Share this post
FaceBook  Twitter  

Integration of Joomla! (1.5 - this feature is included in the core of 1.6) with Kerberos authentication and LDAP authorization is possible with some third party plugins. The bulk is already integrated into Joomla! however. Sam Moffat's Joomla Authentication Tools (JAuthTools) must be installed and the wiki came in very handy.

The following Plugins must be installed/enabled:

  • Authentication - LDAP.Configure the LDAP server settings and username, email and name 'dn's.
  • Authentication - Advanced LDAP. Permits authentication using LDAP and synchronisation of account details.
  • SSO - HTTP. For enabling HTTP authentication. Ensure that SSL is used to prevent clear text passwords.
  • System - JAuthTools Synchronization Plugin. This is for automatically demoting Joomla users whose LDAP group has changed.
  • System - Single Sign On. This enables automatic Joomla user creation from LDAP users.
  • User Source - LDAP. This is for mapping LDAP groups to Joomla! groups.

Here are the settings which work with Fedora's FreeIPA server.

Authentication - LDAP plugin

Host: ipaserver.example.com
LDAPv3: Yes
Negotiate TLS: No
Follow referrals: No
Authorisation Method:Bind Directly as User
Base DN:dc=example,dc=com
Search String:uid=[search]
User'sDN:uid=[username]@example.com
Connect Username:<<blank>>
Connect Password:<<blank>>
Map Full name: cn
Map Email: mail
Mat User ID: uid


Authentication - Advanced LDAP

Enable User Source Sync: Yes
Require Joomla! User:No


# Ensure that the two plugins above are higher priority (above, in plugin list) than the 'Authentication - Joomla' plugin.


SSO: HTTP

User Key: REMOTE_USER
Username replacement: @EXAMPLE.COM


System SSO:

Auto Create Users: Yes
Enable backend SSO: Yes
Override logged in user: No


User Source - LDAP

Map User Blocked:loginDisabled # I haven't tested for blocked users.
Map User Groups:memberOf
Map Group Members:member
Group Map:
cn=joomlasuperadmins,cn=groups,cn=accounts,dc=example,dc=com;25;Super Administrator;20
cn=joomlapublishers,cn=groups,cn=accounts,dc=example,dc=com;21;Publisher;100
cn=joomlamanagers,cn=groups,cn=accounts,dc=example,dc=com;23;Manager;10
Use reverse group membership:No
Authenticate Group Search:No
Use recursive group membership:No
Use iconv:No
Original Encoding (e.g. ISO8859-1):ISO8859-1
Target Encoding (e.g. your database):UTF-8