LDAP Tools/OpenLDAP
From Authentication Tools for Joomla! (JAuthTools)
For more information on working with OpenLDAP, consult the OpenLDAP HowTo.
Contents |
Single OU Setup
This is where all users are in the same location.
J!1.0 Configuraton
useglobal=0 host=horloge.pasamio.homelinux.net port=389 use_ldapV3=1 negotiate_tls=0 no_referrals=1 autocreate=1 autocreateregistered=1 defaultgroup=registered forceldap=0 base_dn=DC=pasamio,DC=homelinux,DC=net search_dn=DC=pasamio,DC=homelinux,DC=net search_string= auth_method=bind username= password= users_dn=uid=[username],ou=users,dc=pasamio,dc=homelinux,dc=net ldap_fullname=name ldap_email=mail ldap_uid=cn ldap_password=userPassword ldap_blocked=loginDisabled ldap_groupname=JoomlaGroup cbconfirm=0 groupMap=
J!1.5 Configuration
J!1.5 by default ships with far less options than the JAuthTools LDAP Tools mambots but many of the values are the same:
host=horloge.pasamio.homelinux.net port=389 use_ldapV3=1 negotiate_tls=0 no_referrals=0 auth_method=bind base_dn=dc=pasamio,dc=homelinux,dc=net search_string=uid=[search] users_dn=uid=[username],ou=users,dc=pasamio,dc=homelinux,dc=net username= password= ldap_fullname=fullName ldap_email=mail ldap_uid=uid
Multiple OU Configuraton
In this case we're creating sub OU's in our main OU of Users and working from there. Creating users should be done as above, the same with creating OU's. The main difference is that we need to now 'search' for our user before we can authenticate them. This creates a small overhead on the server (anonymous or authenticated bind, search and then bind as user) which is why it is typically avoided. However the configuration change is only slight.
J!1.0 Configuration
useglobal=0 host=horloge.pasamio.homelinux.net port=389 use_ldapV3=1 negotiate_tls=0 no_referrals=1 autocreate=1 autocreateregistered=1 defaultgroup=registered forceldap=0 base_dn=DC=pasamio,DC=homelinux,DC=net search_dn=DC=pasamio,DC=homelinux,DC=net search_string=uid=[search] auth_method=search username= password= users_dn= ldap_fullname=name ldap_email=mail ldap_uid=cn ldap_password=userPassword ldap_blocked=loginDisabled ldap_groupname=JoomlaGroup cbconfirm=0 groupMap=
J!1.5 Configuration
host=horloge.pasamio.homelinux.net port=389 use_ldapV3=1 negotiate_tls=0 no_referrals=0 auth_method=search base_dn=dc=pasamio,dc=homelinux,dc=net search_string=uid=[search] users_dn= username= password= ldap_fullname=fullName ldap_email=mail ldap_uid=uid
As you can see we've changed the method to search and removed the Users DN. If we weren't doing an anonymous bind (authenticated bind), the Users DN would remain the same and the username and password values would be set to the user we connect to the server with, which is typically a service account with read access to the relevant areas. This configuration will work for the above setup but if the above option is available this method is preferred for server performance reasons.