J3 and LDAP Sync

This forum is for general questions about extensions for Joomla! 3.x.

Moderators: pe7er, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Locked
drammar
Joomla! Apprentice
Joomla! Apprentice
Posts: 49
Joined: Sat Nov 25, 2006 10:36 pm

J3 and LDAP Sync

Post by drammar » Mon Nov 19, 2012 11:18 am

Is there any extension for Joomla 3.x that functions in a simillar fashion to JAuthTools (for J1.5)?

I am asking this because the basic ldap integration that joomla has can read from ldap and import into a database just fine. For what it does, it is perfect... but it is not a complete system. What I need is the ldap sync features that JAuthTools had... to be able to create the user in ldap, as well as update the ldap account when the user changes their password(primary concern) or other shared profile entry(usefull... ie email address).

Running an older version of Joomla (ie J1.5) to make use of JAuthTools is not a viable option as I cannot specify different php options (namely magic quotes) for the different versions. The Apache web server supports this however I am using nginX, and would prefer to stay clear of Apache.

 
cyber7
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Jan 31, 2013 6:03 pm

Re: J3 and LDAP Sync

Post by cyber7 » Fri Feb 08, 2013 12:07 pm

Have a look at: http://aubreykloppers.wordpress.com

I just wrote an in-depth article on how to do this. The basics of it is, ENABLE "Authentication - LDAP".

I am using this against a ZIMBRA LDAP.

If you are unsure of your LDAP strings, you can use FREE windows program called "Softerra LDAP Browser" to troubleshoot your connection.

Hope this helps
Aubrey Kloppers
Cape Town
South Africa

cyber7
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Jan 31, 2013 6:03 pm

Re: J3 and LDAP Sync

Post by cyber7 » Fri Feb 08, 2013 12:13 pm

ps - To limit the logon's to your domain only, look for: http://extensions.joomla.org/extensions ... bnMiO30%3D

cyber7-out

drammar
Joomla! Apprentice
Joomla! Apprentice
Posts: 49
Joined: Sat Nov 25, 2006 10:36 pm

Re: J3 and LDAP Sync

Post by drammar » Sat Feb 09, 2013 10:56 pm

cyber7, thank you for that information.

Joomla authenticates against LDAP just fine. The issue that I was trying to resolve can be shown in the following diagram (what I am trying to address).

1. A person begins to register a new account on a Joomla based website.
2. A Joomla database entry is created as usual and the user then proceedes with email verification.
3. Upon sucessfull verification, the user's DB entry is set to active (not blocked) (note this is the normal Joomla behavior... up to this point)
4. The (registered and verified) user now needs to have their account migrated to the LDAP server (commonly called a sync). This may involve altering their database entry so that Joomla is forced to use the LDAP server instead of it's own database (for user authentication and profiles).

** LDAP should be the primary user database, with Joomla only containing Joomla specific bits of information. Passwords, specifically, should only be stored in LDAP.

Doing this will allow their one account in LDAP to be used on all the sites that it needs to be used on. Each site can get what it needs from the LDAP server (for user accounts) and it also means that if on any site a user changes their password (or other profile information)... well it will change it for every site that used the LDAP server for authentication. This is what I am attempting to do.

With all the plugins out there, as well as the Joomla framework itself... well all the pieces of the puzzle are there for a programmer. They probably just need to be tied together somehow. There is a solution for what I am trying to do, but it unfortunately has nothing to do with Joomla. It's a program called "Password Self Service" or "PWM" and it requires Apache Tomcat. It could work if I ever got through the tons of options that have to be setup. Which brings me back to the point of ..... this should either be in Joomla already or there should be a plugin that can do this.

note: PWM does not use the Joomla Database. It works by creating the account directly in LDAP. Joomla can then pull that authentication from LDAP to allow the user to login.

 

Locked

Return to “Extensions for Joomla! 3.x”