ldap Active directory authentication

This forum is for general questions about extensions for Joomla! version 1.5.x.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
laurensxl
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed Feb 13, 2008 10:21 am

ldap Active directory authentication

Postby laurensxl » Wed Feb 13, 2008 2:22 pm

I want to use Joomla 1.5 for my intranet portal!
There is an possibility to use LDAP authentication, to authenticate my Active Directory users but it won't work? Is there a posibility to test the settings or can somebody give me an manual or tutorial how to set it up?

sevensins
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Sat Feb 23, 2008 5:32 pm

Re: ldap Active directory authentication

Postby sevensins » Sat Feb 23, 2008 6:11 pm

hello!
I have just deployed j1.5.1 and would like to do the same. I have gone through a verity of docs but any pointers / guide lines would be highly appreciated as I am trying to auth almost 3500 students and around 300 faculty members and would like to have single sign on ...

miallen
Joomla! Apprentice
Joomla! Apprentice
Posts: 45
Joined: Thu Mar 22, 2007 3:38 am

Re: ldap Active directory authentication

Postby miallen » Mon Feb 25, 2008 8:38 pm

If your web server is Linux or FreeBSD you could try the Plexcel plugin:

http://www.ioplex.com/joomla_plugin.html

Plexcel provides true SPNEGO Kerberos Single Sign-On, Windows group based access control, username canonicalization (you can choose between ACME\foo or foo@acme.com or ...) and a few other things.

Plexcel is the right tool for the job if you're using Active Directory and J! 1.5 on Linux or FreeBSD.

Mike

liao1k
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Tue Mar 04, 2008 9:13 pm

Re: ldap Active directory authentication

Postby liao1k » Tue Mar 04, 2008 9:26 pm

If we use Plexcel plugin for the Active Directory Authentication from Joomla 1.5 installed on Linux, Do we need to remove the build-in Authentication - LDAP plugin first and then install the Plexcel plugin? Is there any document for making Ldap working on Joomla 1.5? Thanks in advance.

miallen
Joomla! Apprentice
Joomla! Apprentice
Posts: 45
Joined: Thu Mar 22, 2007 3:38 am

Re: ldap Active directory authentication

Postby miallen » Tue Mar 04, 2008 9:52 pm

liao1k wrote:If we use Plexcel plugin for the Active Directory Authentication from Joomla 1.5 installed on Linux, Do we need to remove the build-in Authentication - LDAP plugin first and then install the Plexcel plugin?


No. You don't need to "remove" anything. The Plexcel plugin and the builtin LDAP plugin are totally different and cannot be compared. Plexcel does not use LDAP for authentication, it uses Kerberos.

I really don't know what would happen if both the Plexcel plugin and the LDAP plugin were active at the same time. My best guess is that it just wouldn't work as you expect (e.g. one plugin would work and the other wouldn't).

Mike

liao1k
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Tue Mar 04, 2008 9:13 pm

Re: ldap Active directory authentication

Postby liao1k » Wed Mar 05, 2008 4:10 pm

Can anyone give some help on how to use Joomla1.5 build-in Ldap plugin to authenticate against Windows Active Directory? My Ldap plugin never succeed.

kwylez
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Wed Sep 26, 2007 1:59 am
Contact:

Re: ldap Active directory authentication

Postby kwylez » Fri Mar 14, 2008 1:59 am

Are you trying to do authentication or authentication and authorization from Active Directory.

deuscapturus
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Oct 22, 2007 12:24 am

Re: ldap Active directory authentication

Postby deuscapturus » Mon Oct 27, 2008 10:54 pm

It was a pain to get this working with very little documentation. Basically had to search through forums for the past 3 days.

Here is my working configuration for Joomla 1.5 LDAP auth to Active Directory on Windows 2003.


Host: dc1.domain.com
Port: 3268 (use 389 if you only have one domain controller)
LDAP V3: Yes
TLS: No
Follow Referrals: No
Auth Method: Bind Directly as User
Base DN: cn=Users,dc=domain,dc=com
Search String: sAMAccountName=[search]
Users DN: domain\[username]

Connection username: cn=Administrator,cn=Users,dc=domain,dc=com
Connection password: **********

Map: Full Name: displayName
Map: E-mail: mail
Map: User ID: sAMAccountName

pasamio
Joomla! Ace
Joomla! Ace
Posts: 1318
Joined: Thu Aug 18, 2005 9:27 am
Location: San Jose, CA, USA
Contact:

Re: ldap Active directory authentication

Postby pasamio » Fri Oct 31, 2008 2:06 am

For those seeking documentation there is this:
http://sammoffatt.com.au/jauthtools/

JDiagnostic also has a wizard to help you get AD working properly with J!1.5 which should give you the settings that you need to get things work. JAuthTools should have a link to it, but if you can't find it, http://joomlacode.org/gf/project/pasamioprojects/frs should have the file for you.

Re: Plexcel and J!, having them both set up and working wouldn't cause a conflict unless Plexcel has done something stupid (like telling you to change a regexp that will forbid non-Latin characters...no wait they do, well its lucky everyone uses the standard English characters for usernames and nobody uses Chinese or Japanese names). Sarcasm aside, I was looking at their gear the other day, looks like they simplify things a lot and take a lot of work out of getting AD playing nicely (not always the most fun task), so if you've got the money it might be a solution for you. It does everything in PHP (a compiled module though) so if you wish to expand your authentication/SSO to non-Joomla! properties you'd have to either code it yourself or get a relevant plugin (I believe they support MediaWiki as well). As with everything you have to balance items and see how you go. As I do almost everything based on a Linux box, I can tell you that you don't absolutely need Plexcel but if you're going to do more than just authentication and SSO then it does have some features that might be useful to you.

So personally, I've managed to get LDAP (on LAMP with J!) to play nicely with AD most of the time and I've used Kerberos mostly with Windows clients to get items to play the game nicely and have the user automatically logged in. There are some pitfalls with Windows with some items that aren't obvious (like it being case sensitive!) as well as some issues with their own software (namely Windows 2003 SP1).
Sam Moffatt
Updater, Installer and Authentication Systems
JoomlaCode Backend Systems
Pie.

miallen
Joomla! Apprentice
Joomla! Apprentice
Posts: 45
Joined: Thu Mar 22, 2007 3:38 am

Re: ldap Active directory authentication

Postby miallen » Fri Oct 31, 2008 7:31 am

pasamio wrote:Re: Plexcel and J!, having them both set up and working wouldn't cause a conflict unless Plexcel has done something stupid (like telling you to change a regexp that will forbid non-Latin characters...

The proper fix for this is explained in issue # 10558:

http://joomlacode.org/gf/project/joomla ... m_id=10558

Unfortunately the patch was labelled as a dupe of another patch that still allows non-printable characters. But at least it allows the backslash so I'm not going to chase that rabbit anymore. When people start impersonating other people with usernames that look the same (e.g. pasamio and pas\x01amio are displayed the same) I suppose someone will suddenly realize the significance of issue # 10558.

Anyway, I can't expect admins installing Plexcel to know how to apply a patch more than a line or maybe two (and believe me some people have trouble doing that) so the issue # 10558 patch was not an option. And since not many people use non-ASCII characters in Windows domain usernames I think the current patch suits our user's needs well enough. Also, note that that patch is only required if you want to use the DOMAIN\username canonical form which is not the default.

pasamio wrote:Sarcasm aside, I was looking at their gear the other day, looks like they simplify things a lot and take a lot of work out of getting AD playing nicely (not always the most fun task), so if you've got the money it might be a solution for you. It does everything in PHP (a compiled module though) so if you wish to expand your authentication/SSO to non-Joomla! properties you'd have to either code it yourself or get a relevant plugin (I believe they support MediaWiki as well).

The big difference between Plexcel and the other simple mod_auth_* SSO solutions is that Plexcel is a language-level solution. The other solutions just allow or deny HTTP requests to a particular directory. And they're fairly clumsy at doing that.

For example, we just added a feature to the Plexcel J! plugin that automatically creates/updates a standard J! contact whenever the user authenticates whether it be SSO or using the login form. That sort of stuff will never be possible with Apache modules that have no intelligence of the application layer.

Mike

pasamio
Joomla! Ace
Joomla! Ace
Posts: 1318
Joined: Thu Aug 18, 2005 9:27 am
Location: San Jose, CA, USA
Contact:

Re: ldap Active directory authentication

Postby pasamio » Fri Oct 31, 2008 12:42 pm

I had something that used to do that in 1.0's days, actually was configurable so you could push data in from LDAP into any table, although it shipped with defaults for the contact's table. Haven't had the chance to update it for 1.5 but I'm sure I'll get there with time.

I'm sure for the majority of English speakers, limiting to just those sets of characters will be fine, but its not something that I can really in good faith commit to be honest, my old friend 瑞花 would probably object. Of course it would be nice if the language itself provided us with better support but we'll have to wait for PHP6 to really have that - once we get to that point most of this will be easy.

So when people start pushing non-printable usernames around and trying to find an exploit for that then I'm sure we can look at it then perhaps with a more interesting filter - to be honest I didn't want to spend the time thinking about it since I've got a rather large amount of work to do as it stands. I'm sure it'll happen sooner or later, but it would need rather extensive testing, perhaps something to do looking at 1.6 when we have a chance to redo the testing. The simple testing I did do failed in some of the cases. I actually put that patch through so that Plexcel didn't have to change anything to work properly with that option after I read through the documentation. I'd much rather make that the system not be quite right but work in situations where it should - whilst not everyone agrees that we should let the black slash though I can see its usefulness. The original regexp shows more a misunderstanding of regexp than anything which is why its broken to begin with or perhaps it was copied from somewhere else that might be right.

And I'm not disagreeing that the mod_auth_* plugins are ugly. If you want full auth then they're good for that, anything less than full is a bit more tricky. What I'd personally love to see is a situation where instead of forcing authentication when not required (e.g. what mod_auth_* does), pushing to use say Kerberos/NTLM (or even Basic auth) when we need to authenticate the user and then fall back to the standard login prompt. If the user can be authenticated in that then they're let into their page without having to go to the login page saving us a much more expensive request and transfer - and in a properly set up enterprise environment something completely transparent to the user. That is something that I would like to see in 1.6, preferably with a Basic auth plugin by default and other plugins developed later - perhaps a Plexcel one that would issue Kerberos/NTLM. Not quite sure how this would work in practice (perhaps a common requestAuth function somewhere that implements the required functionality), but I'm sure we've got some time to work on it if I could find someone interested.
Sam Moffatt
Updater, Installer and Authentication Systems
JoomlaCode Backend Systems
Pie.

SCGSG
Joomla! Apprentice
Joomla! Apprentice
Posts: 18
Joined: Wed Mar 25, 2009 12:15 pm

Re: ldap Active directory authentication

Postby SCGSG » Wed Mar 25, 2009 12:22 pm

Can anyone point me in the right direction to get NTLM to work if Joomla is installed on a Windows Server. Joomla is installed on Windows 2003 with Apache 2.2 and PHP 5. Any ideas would be helpful.

pasamio
Joomla! Ace
Joomla! Ace
Posts: 1318
Joined: Thu Aug 18, 2005 9:27 am
Location: San Jose, CA, USA
Contact:

Re: ldap Active directory authentication

Postby pasamio » Wed Mar 25, 2009 1:17 pm

Windows Server is a bit challenging when you're using Apache. If you want a path of least resistence on Windows, use IIS and its Integrated Windows Authentication. It will pick up the user for you properly without you having to do much if any work. Maybe one day I'll have time to sit down and see what opens exist for Windows and Apache though for me its a bit backwards to use Apache on Windows instead of Linux (which its heavily optimised for) as opposed to IIS which I would hope Microsoft have running in a screaming manner under Windows.
Sam Moffatt
Updater, Installer and Authentication Systems
JoomlaCode Backend Systems
Pie.

SCGSG
Joomla! Apprentice
Joomla! Apprentice
Posts: 18
Joined: Wed Mar 25, 2009 12:15 pm

Re: ldap Active directory authentication

Postby SCGSG » Wed Mar 25, 2009 2:26 pm

Thanks for your reply.

Yeah i know but i didnt install it, i just have to get it working. Thing is that I've had success with getting Moodle to use NTLM but i dont know how to get it done with Joomla. The way Moodles does it is that I use mod_auth_sspi and configure apache authentication on the file that Moodle uses to authenticate. The rest is done by the Moodle LDAP module.

Basically i can (much like IIS) set the webserver to look for authentication but i dont know how to get the web application to use the authentication when its available. For example if Joomla was using IIS and intergrated authentication was on the Joomla site, then when you go to the site it will authenticate but because Joomla has web authentication you still need to authenticate again with joomla to get in. What i need is for Joomla to pick up the authenticated details and, well, authenticate with those details. If it then fials it has the option to authenticate using the web interface. Hope that makes sense.

SCGSG
Joomla! Apprentice
Joomla! Apprentice
Posts: 18
Joined: Wed Mar 25, 2009 12:15 pm

Re: ldap Active directory authentication

Postby SCGSG » Thu Mar 26, 2009 9:09 am

Does anyone know how JAuthTool works, and can i use this to implement SSO in my situation. If it is possible, how do i do it? There seems to be alot of information about JAuthTool but I cant find any implementation guides.

pasamio
Joomla! Ace
Joomla! Ace
Posts: 1318
Joined: Thu Aug 18, 2005 9:27 am
Location: San Jose, CA, USA
Contact:

Re: ldap Active directory authentication

Postby pasamio » Thu Mar 26, 2009 11:25 am

When you protect the Joomla! directory and go to the phpinfo section of the Joomla! backend do you see you username in the output? Presently we don't have the ability to protect just a single file though in theory with Apache you can protect a 'location' and then use SEF to construct a path to that location and you would be done. This is in part discussed on the JAuthTools mailing list (see http://joomlacode.org/gf/project/jauthtools/mailman) in a recent set of postings.

Have you enabled the HTTP SSO plugin? If so, check you've got the right variable configured there and then use JDiagnostic to run SSO tests to see which user it finds. If you can find your username in the phpinfo section then there should be no issues with Joomla! detecting the users. You might have to do some special configuration with Active Directory to get SSO working 100% properly and autocreating users however JDiagnostic has a configuration wizard that will take you through setting this up. Even without this presuming you've got HTTP SSO configured correctly you can still log in with existing users, autocreate just won't work because the user source subsystem can't find the new users.

One day I will have to do a screencast on setting all of this up from scratch, I don't think its complicated but I'm obviously rather biased by my position.
Sam Moffatt
Updater, Installer and Authentication Systems
JoomlaCode Backend Systems
Pie.

SCGSG
Joomla! Apprentice
Joomla! Apprentice
Posts: 18
Joined: Wed Mar 25, 2009 12:15 pm

Re: ldap Active directory authentication

Postby SCGSG » Fri Mar 27, 2009 11:16 am

The way it works with moodle is that mod_auth_sspi is loaded and the following change is made in httpd.conf:

Code: Select all

   <Directory "C:\my-moodle\auth\ldap">
       <Files ntlmsso_magic.php>
           AuthName "Moodle at My College"
           AuthType SSPI
           SSPIAuth On
           SSPIOfferBasic Off
           SSPIAuthoritative On
           SSPIDomain mycollege.ac.uk
           require valid-user
       </Files>
   </Directory>


Then the NTLM SSO is configured in Moodle under the LDAP config.

Im just testing Joomla without HTTP SSO and there seems to be an issue getting windows intergrated to work on some browsers. Problem i see with setting it up site wide is that if it fails Automatic authentication it wont give any other option to login in or popup a login box. I dont think setting it site wide (i.e. on the route of Joomla) will work because I think it would require authentication before it even loads Joomla and if it fails it wont even display anything or a login box will pop up.

pasamio
Joomla! Ace
Joomla! Ace
Posts: 1318
Joined: Thu Aug 18, 2005 9:27 am
Location: San Jose, CA, USA
Contact:

Re: ldap Active directory authentication

Postby pasamio » Sat Mar 28, 2009 4:25 am

Ok, so instead of using a Directory directive, you can use a Location directive to match an SEF URL and then use a custom Error document to redirect elsewhere. It is a horrible hack I know and having seen how Moodle does it I think they've got a better way of doing it.

The issue eventually becomes one of design, Moodle lets you have an entry point to the application in each file where as Joomla! goes through a single entry point that basically ensures that you can't get to code any other way. In future versions of Joomla! we'll be trying to move as much code out of the document root as possible to make the system even more secure. I'm also looking at for SoC trying to get a student to build a system analogous to Moodle's for authentication purposes so that we can better handle these style situations.

So basically enable Apache level SEF, create a new menu link somewhere and then take that menu link and use a Location directive to protect it. You're going to want to redirect back to a Joomla! page somewhere on error, so set the ErrorDocument else where (I've read there are issues redirecting back to PHP for some reason, so try redirecting to a HTML document which sends you to a login form or something) and that should be it. Again, I think the JAuthTools users mailing list has an example of this in part but its for 1.0 not 1.5 though it probably has some tips for you.
Sam Moffatt
Updater, Installer and Authentication Systems
JoomlaCode Backend Systems
Pie.

SCGSG
Joomla! Apprentice
Joomla! Apprentice
Posts: 18
Joined: Wed Mar 25, 2009 12:15 pm

Re: ldap Active directory authentication

Postby SCGSG » Thu Apr 02, 2009 1:23 pm

Thanks for all the help and sorry for all the stupid questions (was just trying to get my head round it all, its all new to me).

The way i got it to work in the end was to follow what was advised in the following thread:

http://forum.joomla.org/viewtopic.php?f=428&t=323593

Copied index.php in root and renamed the copy indexsso.php. Then i entered the following into httpd.conf so authentication is required on indexsso.php.

Code: Select all

<Directory "D:/my-joomla">
    Options FollowSymLinks MultiViews
    AllowOverride All
    Order deny,allow
    Allow from all
    Satisfy all
   # SSPI authentication
   <Files indexsso.php>
      AuthName "Moodle at SCGSG"
      AuthType SSPI
      SSPIAuth on
      SSPIOfferBasic off
      SSPIAuthoritative on
      SSPIDomain scgsnet
      require valid-user
      ErrorDocument 401 /my-joomla/index.php
   </Files>
</Directory>


This uses mod_auth_sspi so that has to be loaded.

The ErrorDocument statement is so that failed logons (i.e. when automatic login fails e.g. someone logged in as a local user instead of a domain user) will redirect to index.php which has no authentication setting on it. That way the user can still login using the web interface.

micatvie
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Wed May 06, 2009 4:32 pm

Re: ldap Active directory authentication

Postby micatvie » Thu May 07, 2009 9:46 am

Hi

@SCGSG

I've got it working so far (ldap auth against ad, seamless login), but all first time visitors has to login manually and they get the failure:

"Plugin plgusersourceldap failed to find user"

With second visit everything works fine.

My questions:

how to get rid of that failure message?

SCGSG
Joomla! Apprentice
Joomla! Apprentice
Posts: 18
Joined: Wed Mar 25, 2009 12:15 pm

Re: ldap Active directory authentication

Postby SCGSG » Thu May 07, 2009 11:08 am

You can enable the Auto Create Users in Plugins>System - Single Sign On but if you want to carry on as you are (i.e. manual first login) and just get rid of the error message then you will need to hack the code. The one you're looking to alter is usersource.php and you can find it in libraries\jauthtools. You will want to alter the following line:

Code: Select all

if($plugin->getUser($username,$user)) {
   return $user; //return the first user we find
   break;
} else {            
   JError::raiseNotice(1, 'Plugin '. $className .' failed to find user');
}


It should be on line 133 and you will want to comment out the error:

Code: Select all

} else {            
   //JError::raiseNotice(1, 'Plugin '. $className .' failed to find user');
}


Or put your own message in:

Code: Select all

} else {            
   JError::raiseNotice(1, 'Put your message here.');
}


Hope that helps.

micatvie
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Wed May 06, 2009 4:32 pm

Re: ldap Active directory authentication

Postby micatvie » Thu May 07, 2009 3:55 pm

Hi,
thanks for reply.
Autocreation is on. Somewhere else to set to on?
First time visitors still have to login manually. I put some other error message in, as you described. It works, but it apprears twice and after manually login once again. With next visit its away.
Any ideas to that?

One more question:
The admin area is a bit strange, because often I return to admin startpage when clicking in some settings... or with JDiagnostics I cannot go through the wizard... Is there something wrong with SSPI settings in httpd.conf maybe?

pasamio
Joomla! Ace
Joomla! Ace
Posts: 1318
Joined: Thu Aug 18, 2005 9:27 am
Location: San Jose, CA, USA
Contact:

Re: ldap Active directory authentication

Postby pasamio » Fri May 08, 2009 3:34 am

Autocreation isn't the problem - it is trying to find the user to create however for some reason with the username that you are providing to the user source system it can't find a match for that user. If you using the SSO checker it should tell you which username it is finding and you can then put this into the user source checker to see if the user source system can find the user. It may be that you need to tweak the settings of the LDAP plugin to get the LDAP user source to find the user for the string that you are looking for or you need to change the way the SSO plugin reports the username to aide it to find matches. If you are using LDAP user source with Active Directory you need to ensure that your LDAP plugin is configured with a username and password so that it can connect to Active Directory on its own. By default Active Directory only premits root DSE binds for anonymous users which means that you aren't going to get any information out of the system unless you connect with unauthorised user.

The system is designed to work in a rather disconnected and flexible manner so that you can plugin a different user source system or SSO system without having to rewrite the other. However if one is feeding information the other can't use then the system will break. It sounds like the user source system is configured incorrectly for whatever information is being fed to it - so do some testing using JDiagnostic (http://joomlacode.org/gf/project/pasamioprojects/frs/) to see what results you get first and perhaps post them here.

With regards to ending up in the wrong place, do you have any weird security extensions on your site? mod_security or suhosin? Both are known to cause issues if incorrectly configured and nuke otherwise valid information because it can. Joomla! itself includes a whole heap of checks for security as well so if something is meddling with these it can cause issues as well.
Sam Moffatt
Updater, Installer and Authentication Systems
JoomlaCode Backend Systems
Pie.

SCGSG
Joomla! Apprentice
Joomla! Apprentice
Posts: 18
Joined: Wed Mar 25, 2009 12:15 pm

Re: ldap Active directory authentication

Postby SCGSG » Fri May 08, 2009 7:31 am

I would follow what pasamio said to see if you can resolve the autocreation thing and as for the problem with 2 messages appearing.. im a little confused. You only got 1 before right? and its your error message? Im no expert so I would guess its somehow trying to find the user twice?

I dont really use sso for the admin stuff, i generally bypass sso and manually log me in.

@pasamio: At the moment i have a problem with my users in IE7 in that failed first login will mean they cant login at all, be it manually or otherwise. If sso fails, no one can login and no error is shown. It just goes back to the index page and user isnt logged in so have you seen this before or have any ideas?

micatvie
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Wed May 06, 2009 4:32 pm

Re: ldap Active directory authentication

Postby micatvie » Fri May 08, 2009 9:08 am

I followed pasamio and it works now (put in the username/password in ldap settings).

I also changed line in usersourcechecker.php to get rid of warning about the second argument to
$plugin = new $className ($this, (array)$plugin);
.

Now I get in usersourcechecker an entry in error: WARNREG_INUSE. What does that mean?
I've screenshots, if interested?

Everything seems to work perfect as user, no manual login first time, autocreation works !!

Many thanks to pasamio and SCGSG !!

Now I've other challenges: how to set the usergroup of new users in joomla automatically while autocreate? all users are public frontend. can I change to registered anywhere?

can I set up rules depending on username to set author/editor?

Kind regards

Claudius

pasamio
Joomla! Ace
Joomla! Ace
Posts: 1318
Joined: Thu Aug 18, 2005 9:27 am
Location: San Jose, CA, USA
Contact:

Re: ldap Active directory authentication

Postby pasamio » Fri May 08, 2009 10:38 am

@SCGSG: What operating system? I know there are some weird bugs that also impact on Sharepoint. Try manually adding you Joomla! site to the local intranet zone in your IE configuration and see if this makes a difference. XP has work arounds and Vista is a mess.

@micatvie: If means that the email address is already in use and its trying to set a different user. You should be able to set the default group in one of the plugins, probably the system - user source one, but I can't remember. If you can't find it, I'll have a hunt around myself and if I can't find it I guess I'll add it.
Sam Moffatt
Updater, Installer and Authentication Systems
JoomlaCode Backend Systems
Pie.

SCGSG
Joomla! Apprentice
Joomla! Apprentice
Posts: 18
Joined: Wed Mar 25, 2009 12:15 pm

Re: ldap Active directory authentication

Postby SCGSG » Fri May 08, 2009 11:03 am

As you might have seen I've got problems with group mapping myself but as a work around i can tell you how to get them to go into 'Registered' atleast. In plugins>usersource>ldap.php go to line 128:

Code: Select all

$user->gid = 29;
$user->usertype = 'Public Frontend';


Change it to:

Code: Select all

$user->gid = 18;
$user->usertype = 'Registered';


If you starting playing with group mapping then you will need to change it back to the way it was as im not entirely sure how group mappings will be affected.

SCGSG
Joomla! Apprentice
Joomla! Apprentice
Posts: 18
Joined: Wed Mar 25, 2009 12:15 pm

Re: ldap Active directory authentication

Postby SCGSG » Fri May 08, 2009 11:07 am

@pasamio: The clients are XP with latest updates using IE7. I think it might be a windows update..

pasamio
Joomla! Ace
Joomla! Ace
Posts: 1318
Joined: Thu Aug 18, 2005 9:27 am
Location: San Jose, CA, USA
Contact:

Re: ldap Active directory authentication

Postby pasamio » Fri May 08, 2009 11:00 pm

@SCGSG: I have had known issues with XP and updates randomly breaking things, I never got enough sample data to work out exactly what update killed what. At one point a fully patch XP SP3 box with IE7 would work flawlessly but I'm not sure if that is still the case.

I guess I haven't made that one configurable, I will have to create a param for that in the LDAP plugin then. I must have only done it in the 1.0 version, I've just copied it up to the LDAP user source plugin so it should be in 1.5.5 when I get around to releasing it.
Sam Moffatt
Updater, Installer and Authentication Systems
JoomlaCode Backend Systems
Pie.

micatvie
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Wed May 06, 2009 4:32 pm

Re: ldap Active directory authentication

Postby micatvie » Thu May 14, 2009 11:47 am

now I know what about SCGSG is talking about. with firefox on windows and safari on mac everything works perfect. IE7 has a serious problem... :-(

that was the main reason, why it took me so long to configure everything that long.

we are getting closer to the problem...

Claudius


Return to “Extensions for Joomla! 1.5”

Who is online

Users browsing this forum: No registered users and 11 guests