Last year I wrote about using JMapMyLDAP v1 to integrate Joomla 3 with Active Directory, however more recently I've been using JMapMyLDAP version 2.

The basics are still the same, essentially we want to improve the user experience of Joomla and allow the windows username and password to be automatically passed to the browser, and the user is automatically logged in.

The active directory integration is achieved with a free extensions provided by JMapMyLDAP. You can download the plugins from their website.
http://shmanic.com/tools/jmapmyldap/download.htm
The documentation is located at:
http://shmanic.com/tools/jmapmyldap/guide.htm#configuser

 

The first step is to download the install packages from Shmanic, and install them on your Joomla site.

1

Regarding the configuration, here are some screen shots of how I implemented it on a Joomla 3 Intranet.

2

 

3

 

The host is the name or IP address of your LDAP server, in this case a Windows Domain Controller. The connect user is the name of the user we are using for the LDAP connection. In this case we are using an account called LDAP Service which is located in the Service Account OU that is within the AU OU.
CN=LDAP service,OU=Service Accounts,OU=AU,DC=yourdomain,DC=com
 

Here is an example of the LDAP Service account.
 

 

The LDAP Service account doesn’t need domain admin rights, just add it to the Domain Users group.
 

 

 

 

4

 

The Base DN should match your active directory, in this case DC=yourdomain,DC=com
 

The User DN / Filter for Active Directory should be set to (sAMAccountName=[username]).

For Active Directory, the Map User ID should be set to sAMAccountName.
The Map Full Name which is set to displayName, you will see below matches up with the Display name field of the user’s active directory account.
The Map Email which is set to mail, referred to the E-mail filed in the user’s active directory account.

 

 

 

5

 

6

 

7

 

For Single Sign In (SSI), where the browser automatically passes the users windows credential to Joomla and you don't have to type in your username and password, you will need to install the HTTP SSO plugin.

 

I hope these screenshots are helpful, and feel free to leave any hints and tips in the comments.

Leave your comments

Post comment as a guest

0
Your comments are subject to administrator's moderation.

People in this conversation

  • Guest - Nerdican

    I am having trouble getting the SSO to function.

    LDAP Authentication works great. SSO_Dummy Works great. Logs show

    2015-01-09T20:02:29+00:00 15066 Successfully detected user 'mouse' using SSO plug-in 'PlgSSODummy'.
    2015-01-09T20:02:29+00:00 12612 Successfully logged in user 'mouse'.
    2015-01-09T20:02:29+00:00 15079 Successfully logged in user 'mouse' via SSO.
    2015-01-09T20:02:29+00:00 15066 Successfully detected user 'mouse' using SSO plug-in 'PlgSSODummy'.
    2015-01-09T20:02:29+00:00 12612 Successfully logged in user 'mouse'.
    2015-01-09T20:02:29+00:00 15079 Successfully logged in user 'mouse' via SSO.

    But when I turn off the Dummy - SSO and turn on the HTTP -SSO all I get is this

    2015-01-09T20:02:29+00:00 15068 No SSO detection plug-ins found.
    2015-01-09T20:02:38+00:00 15068 No SSO detection plug-ins found.
    2015-01-09T20:02:38+00:00 15068 No SSO detection plug-ins found.
    2015-01-09T20:02:39+00:00 15068 No SSO detection plug-ins found.
    2015-01-09T20:02:39+00:00 15068 No SSO detection plug-ins found.
    2015-01-09T20:02:42+00:00 15068 No SSO detection plug-ins found.
    2015-01-09T20:02:42+00:00 15068 No SSO detection plug-ins found.
    2015-01-09T20:02:43+00:00 15068 No SSO detection plug-ins found.
    2015-01-09T20:02:43+00:00 15068 No SSO detection plug-ins found.
    2015-01-09T20:02:47+00:00 15068 No SSO detection plug-ins found.
    2015-01-09T20:02:48+00:00 15068 No SSO detection plug-ins found.
    2015-01-09T20:02:49+00:00 15068 No SSO detection plug-ins found.
    2015-01-09T20:03:00+00:00 15068 No SSO detection plug-ins found.
    2015-01-09T20:03:01+00:00 15068 No SSO detection plug-ins found.

    the system is working and trying to grab the information for my account and pass it along but it is acting like it isn't seeing the http plugin for sso? If that is how I am reading that right.

    I am running Ubuntu Server 14.04 with Apache2, Joomla 3.3.6, JMapMyLDAP v2, MySQL, and PHP 5.X.X (not sure right now which exact version. I run Windows Server 2008 Domain Controllers for my Active Directory AD Environment.

    Working on Intranet and hope to find the resolution to this matter.
    I have uninstalled and reinstalled the plugins and nothing changes.

  • Guest - Bobby

    How would you filter only active members? I have tried - (&(objectClass=user)(badgeid=*)(employeeid=*)(userAccountControl=512)) - under the miscellaneous All User Filter

    from Charleston, SC, USA