After some fiddling around I managed to connect to an AD from Joomla, so I would like to share with you the configuration.
Apart from being a requirement in many projects, here are the benefits of using an LDAP/AD for Joomla authentication:
- Centralised user database which can be used from many different systems
- Users have only one username/password for all systems utilizing LDAP/AD
- Users can still be administered inside Joomla, since they are imported into Joomla db the first time they connect to Joomla using LDAP
- Keeps users happy! (no more extra signups)
- Best practice, IT integration
1. Go to the Joomla's administration plugin manager and enable the Authentication - LDAP plugin:
2. Configure the plugins with your AD/LDAP data. This is the tricky part, which could make you spend many hours and frustrate you a lot if you are not sure about the parameters.
The parameters shown above are for Microsoft's Active Directory and should be ok for the majority of the systems and should allow you to connect using your email credentials, for example firstname.lastname@example.org
The CN of this is the Full Name of the user.
- Host: This is the AD/LDAP hostname of your enterprise.
- Port: 389 for the majority of the systems.
- Base DN is usually something like: DC=staff,DC=domain,DC=com, but if you are not sure then you should ask your LDAP/AD administrator
- Map: User ID is case sensitive. This parameter alone could make you feel stupid if you are not aware of the case sensitivity part!
- Map: User ID is LDAP attribute to be used for the username mapping for Joomla's database. If this is different in your system, then use corresponding attribute. In most cases though the correct attribute is the sAMAccountName.
- Search String: this the LDAP filter which is used for searching and get the required attributes. This is very important, since if Joomla cannot find the user in the LDAP it doesn't authorize them (although the user binds ok with his/her credentials)
Using this configuration, users can connect to joomla using their email account and its password.
Additionally, Joomla automatically gets user's real name, email and username and uses those for its own database.
Joomla 2.5 administrators can then apply extra security, for example change user group and access levels.
Check the following articles for extra info and troubleshooting: