 02, 2014 6:43 pm
by Kiran cheema
Is autocreate enabled? And have you tried enabling the messages in the shlog plugin? (Or checked the log files for messages?)