LDAP Tools/Microsoft Active Directory

From Authentication Tools for Joomla! (JAuthTools)

< LDAP Tools
Revision as of 21:39, 6 June 2007 by Pasamio (Talk | contribs)
Jump to: navigation, search

Microsoft Active Directory (MS AD) introduced in 2000, provides much needed built in directory support to the Microsoft Windows based operating systems replacing the previous Windows Domain system. Microsoft Active Directory provides a more comprehensive platform than the previous model and allows native LDAP interaction with its data set.

For more information, please visit Wikipedia's Active Directory article.

Notes

MS AD uses the users common name, typically their full name (e.g. "Samuel Moffatt"), as their DN. Using the default authentication method (bind as user), this means that a user name is (using the default settings) their full name or display name. This is usually undesirable as this makes their Windows login different to their Joomla login. I have prepared two sets of examples, the first being as close to default as possible, the second allowing their username to be used.

By default MS AD appears to be case sensitive and requires a valid login before it will allow LDAP searches. Please keep this in mind when deploying solutions on this platform.

In these examples you will note that the Base DN is set to the same as the Users DN. This is done because on my AD set up (Server 2003) there is a server called 'TAPI3Directory' which points back to my AD server but doesn't accept any connections. This can cause an LDAP search to fail and as a consequence the login will also fail.


Default Settings

These are settings for the default connection. 

useglobal=0
host=ad.joomla.org
port=389
use_ldapV3=1
negotiate_tls=0
no_referrals=1
autocreate=1
autocreateregistered=1
forceldap=0
base_dn=CN=Users,DC=ad,DC=joomla,DC=org
search_string=CN=[search]
auth_method=bind
username=
password=
users_dn=CN=[username],CN=Users,DC=ad,DC=joomla,DC=org
ldap_fullname=displayName
ldap_email=mail
ldap_uid=sAMAccountName
ldap_password=userPassword
groupMap=


Proper Username Settings

The only difference between this set and the previous set is that the authorization method is now authbind and the search string is set to sAMAccountName. 

useglobal=0
host=ad.joomla.org
port=389
use_ldapV3=1
negotiate_tls=0
no_referrals=1
autocreate=1
autocreateregistered=1
forceldap=0
base_dn=CN=Users,DC=ad,DC=joomla,DC=org
search_string=sAMAccountName=[search]
auth_method=search
username=Joomla Auth User
password=password
users_dn=CN=[username],CN=Users,DC=ad,DC=joomla,DC=org
ldap_fullname=displayName
ldap_email=mail
ldap_uid=sAMAccountName
ldap_password=userPassword
groupMap=
Retrieved from "http://sammoffatt.com.au/jauthtools/LDAP_Tools/Microsoft_Active_Directory"
Personal tools