June 26th, 2008 | 
Author: We recently had the need to integrate campus authentication with Joomla, an open source content management system. The reason behind this is pretty obvious….we don’t want people to have to remember ANOTHER username and password when we can make it easy for them. Here at NC State, the standard authentication mechanism is WRAP. We looked at doing a WRAP module for Joomla, but why do extra work?
We decided to solve the problem by using an authentication module that was already built in to Joomla, LDAP. Our LDAP server on campus is setup nicely to allow applications to authenticate against it, so we started our trek. Here is how we accomplished this on Joomla 1.5 and with NCSU’s OpenLDAP server….
- We enabled the LDAP Authentication Plugin. To do this, you need to be logged in as a Super Administrator. Then go to Extensions -> Plugin Manager. Find the “Authentication LDAP” plugin and click it. From here you can enable and configure the module.
- Your module configuration should look like this:
Name – Leave this as it is, or change it, doesn’t matterEnabled – Make sure this is checked as “Yes”
Type – Authentication, can’t change it
Plugin File – This is the file where the magic happens. Leave it as “ldap”
Access Level – Make sure this is set to “Public”
Order – This is an important field, especially if you want to have more than one Authentication module installed at a time. Set this to the order you want the LDAP authentication to occur. If you
have Joomla Authentication enabled as well, it would probably be a good idea to set LDAP up to occur after the Joomla authentication, so users don’t have to be NCSU people to access the site.Description – Can’t change it, so leave it.
- Set the Parameters as follows:
Host – “ldap.ncsu.edu” Note that no “ldap://” or “ldaps://” is needed herePort – 389 is the default port
LDAP V3 – Set to “No”
Negotiate TLS – Set to “Yes”. This is important, otherwise LDAP won’t talk back to you
Follow Referrals – Set to “No”
Authorization Method – Set to “Bind and Search”. Because of how our LDAP servers are configured, I couldn’t get “Bind Directly As User” to work.
Base DN – “ou=accounts,dc=ncsu,dc=edu” This is the base table where authentication can be performed.
Search String - “uid=[search]“ [search] is replaced with the logging-in-user’s user ID. “uid” is the field in the “ou=accounts” table that houses unity IDs.
Users DN – leave blank
Connect username – leave blank
Connect password – leave blank
Map: Full Name – “cn” This is the filed in LDAP that contains the users full name
Map: Email – “mail” This is the field in LDAP that contains the users email address
Map: User ID – “uid”
- Save the settings by clicking the “Save” icon.
- Now we need to create users. To do that we go to Site -> User Manager. It is important when creating users that you make their username the same as their Unity ID. Once you create the user, they should now be able to log in with their NCSU credentials, through the same login mechanism as the standard Joomla Authentication.
And just like that, you have configured Joomla to use NC State authentication. One thing we haven’t figured out yet is how to stop the automatic email that comes from Joomla, telling the user they have an account with some random password that Joomla created for them. As long as you have Joomla Authentication installed, they will be able to log in with both their Joomla credentials and their NCSU credentials, but this can get confusing.
I will update this tutorial more as I learn more about Joomla and authentication.
Posted in 
Tags:
Hi!!! I have a problem…. can we restrict access to joomla using ldap aithentication by telling to avoid some userfield parameters… eg.
I have a user: Tsikos, age, sex, hight
can we restrict members of our ldap not to login if sex set to male?