LDAP Tools/Schema
From Authentication Tools for Joomla! (JAuthTools)
(→Full Schema) |
|||
(One intermediate revision not shown) | |||
Line 34: | Line 34: | ||
MAY ( givenName $ sn ) | MAY ( givenName $ sn ) | ||
) | ) | ||
+ | </pre> | ||
+ | |||
+ | === uidAlias/useridAlias (1.3.6.1.4.1.27457.1.3) === | ||
+ | The user ID alias is used to enable redundant user ID's to be designated. The primary user ID field will actually identify the user. This is useful for migrating legacy systems with duplicate user ID's for distinct individuals. | ||
+ | |||
+ | <pre> | ||
+ | # Joomla User Alias attribute; free form text | ||
+ | attributetype ( 1.3.6.1.4.1.27457.1.3 | ||
+ | NAME ('uidAlias' 'useridAlias') | ||
+ | DESC 'Aliased user id' | ||
+ | EQUALITY caseIgnoreMatch | ||
+ | SUBSTR caseIgnoreSubstringsMatch | ||
+ | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) | ||
</pre> | </pre> | ||
Line 52: | Line 65: | ||
EQUALITY caseIgnoreMatch | EQUALITY caseIgnoreMatch | ||
SUBSTR caseIgnoreSubstringsMatch | SUBSTR caseIgnoreSubstringsMatch | ||
- | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | + | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) |
+ | |||
+ | # Joomla User Alias attribute; free form text | ||
+ | attributetype ( 1.3.6.1.4.1.27457.1.3 | ||
+ | NAME ('uidAlias' 'useridAlias') | ||
+ | DESC 'Aliased user id' | ||
+ | EQUALITY caseIgnoreMatch | ||
+ | SUBSTR caseIgnoreSubstringsMatch | ||
+ | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) | ||
+ | |||
+ | # Joomla Block User attribute; boolean | ||
+ | attributetype ( 1.3.6.1.4.1.27457.1.4 | ||
+ | NAME 'JoomlaBlockUser' | ||
+ | DESC 'If the user should be blocked' | ||
+ | EQUALITY integerMatch | ||
+ | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 | ||
+ | ) | ||
+ | |||
+ | # Joomla User Params; free form text | ||
+ | attributetype ( 1.3.6.1.4.1.27457.1.5 | ||
+ | NAME 'JoomlaUserParams' | ||
+ | DESC 'Joomla User Parameters' | ||
+ | EQUALITY caseIgnoreMatch | ||
+ | SUBSTR caseIgnoreSubstringsMatch | ||
+ | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{65535} ) | ||
+ | |||
# Joomla User Object Class | # Joomla User Object Class | ||
# Requires various elements | # Requires various elements | ||
+ | # Extra name details are optional | ||
objectclass ( 1.3.6.1.4.1.27457.1.2 | objectclass ( 1.3.6.1.4.1.27457.1.2 | ||
NAME 'JoomlaUser' | NAME 'JoomlaUser' | ||
DESC 'User of a Joomla instance' | DESC 'User of a Joomla instance' | ||
AUXILIARY | AUXILIARY | ||
- | MUST ( cn $ JoomlaGroup $ uid $ mail $ userPassword ) | + | MUST ( cn $ JoomlaGroup $ uid $ mail $ userPassword $ JoomlaBlockUser ) |
- | MAY ( givenName $ sn ) | + | MAY ( givenName $ sn $ useridAlias $ displayName $ givenName $ initials $ JoomlaUserParams ) |
) | ) | ||
</pre> | </pre> |
Current revision as of 12:41, 14 May 2009
Joomla! has an assigned enterprise number from IANA. This space is maintained by Samuel Moffatt. The aim of this is to provide extensions to LDAP to make it more friendly to Joomla! powered authentication and to provide extensions in future where they may be required.
Contents |
Number allocation (1.3.6.1.4.1.27457)
Joomla! has been assigned the enterprise number 27457 within the space 1.3.6.1.4.1 and within this space the first entry, 1, is designated for Official Core use.
Official Joomla Schema (1.3.6.1.4.1.27457.1)
Officially supported Joomla! schemas are created within this space.
JoomlaGroup (1.3.6.1.4.1.27457.1.1)
Teh JoomlaGroup attribute is designated so that a JoomlaGroup attribute may be added to users easily that doesn't conflict with any other LDAP attribute.
# Joomla Group Attribute; free form text attributetype ( 1.3.6.1.4.1.27457.1.1 NAME 'JoomlaGroup' DESC 'Joomla: Group to belong to' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
JoomlaUser (1.3.6.1.4.1.27457.1.2)
The JoomlaUser object class exists to enforce and permit certain attributes for an entry to better integrate with Joomla.
# Joomla User Object Class # Requires various elements objectclass ( 1.3.6.1.4.1.27457.1.2 NAME 'JoomlaUser' DESC 'User of a Joomla instance' AUXILIARY MUST ( cn $ JoomlaGroup $ uid $ mail $ userPassword ) MAY ( givenName $ sn ) )
uidAlias/useridAlias (1.3.6.1.4.1.27457.1.3)
The user ID alias is used to enable redundant user ID's to be designated. The primary user ID field will actually identify the user. This is useful for migrating legacy systems with duplicate user ID's for distinct individuals.
# Joomla User Alias attribute; free form text attributetype ( 1.3.6.1.4.1.27457.1.3 NAME ('uidAlias' 'useridAlias') DESC 'Aliased user id' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
Full Schema
Copy this text into a file (e.g. joomla.schema) to include in your LDAP system (e.g. copy it to /etc/ldap/schema). If you are using OpenLDAP on Debian, creating the file /etc/ldap/schema/joomla.schema and adding:
include /etc/ldap/schema/joomla.schema
to your /etc/ldap/slapd.conf file should work.
joomla.schema:
# Joomla Group Attribute; free form text attributetype ( 1.3.6.1.4.1.27457.1.1 NAME 'JoomlaGroup' DESC 'Joomla: Group to belong to' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) # Joomla User Alias attribute; free form text attributetype ( 1.3.6.1.4.1.27457.1.3 NAME ('uidAlias' 'useridAlias') DESC 'Aliased user id' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) # Joomla Block User attribute; boolean attributetype ( 1.3.6.1.4.1.27457.1.4 NAME 'JoomlaBlockUser' DESC 'If the user should be blocked' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) # Joomla User Params; free form text attributetype ( 1.3.6.1.4.1.27457.1.5 NAME 'JoomlaUserParams' DESC 'Joomla User Parameters' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{65535} ) # Joomla User Object Class # Requires various elements # Extra name details are optional objectclass ( 1.3.6.1.4.1.27457.1.2 NAME 'JoomlaUser' DESC 'User of a Joomla instance' AUXILIARY MUST ( cn $ JoomlaGroup $ uid $ mail $ userPassword $ JoomlaBlockUser ) MAY ( givenName $ sn $ useridAlias $ displayName $ givenName $ initials $ JoomlaUserParams ) )