Scribd Logo
Upload

Welcome to Scribd!

  • Authentication

    Uploaded by

    Poomjit Sirawongprasert
    2K views22 pages
    For Joomla Day in Bangkok

    Original Title

    authentication

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    For Joomla Day in Bangkok

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2K views22 pages

    Authentication

    Uploaded by

    Poomjit Sirawongprasert
    For Joomla Day in Bangkok

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    Authentication in

    Joomla! 1.5
    An introduction to the authentication plugins

    Sam Moffatt
    Joomla!Day Bangkok, 2008
    About Me
    Sam Moffatt
    [ pasamio ] [ sam.moffatt@joomla.org ]
    Developer
    Migration Tool
    JAuthTools

    Joined Joomla! after Summer of C ode (SOC) 2005


    Has mentored for 2006, 2007 and 2008 SOC

    Toowoomba, Queensland, Australia


    Uni student, local government officer and
    freelancer developer

    Authentication in Joomla! 1.5


    2
    Authentication from 1.0 to 1.5

    • Joomla! 1.0 had no authentication plugins


    making custom authentication hard.
    • JAuthTools provided LDAP support for 1.0,
    but it was limited.
    • Joomla! 1.5 now supports multiple
    authentication methods, including:
    – Joomla! (the default)
    – LDAP
    – OpenID
    – GMail

    Authentication in Joomla! 1.5


    3
    Authentication Methods in 1.5

    • Joomla!
    This is the default authentication plugin that uses
    the built-in tables like in 1.0
    • LDAP
    LDAP is available from most corporate directories
    like Active Directory, eDirectory or OpenDirectory
    • OpenID
    OpenID is a decentralized authentication system
    that communicates between sites.
    • GMail
    GMail works with any valid Google Mail account,
    including Google Apps for your Domain

    Authentication in Joomla! 1.5


    4
    Selecting an Authentication Method

    • Stand-alone website
    – Use Joomla!
    • Community Website
    – Use Joomla!, OpenID and Gmail
    • Corporate Website/Intranet
    – Use Joomla!, LDAP and OpenID

    Authentication in Joomla! 1.5


    5
    Configuration

    • OpenID and GMail are easy to configure by


    just enabling the plugins.
    • LDAP requires additional configuration.

    Authentication in Joomla! 1.5


    6
    Intro to LDAP

    • LDAP is a popular protocol used by various


    products:
    – Microsoft Active Directory
    – Novell eDirectory
    – Fedora Directory Services
    – Apple OpenDirectory
    • OpenLDAP is an open source LDAP
    compatible directory, also powers Apple
    OpenDirectory.

    Authentication in Joomla! 1.5


    7
    User Benefits

    • In a corporate environment LDAP already


    exists with users details, including their
    passwords
    • When planning large scale deployments,
    LDAP can provide single password control
    for multiple sites and solutions
    • Many other products integrate into LDAP
    as well making it a good solution for
    maintaining a single user source.

    Authentication in Joomla! 1.5


    8
    Connecting to LDAP Directories

    • Joomla! 1.5 comes with a LDAP


    authentication plugin to allow you to
    connect into a LDAP directory out of the
    box
    • Joomla! 1.0 has limited support for LDAP
    via the JAuthTools project
    – http://sammoffatt.com.au/jauthtools
    • Both systems support automatic user
    creation from LDAP information

    Authentication in Joomla! 1.5


    9
    Connecting to LDAP Directories

    • User autocreation requires the following


    pieces of information:
    – Username
    – Name
    – Email Address
    • To authenticate you need to be able to
    provide an ability to 'bind' against the
    directory
    • Some directories (AD) may require a
    'service' user to operate properly.
    Authentication in Joomla! 1.5
    10
    Connecting to LDAP Directories - 1.5

    • The LDAP Plugin is


    available via the
    Extensions ->
    Plugins menu.
    • Some options have
    defaults already,
    but most will need
    to be filled in with
    specific settings

    Authentication in Joomla! 1.5


    11
    Connecting to LDAP Directories - 1.5

    • Host needs to be your LDAP server


    • Port should be fine for most users
    • LDAP V3 is required for some directories
    (e.g. OpenLDAP)
    • TLS is encryption, not available for all
    systems
    • Do not follow referrals is an option useful
    especially for AD servers

    Authentication in Joomla! 1.5


    12
    Connecting to LDAP Directories - 1.5

    • Authorization Method:
    – Bind directly as user is useful for flat directory
    structures (e.g. all users in one container)
    – Search and bind is useful for when you have
    multiple OU's or containers in the tree (such
    as Active Directory)
    • Base DN: This is the base of your directory.
    Active Directory users may wish to make
    this their Users container

    Authentication in Joomla! 1.5


    13
    Connecting to LDAP Directories - 1.5

    • Search String is used for the search


    method to find users, typically in the
    form:
    – uid=[search]
    – sAMAccountName=[search] (Active Directory)
    • Users DN is used with the direct bind and
    the initial bind before a search (for AD):
    – uid=[username],OU=Users,O=Joomla
    – [username]@joomla.org (Active Directory using site
    name at the end)

    Authentication in Joomla! 1.5


    14
    Connecting to LDAP Directories - 1.5

    • Connect username and connect password


    are used if your directory requires an
    authorized user before they conduct a
    search.
    – An example of this is Active Directory.
    – This should be a special user account for
    Joomla! - it only needs to be able to bind and
    search the LDAP directory.
    – This username should match up with the User
    DN to form the full DN of the user

    Authentication in Joomla! 1.5


    15
    Connecting to LDAP Directories - 1.5

    • Map Values:
    – Full Name: The attribute that stores the full
    name
    – Email: The attribute that stores the users
    email address
    – User ID: The attribute that stores the
    username or user id of the user (this is used
    with the username the user is trying to log in
    with).

    Authentication in Joomla! 1.5


    16
    Active Directory Specific Notes

    • Your Active Directory Base DN is typically


    your site name, e.g.:
    – DC=joomla,DC=org
    • All attribute names are capitalized (e.g.
    CN, OU, DC)
    • Default user container is CN=Users:
    – CN=Users,DC=joomla,DC=org
    • Use a tool like LDAP browser to see what
    your directory looks like via LDAP if you
    don't know
    – http://www-unix.mcs.anl.gov/~gawor/ldap/
    Authentication in Joomla! 1.5
    17
    Active Directory Specific Notes

    • Active Directory has some different map


    values from the defaults:
    – Name: displayName
    – User ID: sAMAccountName

    Authentication in Joomla! 1.5


    18
    Active Directory Specific Notes

    • There is a tool to automatically configure


    Joomla! 1.5 in JDiagnostics and tools to
    help test settings
    • Unfortunately it is English only!
    • Available here:
    – http://joomlacode.org/gf/project/pasamioprojects/frs/

    Authentication in Joomla! 1.5


    19
    Pitfalls

    • Active Directory is case sensitive for


    everything
    • By default emails have to be unique, this
    may cause user autocreation to fail with
    an authorization failed message.
    – For example your installed admin user may
    have your email address already

    Authentication in Joomla! 1.5


    20
    More Information

    • For more information check out the


    JauthTools website for:
    – sample configuration files,
    – instructions on deploying an OpenLDAP
    directory
    – Joomla! 1.0 options (very similar to 1.5!)
    – Other 1.5 authentication options
    (passwordless login)
    – Links to useful resources
    • http://sammoffatt.com.au/jauthtools

    Authentication in Joomla! 1.5


    21
    Demonstration

    Demonstration and questions

    URLs:
    http://www-unix.mcs.anl.gov/~gawor/ldap/
    http://joomlacode.org/gf/project/pasamioprojects/frs
    http://sammoffatt.com.au/jauthtools

    Authentication in Joomla! 1.5


    22

    You might also like