Lalitanand Dandge

 

Window 2003 Server Active Directory Configuration

Following is the step by step guide to configure the Active Directory for Joomla Authentication.

The steps are followed on the Windows 2003 Server Active Directory.

Windows Server 2003 Installation
While installing Windows Server 2003 it asks to create the administrator user for the system and the computer name.
User name: Administrator
Password: Welcome123
Computer Name: Server01

Configuring the Server
The server will be configured as a first domain controller in the Active Directory domain called joomla.org.
Following are the steps:

  1. Open Manage Your Server page.
  2. Click on Add or Remove a role
  3. Click Next and the Configure Your Server wizard detects network settings.
  4. Click the Typical configuration for a first server. Click Next
  5. In Active Directory domain name, type joomla.org
  6. Verify that NetBIOS name reads JOOMLA and click Next
  7. Verify that the Summary Of Selections matches that shown in Figure below and click Next. The Configure Your Server Wizard reminds you that the system will restart and asks you to close any open programs.
  8. 8.Click Yes.
  9. After the system has restarted, log on as Administrator.
  10. The Configure Your Server Wizard will summarize its final steps

Creating User to bind to the Active Directory
In this step, the user with the administrative access on the Active Directory is created.

Open Manage Your Server Page, Click on Manage Users and Computers in Active Directory. It will open window show below.

  1. Browse through the Active Directory Users and Computers → joomla.org → Users
  2. Right Click on Users select New->User
  3. Enter the user details as shown in the figure below.
  4. Click Next and enter the password for the new user object.
  5. Click Finish.

Add this user to a group of Administrators by editing the properties of the user object. Add “Administrator” entry in the Member of property of the user object.

Then add another user to the Active Directory Users and Computers under Users.

Configuring the Authentication LDAP plugin of Joomla

Log in as administrator in the joomla site. Open the Authentication- LDAP plugin and enter the following details.
Host: joomla.org
Port: 389
LDAP V3: Yes
Negotiate TLS: No
Follow referrals: No
Authorisation Method: Bind and Search
Base DN: DC=joomla, DC=org
Search String: CN=[search]
Users' DN: CN=[username],CN=Users,DC=joomla,DC=org
Connect username: joomla
Connect Password: password
Map: Full Name: fullName
Map: E-mail: mail
Map: User ID: CN

Note:
Unlike OpenLDAP the connect username cannot be blank.
This is because, when the user (who needs to be authorized against the Active Directory) tries the authentication, the plugin will first search the username in the directory; this search will not return anything if the directory is not bind first.

Also, the mail attribute has to be mapped correctly.

The phpldapadmin interface can also be used to browse the Active Directory.
The users can login by providing the Login DN as This email address is being protected from spambots. You need JavaScript enabled to view it. or cn=username,cn=Users,dc=joomla,dc=org.

Feature Specification:

Following are the main tasks those will be carried out as a part of implementation for GSoC:

LDAP User

The LDAP User plugin will enable to push the users data into the LDAP directory. This plugin will provide the templates for configuring the various LDAP implementations like Microsoft Active Directory, OpenLDAP, OpenDirectory etc. The administrator will be able to set and edit
the configuration details for the particular LDAP implementation.

This plugin will also provide the way to synchronise the user details in both the joomla and the directory system. This will map the various user attributes in both the Joomla! and directory service.

LDAP Groups and Group Mapping


The LDAP Groups plugin will enable administrator to import/add  the group from/to LDAP.

This plugin will allow administrator to create user group in the LDAP and organize users accordingly.

The users can also be organized in other way, like the user can be a member of the various groups. So while doing authentication the groups an user belong to can be retrieved in the user object.

This plugin will provide the way to import the users from the particular group of LDAP to the Joomla! groups.
Like LDAP User, the plugin will provide the configurable templates to support various directory implementations.

To provide the way to map the groups from external systems with the Joomla groups the extension will be implemented; which will take care of the the Group mappings between the external system and Joomla!

Timeline:

Following is the rough estimates about the timeline which shall be followed for the feature implementation

LDAP User: 3-4 weeks

LDAP Groups: 3-4 weeks

Group Mappings: 2 weeks

The LDAP user and the part of LDAP groups will be implemented by mid term.

 

 

Joomla GSOC 2009 Student Lalitanand DandgeI am a Masters student in Computer Science & Engineering at Indian Institute of Technology, Madras (Chennai, India). After completing my Bachelors I worked as Staff Scientist for Center for Development of Advances Computing, Mumbai India.

My project involves developing a plugin for Joomla to support LDAP Groups, and LDAP Authentication and Group Discovery. This will include support for mapping Joomla groups with the LDAP groups.

 

Latest Blogs on Lalitanand's Project

Lalitanand's Project Links