Joomla Active Directory Integration

Joomla can be integrated with AD (Microsoft Active Directory) so that users can login to a Joomla site using their AD account. Here are the step-by-step instructions to do that. 
Specifications
PHP: 5.2.6
MySQL: 5.0.45 
Apache: 2.2.9
Joomla: 1.0.15 Stable
Mambots: JAuthTools 1.0.8
1. Make sure LDAP support is enabled in PHP. Run phpinfo() to verify. For example: 
ldap
LDAP Support 	enabled
RCS Version 	$Id: ldap.c,v 1.161.2.3.2.12 2007/12/31 07:20:07 sebastian Exp $
Total Links 	0/unlimited
API Version 	3001
Vendor Name 	OpenLDAP
Vendor Version 	20327
2. Install JXplorer - an open source ldap browser. You can download it from here: http://www.jxplorer.org/ Run JXplorer and try to connect to the AD server. A successful connection will give you full drill down details. Not the base DN which we will use later.

3. Install JAuthTools. You can find JAuthTools here: http://joomlacode.org/gf/project/jauthtools/ You will need to install at least the following 2 mambots: 
Joomla LDAP
LDAP SSI
4. In Joomla Admin panel, click: Mambots -> Site Mambots -> Joomla LDAP Use the following settings: 
Host                       : Active Directory host, can be domain name or IP address.
                             For example, my-domain.com or 192.168.1.1
Alternate Host             : Use if you have an alternate host
Port                       : Usually 389
LDAP V3                    : Yes
Negotiate TLS              : No
Don't follow referrals     : Yes
LDAP directory is AD       : Yes

Base DN                    : CN=Users,DC=ad,DC=joomla,DC=org
Users DN                   : CN=[username],CN=Users,DC=ad,DC=joomla,DC=org
Search string              : sAMAccountName=[search]
Connect username           : AD account to connect
Connect password           : xxxxx
Authorization Method       : Bind as user

Map FullName               : displayName
Map Email                  : mail
Map User ID                : sAMAccountName
Map Password               : userPassword
Map User Blocked           : loginDisabled
Map Group Name             : groupMembership
Map Group Members          : member

Auto Create Users          : Yes
Auto Create Public Frontend: Yes
Demote Users               : No
Force LDAP Authentication  : No
CB: Confirm Users          : Auto confirm
Obscure Password           : No
Synchronisation Event      : On Login

Default Group              : Public Frontend / Registered / Author / Editor
The key is to get the Base DN right. You can get the correct base DN from JXplorer that we installed earlier.

Every server is configured differently and the settings of AD will also vary from organization to organization. JXplorer is your friend here to help you get the Base DN information correct.

For troubleshooting make sure you check AD error logs.

Good luck!


Write a Comment


Your Name:
Your Email:
Comment: