LDAP Tools/Group Mapping

From Authentication Tools for Joomla! (JAuthTools)

Revision as of 06:27, 19 February 2008

Group Mapping is a feature of the Sync, SSO and SSI bots that allow users to automatically created and assigned the appropriate privileges to the system. This means that when users are added to groups with in LDAP and then are automatically created on a Joomla! site they will be slotted into the appropriate group. The system uses a prioritization to determine the final Joomla! group membership depending on their LDAP group membership. Unless the LDAP Sync bot is enabled, the system will not alter users accounts and users who do not exist in LDAP will not be altered. Please keep in mind that by default the system will revert a user to registered status. This may cause issues on some systems where 'admin' is a legitimate account (such as Novell).

The map syntax is simple:

groupMembership|JoomlaGroupID|JoomlaUserType|Priority

Here is an example group map:

cn=JoomlaAdmins,ou=Groups,O=TestSite|25|Super Administrator|20
cn=JoomlaPublishers,ou=Groups,O=TestSite|21|Publisher|100
cn=JoomlaManagers,ou=Groups,O=TestSite|23|Manager|10

Note: In 1.5, the seperator character is a semicolon (e.g. ";") not a pipe character (e.g. "|") due to changes in 1.5 parameter parsing.

If a user was a member of the JoomlaAdmins group and a member of the JoomlaPublishers group, in this situation they would be given Publisher level access because its priority is higher than the one assigned to the super administrator level. However if they were a member of JoomlaAdmins and JoomlaManagers, they would be assigned Super Admin instead of Manager because of the different priority.

For these values, please consult one of your users groupMembership attributes. This has only been tested on Novell eDirectory and MSAD based systems at present.

This is a list of default Joomla Group ID's and Joomla User Type's:

Note: For Joomla! 1.5 this is supported via the User Sources system.