Window 2003 Server Active Directory Configuration
Following is the step by step guide to configure the Active Directory for Joomla Authentication.
The steps are followed on the Windows 2003 Server Active Directory.
Windows Server 2003 Installation
While installing Windows Server 2003 it asks to create the administrator user for the system and the computer name.
User name: Administrator
Computer Name: Server01
Configuring the Server
The server will be configured as a first domain controller in the Active Directory domain called joomla.org.
Following are the steps:
- Open Manage Your Server page.
- Click on Add or Remove a role
- Click Next and the Configure Your Server wizard detects network settings.
- Click the Typical configuration for a first server. Click Next
- In Active Directory domain name, type joomla.org
- Verify that NetBIOS name reads JOOMLA and click Next
- Verify that the Summary Of Selections matches that shown in Figure below and click Next. The Configure Your Server Wizard reminds you that the system will restart and asks you to close any open programs.
- 8.Click Yes.
- After the system has restarted, log on as Administrator.
- The Configure Your Server Wizard will summarize its final steps
Creating User to bind to the Active Directory
In this step, the user with the administrative access on the Active Directory is created.
Open Manage Your Server Page, Click on Manage Users and Computers in Active Directory. It will open window show below.
- Browse through the Active Directory Users and Computers → joomla.org → Users
- Right Click on Users select New->User
- Enter the user details as shown in the figure below.
- Click Next and enter the password for the new user object.
- Click Finish.
Add this user to a group of Administrators by editing the properties of the user object. Add “Administrator” entry in the Member of property of the user object.
Then add another user to the Active Directory Users and Computers under Users.
Configuring the Authentication LDAP plugin of Joomla
Log in as administrator in the joomla site. Open the Authentication- LDAP plugin and enter the following details.
LDAP V3: Yes
Negotiate TLS: No
Follow referrals: No
Authorisation Method: Bind and Search
Base DN: DC=joomla, DC=org
Search String: CN=[search]
Users' DN: CN=[username],CN=Users,DC=joomla,DC=org
Connect username: joomla
Connect Password: password
Map: Full Name: fullName
Map: E-mail: mail
Map: User ID: CN
Unlike OpenLDAP the connect username cannot be blank.
This is because, when the user (who needs to be authorized against the Active Directory) tries the authentication, the plugin will first search the username in the directory; this search will not return anything if the directory is not bind first.
Also, the mail attribute has to be mapped correctly.
The phpldapadmin interface can also be used to browse the Active Directory.
The users can login by providing the Login DN as or cn=username,cn=Users,dc=joomla,dc=org.