JAuth Tools Install Guide for Joomla 1.5 and MSAD

From Authentication Tools for Joomla! (JAuthTools)

Jump to: navigation, search

This guide will detail the steps I took to successfully install Authentication and Synchronization against a Microsoft Active Directory LDAP server for my Joomla site.

My environment consists of:

  • Joomla version 1.5.9
  • XAMPP 1.7.1
  • PHP 5.2.9
  • Windows XP SP3
  • JAuth Tools 1.5.4

These are the steps I performed to get this working:

  • Download JAuth Tools from http://joomlacode.org/gf/project/jauthtools/frs/
  • Under ‘Packages 5-prodution/stable’, I downloaded
    • Pkg_jauthtools_core.tgz
    • Pkg_jauthtools_extras.tgz
    • Pkg_jauthtools_usersource.tgz
  • In Joomla back-end, extensions install, install each of the three packages.
  • Enable phpLDAP in your XAMPP environment
    • Edit your php.ini (go to Joomla admin panel, select ‘system info’, ‘PHP Information’, find the setting ‘Loaded Configuration File’ to make sure you’re editing the right one. Usually either \XAMPP\Apache\bin\php.ini or \XAMPP\php\php.ini.)
    • Remove the comment (;) from the line ‘extension=php_ldap.dll’
    • Stop and restart Apache
    • Go back to ‘PHP Information’ and verify that ldap shows up in the list of installed extensions.
  • Download and install jDiagnostic from http://extensions.joomla.org/extensions/administration/admin-add%252dons/7014/details
  • Before enabling the new plug-ins, configure the Authentication-LDAP plugin that came with Joomla 1.5.x using the 'ldapconfigurator' from the JDiagnostic Tools.
  • Try the 'authtest' in JDiagnostic Tools and see if it works, if it does, you may skip the next several steps.
  • If it doesn't work then try to eliminate possible sources of problems. I would first test the connection from a utility outside Joomla.
    • Install an LDAP browser such as jxplorer from http://www.jxplorer.org/ .
    • Use the parameters that were set from the configurator and attempt to connect to your LDAP server. This will enable you to test and verify your ldap settings outside of Joomla and your browser. It also allows for browsing of all the information that your server provides. This is very helpful for seeing exact CN's, memberOf names etc. for subsequent activities.
    • Then I would test the connection from inside your browser, I used the simple testldap.php script (thanks to the php site) below with the configuration variables from before plugged in.
<?php 
// LDAP variables
$ldaphost = "nn.nn.nn.nn";  // your ldap servers
$ldapport = 389;                 // your ldap server's port number
$ldaprdn  = 'CN=Name,OU=Users,OU=Name,OU=Name,DC=Name,DC=Local';     // ldap rdn or dn
$ldappass = 'pswd';  // associated password

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 0);

// Connecting to LDAP
$ldapconn = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
echo $ldapconn;

if (ldap_set_option($ldapconn,LDAP_OPT_PROTOCOL_VERSION,3))
{
echo "Using LDAP v3";
}else{
echo "Failed to set version to protocol 3";
}

// using ldap bind

if ($ldapconn) {

// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

// verify binding
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}

}
?>
 
    • This helped me find that if you have Norton or other firewall, you have to be sure that you allow Apache to communicate on port 389 with your server, mine was blocking it but throwing no error message or log entry.
  • Once you get to where the 'authtest' is successful go to the plug-in manager and:
    • Enable Authentication-Advanced LDAP
    • Disable Authentication-LDAP
    • Enable System-JAuthTools Synchronization Plugin
    • Enable UserSource-LDAP
    • DO NOT Enable UserSource-Session or User-LDAP, in fact you can uninstall them.
    • My parameter settings for each of the above are as follows:
    • Advanced LDAP
      • Enable User Source Sync – YES
      • Require Joomla User – NO
    • Synchronization Plugin
      • Demote User – YES
      • UserSource – LDAP
      • Map User Blocked – loginDisabled
      • Map User Groups – memberOf (*Note- this is the setting for MSAD, Novell uses groupmembership)
      • Map Group Members – member
      • Group Map -
        • CN=LocalAdmins,OU=NAME,OU=Name,DC=NAME,DC=LOCAL;25;Super Administrator;999
        • CN=_GroupName,OU=Users,OU=Name,OU=Name,DC=NAME,DC=LOCAL;18;Registered;100
      • Your Group Mapping will replace the above with your particular names and tree structure. This is where the LDAP browser comes in handy because you can directly see what the memberOf attribute is for your particular user. Also remember, that these are CASE SENSITIVE. The layout for this parameter is available at [LDAP_Tools/Group_Mapping http://sammoffatt.com.au/jauthtools/LDAP_Tools/Group_Mapping]
      • Next four – NO
      • Original Encoding - ISO8859-1
      • Target Encoding – UTF-8
      • User-Joomla should remain enabled and the Auto-Create Users parameter set to YES.
  • You should now be able to sign-on using the LDAP authentication. Use the jDiagnostic tools 'authtest' and 'usersourcechecker' to make sure things are coming through correctly. This should now allow users to sign-on, create the Joomla user for them with the appropriate Group assignment. There is a small bug at the moment where the group assignment isn’t recognized by the Joomla engine until the second sign-on but check the forum for a possible fix [1].

File:ldap-ad-params.png


I hope this helps someone. It took me several frustrating days to get this working correctly.

Personal tools