LDAP Tools/Technology

From Authentication Tools for Joomla! (JAuthTools)

Jump to: navigation, search

How does it work?

Basically the bots detect:

  • For SSI: a user trying to log in
  • For SSO: a user visiting the page who isn't logged in but their networkAddress is in the LDAP directory (networkAddress attribute) or using an authentication variable passed by the server (IIS Windows Authentication/mod_auth_kerb in Apache)
  • For Sync: a user already logged in

The bots run as 'interceptors' from the 'onAfterStart' trigger in Joomla! 1.0.x as this places the bots after mainframe initialization but prior to login. For SSI this means that we can create users and reset their password before the standard Joomla! login routines run (and as such logs the user in appropriately). For SSO this means that we can autocreate the user and details, as well as creating the users session automatically. Sync runs and resets any user related information such as group information.

For SSI, the interceptors are triggered by looking for a standard 'login' event (e.g. url such as "index.php?login") or a CommunityBuilder login event (e.g. a url such as "index.php?option=com_comprofiler&task=login") otherwise they don't activate. This means that if you are using something else to handle login (e.g. not CB or the standard Joomla!) the SSI systems will not operate properly. Sync systems require a user to be logged in before they are run. SSO is run regardless of state.

Each of these bots work to either autocreate the user (SSI/SSO) or alter their permissions (Sync) to match the LDAP system.

Personal tools