Daniel James Scott - Joomla, Kerberos and LDAP integration

Joomla, Kerberos and LDAP integration

Integration of Joomla! with Kerberos authentication and LDAP authorization is possible with some third party plugins. The bulk is already integrated into Joomla! however. Sam Moffat's Joomla Authentication Tools (JAuthTools) must be installed and the wiki came in very handy.

The following Plugins must be installed/enabled:

Authentication - LDAP.Configure the LDAP server settings and username, email and name 'dn's.
Authentication - Advanced LDAP. Permits authentication using LDAP and synchronisation of account details.
SSO - HTTP. For enabling HTTP authentication. Ensure that SSL is used to prevent clear text passwords.
System - JAuthTools Synchronization Plugin. This is for automatically demoting Joomla users whose LDAP group has changed.
System - Single Sign On. This enables automatic Joomla user creation from LDAP users.
User Source - LDAP. This is for mapping LDAP groups to Joomla! groups.

Here are the settings which work with Fedora's FreeIPA server.

Authentication - LDAP plugin

Host: ipaserver.example.com

LDAPv3: Yes

Negotiate TLS: No

Follow referrals: No

Authorisation Method:Bind Directly as User

Base DN:dc=example,dc=com

Search String:uid=[search]

User'sDN:uid=[username]@example.com

Connect Username:<<blank>>

Connect Password:<<blank>>

Map Full name: cn

Map Email: mail

Mat User ID: uid

Authentication - Advanced LDAP

Enable User Source Sync: Yes

Require Joomla! User:No

# Ensure that the two plugins above are higher priority (above, in plugin list) than the 'Authentication - Joomla' plugin.

SSO: HTTP

User Key: REMOTE_USER

Username replacement: @EXAMPLE.COM

System SSO:

Auto Create Users: Yes

Enable backend SSO: Yes

Override logged in user: No

User Source - LDAP

Map User Blocked:loginDisabled # I haven't tested for blocked users.

Map User Groups:memberOf

Map Group Members:member

Group Map:

cn=joomlasuperadmins,cn=groups,cn=accounts,dc=example,dc=com;25;Super Administrator;20

cn=joomlapublishers,cn=groups,cn=accounts,dc=example,dc=com;21;Publisher;100

cn=joomlamanagers,cn=groups,cn=accounts,dc=example,dc=com;23;Manager;10

Use reverse group membership:No

Authenticate Group Search:No

Use recursive group membership:No

Use iconv:No

Original Encoding (e.g. ISO8859-1):ISO8859-1

Target Encoding (e.g. your database):UTF-8

Joomla Extensions

Configuration Guides

Troubleshooting

Application Guides

Donate

If this software is helpful to you, please consider a donation.

Daniel James Scott - designed and maintained by Daniel Scott, Powered by Joomla!; Joomla templates by SG web hosting