PhilETaylor
commented
3 years ago The LDAP in Joomla 4 is so bad as to be totally unusable. It needs a complete rewrite by someone who understands LDAP.
Closed pioada closed 2 years ago
PhilETaylor
commented
3 years ago The LDAP in Joomla 4 is so bad as to be totally unusable. It needs a complete rewrite by someone who understands LDAP.
mrownicki
commented
3 years ago Any fix/action?
PhilETaylor
commented
3 years ago No.
The LDAP in Joomla 4 is so bad as to be totally unusable. It needs a complete rewrite by someone who understands LDAP.
mrownicki
commented
3 years ago @PhilETaylor
Do you know, any good plugin to synch AD and working with Joomla 4?
pioada
commented
3 years ago I'm rewriting plugin, but I need more time. does anyone know how to send new files to Joomla developers?
mrownicki
commented
3 years ago @pioada
Im not developer but commercial plugin using this PHP library https://www.php.net/manual/en/book.ldap.php Maybe this has been helpful for you.
mrownicki
commented
3 years ago You need, add files on GitHub and some from team must review, test etc.
mrownicki
commented
3 years ago https://docs.joomla.org/Working_with_git_and_github
PhilETaylor
commented
3 years ago The commercial leader of LDAP with Joomla is https://plugins.miniorange.com/joomla-ldap - I have never used it but I know others that use it a lot.
As for Joomla 4, the LDAP plugin in Joomla 4 is not fit for use presently with many issues and no developer, with extensive real-world knowledge of LDAP, has offered to fix them.
pioada
commented
3 years ago Hi. I dont have access to secured LDAP. Can anyone test is it work on secured LDAP? This is TEST-ONLY version, DONT use it on live site. Link to files: https://drive.google.com/file/d/1v4Q_fO24rt50ikr8hK-FQwSxI5dbnY1n/view. Extract, override and force refresh (Ctrl+f5) on plugin config view. I worked on the plug based on my own environment / needs. If you need something else then write. Do you think that automatic assigning to access groups based on LDAP attributes would be useful? @mrownicki: thanks for info. Joomla! 4 uses part of symfony LDAP library.
PhilETaylor
commented
2 years ago Thanks - I have cleaned up your PHP code a little to make a draft PR however that will probably not be accepted due to your use of jQuery.
https://github.com/joomla/joomla-cms/pull/35768
Have no idea if your work works, I have no LDAP in production.
Also I see no test authentication button
pioada
commented
2 years ago You have to copy "layouts" and "src" folders to LDAP folder. They contains definition and layout of this button. This solution is taken from other core plugins. If You did thatm, then try to force refresh or Joomla cache (?). JS code could be problem but this is only way to test connection before saving plugin configuration.
pioada
commented
2 years ago @PhilETaylor Also I see no test authentication button I copied plugin files to another J! instance and now I see this problem. It looks like the problem is with the "pathmap" to the "src" directory, which is in the "administrator/cache/autoload_psr4.php" file. J! has a "Namespace Updater" plugin that updates this file automatically, but it runs only on extension install, update and uninstall. Possible solutions: add this line to autoload_psr4 file: 'Joomla\Plugin\Authentication\Ldap\' => [JPATH_PLUGINS . '/authentication/ldap/src'], or install, update or uninstall any extension :). More over, it looks like J! by default search for custom fields in these folders: Joomla\Plugin\Authentication\Ldap\Field\TestConnectionField, Joomla\Component\Plugins\Administrator\Field\TestConnectionField, Joomla\CMS\Form\Field\TestConnectionField. I moved folder Fields to plugin main folder according to first path but it doesn't work. I also changed "addfieldprefix" to "Joomla\Plugin\Authentication\Ldap\src\Field" but that doesn't work as well. It looks like only way is to add path to autoload_psr4 file. I found this issue: https://github.com/joomla/joomla-cms/issues/20953 and I totally agree with laoneo, plugin and this map are now redundant. I will add new issue when I have a free moment. I am currently working on moving data from LDAP to additional user fields and access rights based on LDAP artifacts. I will upload new version when it will be finished.
PhilETaylor
commented
2 years ago you can just delete the autoload_psr4.php file, and it will regenerate on next page load.
I'll try that when I next circle back to this
tatankat
commented
2 years ago tatankat
commented
2 years ago With #37962, secured LDAP also works (with minimal changes). Can someone test if these PRs fixes this issue?
On a side note: why was the PR first created suddenly closed?
richard67
commented
2 years ago Closing as having a pull request. Please test #37959 . And for secured LDAP test #37962 . Thanks in advance.
Steps to reproduce the issue
Activate LDAP plugin in "direct bind" method and authenticate only with user name (not username@domain).
Expected result
Allow only user name to be used for LDAP authentication (not username@domain), like in standard Joomla! authentication method.
Actual result
Full DN is required in "username" login field (like username@domain), because it is used in "ldap_bind" and "ldap_search" methods.
System information (as much as possible)
Joomla 4.0.3
Additional comments
One possible solution is to add "ldap_prefix" and "ldap_suffix" fields in LDAP plugin configuration for "direct bind" method. This allows to use "userdn" like "domain/username" or "username@domain". Just check and merge "ldap_prefix", username (from login form) and "ldap_suffix". I can do it but how to send corrected files.