LDAP Tools/Explanation of Parameters

From Authentication Tools for Joomla! (JAuthTools)

Jump to: navigation, search

There are many parameters for LDAP Tools, some which might be a bit confusing as to their true purpose. This page aims to document them in more detail.

Unless otherwise stated, all settings are available in the core Joomla! LDAP mambot/plugin. Some settings may exist in the Joomla! 1.5 LDAP plugin but not all do, where to find the feature is noted where possible. The various mambots/plugins may or may not support all the settings, only relevant settings are displayed for them.

Contents

Server Connect Settings

Use Global Settings

Use the Joomla! LDAP Library configuration settings instead of the plugins configured settings. This allows single point configuration of LDAP settings via the Joomla! LDAP plugin (1.0.x only)


Host

The host name of the server to connect.


Port

The port to connect to the server. This will normally be fine with the default.


LDAP V3

Use LDAP Version 3. This may be required by your server (e.g. OpenLDAP)


Negotiate TLS

Use TLS (like SSL) for the Connection.


Don't follow referrals

If your LDAP server is configured to refer to other hosts (for load balancing), do not enable this option. This can be a security risk.


LDAP is AD

If your LDAP server is an Active Directory server, enabling this will impact user creation and group mapping with the Active Directory environment.


Auth Method

The authentication method to use with your directory service.

Server Binding Settings

Base DN

The Base DN of the tree.


Users DN

User DN to search for users (e.g. CN=[username],OU=Users,O=Example)


Search string

A full default search string, e.g. CN=[search]


Connect Username

Connection username to be passed to the server. Used for default authentication.


Connect password

The password to use if you need one to connect to your server (e.g. Active Directory)


Attribute Mapping Settings

Map Fullname

The LDAP attribute that stores the fullname of your users. For most systems this will be fullName (the default), however for Active Directory this might also be displayName.


Map Email

The LDAP attribute that stores the email address of your users.


Map User ID

The LDAP attribute that stores the user ID or login/username of your users. For most systems this will be uid (the default), however for Active Directory this is sAMAccountName.


Map Password

The LDAP attribute that store the password for your user.


Map User Blocked

An LDAP Attribute to map blocked users. This should be a boolean value (true or false)


Map Group Name

The attribute in LDAP storing the group name. This is used by the group mapping system. If you are using Active Directory this will be "memberOf" and if you are using Novell eDirectory this will be "groupMembership".

User Creation and Synchronisation Settings

Not all settings in this section apply to all plugins, see the below table for which settings are applied to which plugin (SSO applies to LDAP SSO and HTTP SSO):

Setting Name Joomla LDAP SSI SSO Sync Adv Sync
Autocreate Users x x x
Autocreate Front End x x x
Demote User x x
Force LDAP x x
CB Confirm x x x
Obscure PW x x
Synchronisation Event x x x

Autocreate Users

Autocreate a user if it is possible (e.g. user is recognized via LDAP but not in Joomla!).

Note: In J!1.5 this is stored in the "User - Joomla!" plugin parameter settings.


Auto Create Public Frontend

Create a user even if their group is only 'Public Frontend'. By default public front end is the lowest group so you should map to default users. Useful if you want to restrict autocreation to special groups.


Demote Users

Demote users if their group mapping or default user settings are different.


Force LDAP

Users Joomla password is reset upon unsuccessful bind. This ensures that new LDAP passwords are used, instead of old synchronized value.


CB Confirm

Attempt to confirm users with CB when they are created automatically.


Obscure Password

Set the user password to a random value after they have successfully authenticated to improve security.


Synchronisation Event

Determine when to attempt synchronisation, either on each page load after the user has logged in or only when the user logs in.


Group Assignment Settings

Default Group

The default group to autocreate users in. This is restricted to front end users for security reasons.


Group Map

Group Mapping is a system to simply map LDAP based groups to Joomla!'s group system. This information is used by the autocreate system to map users, otherwise all autocreated users are created as the default value.

Internationalisation Support

Use iconv

iconv is required to convert some fields into UTF-8 that is stored in the database. You will need iconv installed (See System -> System Info -> PHP Info) or this will error


Original Encoding

This is the encoding used in your LDAP directory.


Target Encoding

This is the encoding used in your database server (e.g. MySQL, typically UTF-8)

SSO IP Black Listing

IP Blacklist

A list of comma seperated IP address to blacklist when conducting SSO. Blacklisted IP's will be ignored for SSO.


Advanced Synchronisation

External Table

The name of the external table to synchronise with. This table will need a foreign key link back to the #__users table, and has to exist in the same database that Joomla! is residing in.


User ID Field

The name of the user ID field in the external table that links back to the #__users table.


Primary Key Field

The name of the primary key field in the table. This is optional if it is the same as the user ID field.


Sync Map

This is a sync map which maps fields from the table to LDAP.

Personal tools