JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

This forum is for general questions about extensions for Joomla! 2.5.

Moderators: pe7er, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Mon Sep 19, 2011 2:02 am

Hello People,

This is a continuation of http://forum.joomla.org/viewtopic.php?f=624&t=600027 which wasn't intended to be taken over by one extension in a Joomla! general support forum.

I've today released the first stable version (1.0.4) of the JMapMyLDAP extensions. The extension was created to map LDAP groups to Joomla! 1.6 and 1.7 groups; though I hope in the future it will cover a wide range of LDAP integration features. The intended audience is mainly Intranet sites that use a LDAP server such as Active Directory to centrally authenticate users. It is a non-commercial GNU GPL extension currently consisting of a couple of plug-ins and a few libraries.

It has recently been added as a JED listing, and the project homepage contains the latest features, download and installation guide.

I would like to thank everyone that has provided me with suggestions and feedback during the alpha and beta stages. This project has taken me a couple of months just to get to this stage, though it is my first Joomla! extension.

Like the last thread, I would like to use this thread as a place for people to ask questions or feedback.

Reporting bugs can be done in the Joomlacode project tracker.

Thanks
Shaun

sbubb
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Fri Jan 14, 2011 10:38 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by sbubb » Mon Sep 26, 2011 11:43 am

Hi Shaun

Firstly thanks for a great J1.6/1.7 plugin. I am using successfully using OpenLdap server and following your clear install guide I was easliy able to user Ldap Authorization/sync and group mapping working.

One question, for furture releases will it be possible for the the joomla User registration to create Ldap users?

Regards
Steve

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Mon Sep 26, 2011 2:04 pm

Hi Steve,

Thanks for the feedback and your most welcome.

This is one of my future aims of the project. Version 2.0 will introduce a separated LDAP plugin type for adding/removing features (such as group mapping, profiles, and potentially new users). This means after the initial 2.0 release, it should be easier to add features like creating new users back to the LDAP directory. As for a timescale; I'm hoping to release an alpha version in the next 2-3 weeks depending on the amount of other work I currently have.

Hopefully that answers your question :).
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

sbubb
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Fri Jan 14, 2011 10:38 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by sbubb » Tue Sep 27, 2011 9:00 pm

ShMaunder wrote:Hi Steve,

Thanks for the feedback and your most welcome.

This is one of my future aims of the project. Version 2.0 will introduce a separated LDAP plugin type for adding/removing features (such as group mapping, profiles, and potentially new users). This means after the initial 2.0 release, it should be easier to add features like creating new users back to the LDAP directory. As for a timescale; I'm hoping to release an alpha version in the next 2-3 weeks depending on the amount of other work I currently have.

Hopefully that answers your question :).
Yes Thanks. Looking forwarding for Version2.

umbobabo
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Wed Oct 12, 2011 11:12 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by umbobabo » Wed Oct 12, 2011 11:15 am

Hi Shaun,
can your plugin recognize windows user so they don't need to use Joomla's login in form? is there a way to bypass Joomla log-in if you are a AD recongnized user?

Thanks in advance.

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Wed Oct 12, 2011 4:06 pm

@umbobabo - This sounds like single sign on? If so then yes. HTTP SSO is the most common way of achieving this and is currently the only SSO plugin in my set of extensions. Depending on your web server depends on the authentication protocol you use (i.e. kerberos or NTLM). After it is setup you will be able to:
1) Log into your Windows based workstation using an AD user account
2) Open up your Joomla! website
3) SSO automatically logs in your Joomla website using the same credentials as you used in step 1

Hope that answers your question.


--

On a project update: I haven't been around the last ~2 weeks and therefore, some things are behind schedule. Also I have a backlog of emails, so if you have emailed me, I will try to reply in the next coming days.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

umbobabo
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Wed Oct 12, 2011 11:12 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by umbobabo » Wed Oct 12, 2011 6:41 pm

@Shaun
Sounds very good, i will try as soon as possibile.
I have on Apache webserver on a window 2003 server machine.
I already get work LDAP plugin with AD but the Joomla login seems to be required, simple LDAP read user from AD instead MySQL (with users bridge).

Thanks for now. See you soon.

mk14
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sun Jun 13, 2010 12:39 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by mk14 » Sat Oct 15, 2011 8:16 am

sbubb wrote:Hi Shaun

Firstly thanks for a great J1.6/1.7 plugin. I am using successfully using OpenLdap server and following your clear install guide I was easliy able to user Ldap Authorization/sync and group mapping working.

One question, for furture releases will it be possible for the the joomla User registration to create Ldap users?

Regards
Steve
If this is in fact added, I believe that this extension would be a dream come true.

I think it would also be hugely useful if it could alternatively be plugged into Community Builder registration (to directly create Active Directory users).

Using AD to centrally manage users is of course amazing...but never before this was I able to find a Joomla project that actually aimed to allow for complete user data synchronization and Joomla-based AD registration.

Did I miss a precursor to this project that worked for 1.5 (and did I spend unnecessary time writing my own sync code)? In any event I am very excited for this extension now that I am moving my site to 1.7...

EDIT: I think JAuthTools (which seems like the closest thing for Joomla/LDAP syncing 1.5) never allowed for such registration features or "two-way" syncing of users, but maybe I just missed that. Since JAuthTools itself is apparently not available for 1.7 though, I guess that isn't relevant anyway. As far as I can tell then, your extension must be even more critically needed!

lgwapnitsky
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Fri Sep 02, 2005 8:52 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by lgwapnitsky » Tue Oct 18, 2011 12:48 pm

I've been having trouble configuring this for my AD environment. I've successfully configured the built-in Joomla LDAP authentication with no issues, but this one seems to be baffling me.

If I provide my settings, would you be able to help point me in the right direction? Iv'e been banging my head on this for about 2 hours now.

Thanks,
Larry

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Wed Oct 19, 2011 1:03 am

@lgwapnitsky

I've replied to your email; your search option is certainly not correct in the second screenshot.

Filters must be used in the User DN/Filter with search on (sAMAccountName=[username]). Otherwise if search is off then User DN/Filter needs to be a DN (i.e. cn=[username],ou=[users],o=company OR additional with AD you could use DOMAIN\[username]).

@mk14
This is the aim of the project. Firstly coding the mini framework, then at a later date, releasing extension specific plug-ins. Other extension specific plug-ins like JomSocial have also be mentioned. I'm a little tied up with University stuff atm; however should have time this weekend to near a version 2.0 alpha.

I'm hoping to have a final version 2 around the release of J! 2.5 LTS in January.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

jborgman
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Fri Jun 03, 2011 11:53 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by jborgman » Wed Oct 19, 2011 1:53 pm

I keep getting the error that the user, which whom I am trying to log in with, is either not known or the password is incorrect. I am absolutely sure the creds are OK. I have tried almost every possible combination of config options, but all with the same result.
I have searched for a log file of some kind to find out what really happens, but no luck.
Can anyone give me a hint?

barnic
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Fri Oct 03, 2008 12:13 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by barnic » Wed Oct 19, 2011 1:59 pm

Hello,
I'm Nicola.
First....sorry for my bad english.

I'm trying to set "user plugin" like your example:
http://shmanic.com/tool/jmapmyldap/?id= ... -plugin-ad

I have a joomla 1.7.1 intranet in a linux suse server, apache 2, php 5.
In my intranet there are 2 windows 2003 server.

I set successfully "authentication plugin", so I can login in my intranet with my windows credential.
That works fine: new user was created with his name and email but no group associated, only "registered"

My configuration is like the example.
In "Mapping list" I have:
CN=AMMINISTRAZIONE:10

"AMMINISTRAZIONE" is a group.

Users--->Domain Users--->PROVA--->AMMINISTRAZIONE


How can I understand if my windows group is a CN or a OU?

Can you help me?
Thank in advance

Nicola
Last edited by barnic on Thu Oct 20, 2011 6:46 am, edited 1 time in total.

lgwapnitsky
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Fri Sep 02, 2005 8:52 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by lgwapnitsky » Wed Oct 19, 2011 2:24 pm

Got it working thanks to your e-mails, but SSO does not work. I've set up a PHPInfo.PHP file, but it's not showing any usernames in the _Server array. I know SSO works on our IIS systems (but I did not configure those).

Thanks.

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Thu Oct 20, 2011 1:01 pm

I'm loosing track with who's emailing me and posting here.

@jborgman
The log file should be in a PHP file called error.php in <joomla directory>/logs/error.php (this is the default location of the log directory). If your log directory hasn't been setup correctly then enable Joomla system debugging mode in the global configuration.

@barnic
Groups in AD are normally referred to by common name (CN), so your group mapping does indeed look correct - can you post your Lookup Type, Lookup Attribute and Lookup Member?

@lgwapnitsky
I can only really help after you get the username into one of the $_SERVER keys. SSO is only limited to HTTP at the moment. If you are using IIS, then you need to turn off anonymous access and tick integrated windows authentication.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

barnic
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Fri Oct 03, 2008 12:13 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by barnic » Thu Oct 20, 2011 1:15 pm

Hello, thankyou for your fast answer.

Lookup Type: Forward
Lookup Attribute: memberOf
Lookup Member: dn
You do not have the required permissions to view the files attached to this post.

lgwapnitsky
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Fri Sep 02, 2005 8:52 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by lgwapnitsky » Thu Oct 20, 2011 1:18 pm

ShMaunder wrote:I'm loosing track with who's emailing me and posting here.

@lgwapnitsky
I can only really help after you get the username into one of the $_SERVER keys. SSO is only limited to HTTP at the moment. If you are using IIS, then you need to turn off anonymous access and tick integrated windows authentication.

I only mentioned IIS as we have other servers where SSO is not an issue.

I'm currently on Debian Squeeze with Apache. I'm still trying to determine how to populate the proper $_SERVER key. (that's where I"m stuck)

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Thu Oct 20, 2011 1:38 pm

@barnic
Hmm, that looks all correct. Are you using the "Authentication - JMapMyLDAP" plug-in and disabled "Authentication - LDAP"?

Check the log file /logs/error.php for any potential errors - though the user plugin isn't silent and should always tell you if an error occurs.

Can you test enabling "Sync Name" or "Sync Email", then changing a single LDAP user's name or email in Joomla's user manager then trying to re-login again. Does the name change back? This will test if the user plugin is even being called.

@lgwapnitsky
Ah i see. I normally use this guide http://acksyn.org/diary/?p=460 to configure my apache server with AD to achieve HTTP authentication.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

lgwapnitsky
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Fri Sep 02, 2005 8:52 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by lgwapnitsky » Thu Oct 20, 2011 1:42 pm

ShMaunder wrote:@barnic
@lgwapnitsky
Ah i see. I normally use this guide http://acksyn.org/diary/?p=460 to configure my apache server with AD to achieve HTTP authentication.
I'll give that a shot, but that should hopefully populate the fields I need?

Thanks

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Thu Oct 20, 2011 1:54 pm

lgwapnitsky wrote:
ShMaunder wrote:@barnic
@lgwapnitsky
Ah i see. I normally use this guide http://acksyn.org/diary/?p=460 to configure my apache server with AD to achieve HTTP authentication.
I'll give that a shot, but that should hopefully populate the fields I need?

Thanks
Yes, once setup, it will populate the $_SERVER['remote_user'] field. Towards the bottom of the guide, it shows how your browser should be setup if you want to automatically login using your Windows workstation AD credentials.

I would highly recommend using this guide on a non-live server for the first time. It took me about half an hour to get working the first time.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

barnic
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Fri Oct 03, 2008 12:13 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by barnic » Thu Oct 20, 2011 1:58 pm

ShMaunder wrote:@barnic
Hmm, that looks all correct. Are you using the "Authentication - JMapMyLDAP" plug-in and disabled "Authentication - LDAP"?
yes

at one point worked honestly .... but then I started to make changes because it did not work for a group ("EDC") and users who were part of several groups could not let them associate all.

I tried to improve but I got worse and went to the confusion!

lgwapnitsky
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Fri Sep 02, 2005 8:52 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by lgwapnitsky » Thu Oct 20, 2011 2:05 pm

ShMaunder wrote:
lgwapnitsky wrote:
ShMaunder wrote:@barnic
@lgwapnitsky
Ah i see. I normally use this guide http://acksyn.org/diary/?p=460 to configure my apache server with AD to achieve HTTP authentication.
I'll give that a shot, but that should hopefully populate the fields I need?

Thanks
Yes, once setup, it will populate the $_SERVER['remote_user'] field. Towards the bottom of the guide, it shows how your browser should be setup if you want to automatically login using your Windows workstation AD credentials.

I would highly recommend using this guide on a non-live server for the first time. It took me about half an hour to get working the first time.

GRRR...on my test server, fully configured and nothing showing up in the $_SERVER fields. IE is already configured for my other servers, so that wasn't necessary to run. Maybe something in the .htaccess file? paths are all correct and all files exist...

lgwapnitsky
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Fri Sep 02, 2005 8:52 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by lgwapnitsky » Thu Oct 20, 2011 2:23 pm

Got it - needed to add

KrbVerifyKDC off

But, still being prompted for a login in IE.
Last edited by lgwapnitsky on Thu Oct 20, 2011 4:03 pm, edited 1 time in total.

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Thu Oct 20, 2011 4:01 pm

@barnic
So it did work before, then it stopped? Take a backup of your current list, then delete the entire contents of the mapping list, put a single entry back and see if it works?

I'm not sure what is really going on here.

@lgwapnitsky
This could be the keytab. I sometimes have to recreate the keytab and restart apache.
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

lgwapnitsky
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Fri Sep 02, 2005 8:52 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by lgwapnitsky » Thu Oct 20, 2011 4:11 pm

Here's my apache conf file:


DocumentRoot "/var/www/joomla"
<Directory "/var/www/joomla">
allow from all
Options +Indexes
</Directory>

<Location "/">
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms DOMAIN.COM
Krb5KeyTab /etc/krb5.keytab
KrbVerifyKDC off
require valid-user
</Location>

lgwapnitsky
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Fri Sep 02, 2005 8:52 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by lgwapnitsky » Thu Oct 20, 2011 7:13 pm

Debug log:


[Thu Oct 20 15:11:58 2011] [debug] mod_deflate.c(615): [client 10.102.50.60] Zlib: Compressed 483 to 326 : URL /
[Thu Oct 20 15:11:58 2011] [debug] src/mod_auth_kerb.c(1628): [client 10.102.50.60] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Thu Oct 20 15:11:58 2011] [debug] src/mod_auth_kerb.c(1240): [client 10.102.50.60] Acquiring creds for [email protected]
[Thu Oct 20 15:11:58 2011] [debug] src/mod_auth_kerb.c(1385): [client 10.102.50.60] Verifying client data using KRB5 GSS-API
[Thu Oct 20 15:11:58 2011] [debug] src/mod_auth_kerb.c(1401): [client 10.102.50.60] Client didn't delegate us their credential
[Thu Oct 20 15:11:58 2011] [debug] src/mod_auth_kerb.c(1429): [client 10.102.50.60] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.
[Thu Oct 20 15:11:58 2011] [debug] src/mod_auth_kerb.c(1101): [client 10.102.50.60] GSS-API major_status:00010000, minor_status:00000000
[Thu Oct 20 15:11:58 2011] [error] [client 10.102.50.60] gss_accept_sec_context() failed: An unsupported mechanism was requested (, Unknown error)
[Thu Oct 20 15:11:58 2011] [debug] mod_deflate.c(615): [client 10.102.50.60] Zlib: Compressed 483 to 326 : URL /
[Thu Oct 20 15:12:02 2011] [debug] src/mod_auth_kerb.c(1628): [client 10.102.50.60] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Thu Oct 20 15:12:02 2011] [debug] src/mod_auth_kerb.c(994): [client 10.102.50.60] Using HTTP/[email protected] as server principal for password verification
[Thu Oct 20 15:12:02 2011] [debug] src/mod_auth_kerb.c(698): [client 10.102.50.60] Trying to get TGT for user [email protected]
[Thu Oct 20 15:12:07 2011] [debug] src/mod_auth_kerb.c(1073): [client 10.102.50.60] kerb_authenticate_user_krb5pwd ret=0 user=[email protected] authtype=Basic
[Thu Oct 20 15:12:07 2011] [debug] src/mod_auth_kerb.c(1534): [client 10.102.50.60] kerb_authenticate_a_name_to_local_name [email protected] -> lwapnitsky
[Thu Oct 20 15:12:07 2011] [debug] src/mod_auth_kerb.c(1628): [client 10.102.50.60] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Thu Oct 20 15:12:07 2011] [debug] src/mod_auth_kerb.c(1566): [client 10.102.50.60] matched previous auth request
[Thu Oct 20 15:12:07 2011] [debug] src/mod_auth_kerb.c(1534): [client 10.102.50.60] kerb_authenticate_a_name_to_local_name [email protected] -> lwapnitsky
[Thu Oct 20 15:12:07 2011] [debug] src/mod_auth_kerb.c(1628): [client 10.102.50.60] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Thu Oct 20 15:12:07 2011] [debug] src/mod_auth_kerb.c(1566): [client 10.102.50.60] matched previous auth request
[Thu Oct 20 15:12:07 2011] [debug] src/mod_auth_kerb.c(1534): [client 10.102.50.60] kerb_authenticate_a_name_to_local_name [email protected] -> lwapnitsky
[Thu Oct 20 15:12:07 2011] [debug] src/mod_auth_kerb.c(1628): [client 10.102.50.60] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Thu Oct 20 15:12:07 2011] [debug] src/mod_auth_kerb.c(1566): [client 10.102.50.60] matched previous auth request
[Thu Oct 20 15:12:07 2011] [debug] src/mod_auth_kerb.c(1534): [client 10.102.50.60] kerb_authenticate_a_name_to_local_name [email protected] -> lwapnitsky
[Thu Oct 20 15:12:07 2011] [debug] src/mod_auth_kerb.c(1628): [client 10.102.50.60] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Thu Oct 20 15:12:07 2011] [debug] src/mod_auth_kerb.c(1566): [client 10.102.50.60] matched previous auth request
[Thu Oct 20 15:12:07 2011] [debug] src/mod_auth_kerb.c(1534): [client 10.102.50.60] kerb_authenticate_a_name_to_local_name [email protected] -> lwapnitsky
[Thu Oct 20 15:12:07 2011] [debug] mod_deflate.c(615): [client 10.102.50.60] Zlib: Compressed 16011 to 3915 : URL /index.php

barnic
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Fri Oct 03, 2008 12:13 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by barnic » Fri Oct 21, 2011 6:46 am

ShMaunder wrote: So it did work before, then it stopped? Take a backup of your current list, then delete the entire contents of the mapping list, put a single entry back and see if it works?

I'm not sure what is really going on here.
I'm going crazy! :eek:

This is my last Mapping List:
CN=TITOLARI:14
CN=AMMINISTRAZIONE:10,30
CN=PERSONALE:11,30
CN=ESTERO:12,30
CN=TECNICO:13,30
CN=AREZZO:20,29,30
CN=ITALIA:20,29,30
CN=PROG.PRODUZIONE:19,29,30
CN=REPPREPTUBO:27,17
CN=REPPREPLASTRA:26,17
CN=REPCHIUSURE:28,17
CN=MANUTENZIONE:25,17
CN=MEC CAD:21,18
CN=MEC OFF:24,18
CN=MEC PROD:22,18
CN=MEC TECNICO:23,18



I've just tried with user "lorella": it works, not 100% but it works (pheraps it's normal...."CN=MEC PROD:22,18" overwrite "CN=AMMINISTRAZIONE:10,30" ? ? ? )
Then, logout and login with user "tiziana": it doesn't work.
So, another login with "claudio": it doesn't work
Another one, "nicola": it works 100%

In AD "lorella" is in: "AMMINISTRAZIONE" (primary group), "INTERNET SENZA RESTRIZIONI", "MEC PROD"
In AD "tiziana" is in: "AMMINISTRAZIONE" (primary group), "INTERNET SENZA RESTRIZIONI"
In AD "claudio" is in: "AMMINISTRAZIONE" (primary group), "CED", "Domain Admins"
In AD "nicola" is in: "AMMINISTRAZIONE" (primary group), "CED", "Domain Admins"


This is the AD structure:
Users--->Domain Users--->PROVA--->AMMINISTRAZIONE
Users--->Domain Users--->PROVA--->MECCANICA--->MEC PROD
Users--->INTERNET SENZA RESTRIZIONI
Users--->Domain Users--->CED
Administrators--->Domain Admins


"CED" is not in mapping list, I don't want. Same thing for "Domain Admins"


So, why users "tiziana" and "claudio" don't work?
  • I've to try from different PC (ip address)?
    I've to wait between two different login if I use the same PC?
    Something in cache? (in server? in PC?)
However....thanks thanks thanks.
It's a great plugin, the greatest for "intranet".

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Sun Oct 23, 2011 7:49 pm

Sorry for the delay.

@lgwapnitsky
I've only ever implemented apache AD HTTP authentication a couple of times, so I've not had much experience with setup problems. Did you try some other browser other than IE to check if basic authentication is working at all?

@barnic
None of those things would affect your problem. Overrides don't happen neither. The plugin will choose as many of the groups as it matches (i.e. not limited to 1). This could be a bug, though I'm not sure why its occurring.

I'm going to ask you to debug the code to find out if the plugin is picking up any LDAP groups for a user. Open <joomla>/libraries/shmanic/jmapmyldap.php browse down to line 477 and insert the echo out and die line like:

Code: Select all

476: $mapLists 			= JMapMyEntry::compareGroups($paramMapList, $ldapUser);
477: echo 'ldap: '; print_r($ldapUser); echo '<br /><br />compared: '; print_r($mapLists); die();
478: if($this->parameters->get('group_map_addition')) { //lets add groups
Try to logon with one of the users that do not work. Remove any personal information from any of the entries and either post, PM or email me the output.

Maybe this is a character set problem ???
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/

Spudda
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Oct 24, 2011 5:30 am

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by Spudda » Mon Oct 24, 2011 5:58 am

Hello

Getting the following error in the logs/error.php file.

SSO Fail: SSO: Failed to import SSO plugins.

This is occuring each time the page is getting hit. Authentication is working if the credentials are entered manually.

Any advice?

TY

lgwapnitsky
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Fri Sep 02, 2005 8:52 pm

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by lgwapnitsky » Mon Oct 24, 2011 11:25 am

ShMaunder wrote:Sorry for the delay.

@lgwapnitsky
I've only ever implemented apache AD HTTP authentication a couple of times, so I've not had much experience with setup problems. Did you try some other browser other than IE to check if basic authentication is working at all?
Shaun-

All 3 browsers on my system are having the same issue - IE, FF, Chrome. I may have to abandon the SSO portion. But otherwise, this works great.

ShMaunder
Joomla! Explorer
Joomla! Explorer
Posts: 486
Joined: Mon Jul 05, 2010 7:22 pm
Location: UK
Contact:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Post by ShMaunder » Mon Oct 24, 2011 10:42 pm

@lgwapnitsky
Ah right I see. I wouldn't know what to suggest. Even after googling some of those errors, its unclear to what part is broken. If you've the time, then find another guide and try again.

@Spudda
Sounds like you've not enabled "SSO - HTTP" ?
Shaun Maunder
JMapMyLDAP extensions - Joomla! 2.5/3.1/3.2 LDAP Integration & SSO
http://shmanic.com/tools/jmapmyldap/


Locked

Return to “Extensions for Joomla! 2.5”