LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-16-2009, 04:47 PM   #1
Arty Ziff
Member
 
Registered: May 2008
Location: Tacoma, WA
Distribution: CentOS and RHEL
Posts: 102

Rep: Reputation: 15
LDAP to Authenticate Joomla Users


I'd like to explore the process of using LDAP to authenticate users in a Web site type situation. My plan is to set up a test Web site that has a user registration feature (using some CMS, probably Joomla), and go from there in the learning process.

I understand that LDAP is a protocol, but how does that fit in with the actual database application?

Any advice or tutorials out there that address this kind of use?

- Thanks
 
Old 01-17-2009, 02:34 PM   #2
irishbitte
Senior Member
 
Registered: Oct 2007
Location: Brighton, UK
Distribution: Ubuntu Hardy, Ubuntu Jaunty, Eeebuntu, Debian, SME-Server
Posts: 1,213
Blog Entries: 1

Rep: Reputation: 83
LDAP stands for Lightweight Directory Access Protocol, but it is the directory and the protocol, in other words, it is a complete database system in its own right. Take a look at this for LDAP and Joomla: http://docs.joomla.org/LDAP and http://en.wikipedia.org/wiki/Lightwe...ccess_Protocol

Joomla can interface with an existing LDAP server out of the box at this stage, which is a big advantage in terms of the idea of Single Sign On, or Single Password systems.
 
Old 01-18-2009, 04:01 PM   #3
Arty Ziff
Member
 
Registered: May 2008
Location: Tacoma, WA
Distribution: CentOS and RHEL
Posts: 102

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by irishbitte View Post
Joomla can interface with an existing LDAP server out of the box at this stage, which is a big advantage in terms of the idea of Single Sign On, or Single Password systems.
Thanks for your comment. This project is an educational one for me, I'm not setting up any production environment, I'll leave that to someone who knows what they're doing...

I am failure with relational DB servers such as PostgresSQL and of course MySQL, and to a lessor degree I've used MSSQL in the past.

Can these applications serve ans an LDAP server, or are there other specifically dedicated applications designed for this type of directory service (I think I've heard that Active Directory is an LDAP type service, though I'm not planning to do anything on the Widows platform)?

If CMSs like Joomla or perhaps Drupal (or whatever) have functionality to interact with an LDAP server, what server application do they talk to?
 
Old 01-18-2009, 07:13 PM   #4
irishbitte
Senior Member
 
Registered: Oct 2007
Location: Brighton, UK
Distribution: Ubuntu Hardy, Ubuntu Jaunty, Eeebuntu, Debian, SME-Server
Posts: 1,213
Blog Entries: 1

Rep: Reputation: 83
To be honest, there really is a pile of info out there about LDAP, and the various implementations of it. Microsoft AD is really an example of a an IPA suite, which stands for Identity, Policy and Audit. Take a look at this for more detail on IPA. The advantage of such a system lies in secure authentication mechanisms, along with group policy management and compliance auditing. AD uses LDAP for storage of all policies, including computers, users, and group management.

In an implementation of Joomla or many other CMS's, LDAP is used solely for identity management, with the advantage of having a directory of your registered users for use in other applications, for example, marketing apps.

You must understand, LDAP is a database in its own right, it does not use any SQL based DB like mysql, or mssql. Examples of LDAP implementations are OpenLDAP, Fedora Directory Server and of course the proprietary options: MS Active Directory and Novell eDirectory.

There are others, but these are the most prominent. I use OpenLDAP, simply because I run Ubuntu servers, and OpenLDAP is available easily. Other options would be Fedora, and of course AD.
 
Old 01-18-2009, 07:17 PM   #5
irishbitte
Senior Member
 
Registered: Oct 2007
Location: Brighton, UK
Distribution: Ubuntu Hardy, Ubuntu Jaunty, Eeebuntu, Debian, SME-Server
Posts: 1,213
Blog Entries: 1

Rep: Reputation: 83
Your last question:
Quote:
If CMSs like Joomla or perhaps Drupal (or whatever) have functionality to interact with an LDAP server, what server application do they talk to?
the answer is that all LDAP implementations in linux run some form of a server daemon, in the case of OpenLDAP it's a server daemon called 'slapd'. Other applications talk to slapd.

If you are unsure as to what a daemon is, simply put it is a system service, similar in theory to Windows services, if you are familiar with those.
 
Old 01-19-2009, 12:28 AM   #6
Arty Ziff
Member
 
Registered: May 2008
Location: Tacoma, WA
Distribution: CentOS and RHEL
Posts: 102

Original Poster
Rep: Reputation: 15
Well, it would seem to me that OpenLDAP would be the one for me to play around with in my sandbox, I'm using CentOS and I can install it with yum. Much of the references I see in searches for tutorials refer to it.

I mean, I guess I might be able to use Fedora Directory Server because CentOS is built with Red Hat source.

But OpenLDAP seems to be widely used...

I don't mind command line, my server box is "headless". But I wonder if a Web based admin client exists... I did see something called phpLDAPadmin, but it doesn't seem to have much community.
 
Old 01-19-2009, 11:11 PM   #7
irishbitte
Senior Member
 
Registered: Oct 2007
Location: Brighton, UK
Distribution: Ubuntu Hardy, Ubuntu Jaunty, Eeebuntu, Debian, SME-Server
Posts: 1,213
Blog Entries: 1

Rep: Reputation: 83
phpldapadmin is good, but not for production environment, since it is insecure. CentOS Directory Server, a version of Fedora Directory Server is buildable, and this is a reasonable example of installing it on CentOS: http://www.linuxmail.info/fedora-dir...owto-centos-5/, take a look. FDS is very good on security and has a java / apache control console as part of the package.
 
Old 01-20-2009, 12:33 AM   #8
Arty Ziff
Member
 
Registered: May 2008
Location: Tacoma, WA
Distribution: CentOS and RHEL
Posts: 102

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by irishbitte View Post
phpldapadmin is good, but not for production environment, since it is insecure.
Even using basic Apache authentication (.htaccess) over an SSL conx?
Quote:
Originally Posted by irishbitte View Post
FDS is very good on security and has a java / apache control console as part of the package.
This might be what I look at.

Now I'm thinking I'll have to do some actual research into both OpenLDAP and CentOS's implementation of FDS, compare and contrast.

On the one hand, OpenLDAP is widely used and there are a ton of tutorials, on the other hand I am equally impressed with the idea that FDS has been vetted through the Fedora project. And the added bonus of an included Web based admin interface is very attractive.

Hmmmmm....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can Samba authenticate to AD only using LDAP? dougnc Linux - Networking 8 09-25-2006 12:17 PM
problem with jabberd2 (using ldap to authenticate) eantoranz Linux - Software 3 05-31-2006 04:51 PM
how to authenticate external users but bypass prompt on local LAN users? taiwf Linux - Security 5 07-13-2005 10:01 AM
Authenticate from a LDAP SuperSerg Linux - Security 2 12-20-2004 12:16 PM
Cant authenticate to LDAP domain with Redhat9 shaughto Red Hat 3 07-23-2004 12:29 AM


All times are GMT -5. The time now is 08:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration