LDAP User Group Mapping
Group mapping allows you to assign your users roles in Joomla based on their groups in LDAP / Active Directory Server.
For example - you have an LDAP group named studentGroupA and a Joomla group named Student. In that case, you can assign the Joomla group Student to the users present under the studentGroupA in the LDAP server when those users log in to your Joomla site using their LDAP credentials.
Role Mapping is configured during the following cases:
- LDAP SSO: When a user logs in to your Joomla site using their LDAP credentials.
- Import Users from LDAP: Joomla roles as per the configuration will be assigned while importing the users from the LDAP server.
- Windows SSO: When a user logs in to your Joomla site using their Windows credentials (NTLM/Kerberos protocol).
Steps to configure Group mapping:
- After successfully configuring the plugin with your LDAP server, navigate to the ‘Group mapping’ tab.
- In the tab you will find the following options:
- Enable Role Mapping: This checkbox lets you map your user’s LDAP Groups to their corresponding roles in Joomla. It is mandatory to enable this checkbox to perform group mapping.
- Do not update existing user’s roles (Optional): Enabling this checkbox allows you to not override your user’s existing groups and Joomla. No new groups will be mapped to the users.
- Enable mapping for Super users (Optional): Enabling this checkbox allows you to map groups for your super users in Joomla.
- Default group for new/login users: You can select a default group from this dropdown that will be assigned to your users whenever they log in to your Joomla site using their LDAP server credentials.
- In this case, as you can see, we have selected Guest, thus, whenever the user logs in using their LDAP credentials, the Guest group will be assigned to them.
- LDAP Group Attribute Name: This is the attribute under which you will get the user’s LDAP groups. Generally, we get the user's LDAP groups under the memberof attribute. You can also confirm this attribute from the LDAP list from the attributes.
Assigning Different User Groups
If you want to assign the Editor role in Joomla to users from a particular group in LDAP, then select the Author in the Joomla Group field and enter the Distinguish Name(DN) of that LDAP group next to the Editor text field. You can confirm the Group DN value from the right section of the tab.
To add more group mapping fields click on the ‘Add More Mapping’ and repeat the above steps. Once you complete the proper configurations, click the Save button.
Let’s see how LDAP groups to Joomla group mapping works:
- Let’s assume that we want to assign the testGroup1 to the users present under the testGroup LDAP group in your LDAP server. To achieve this, our group mapping configurations will look something like this:
- Now, log in to your Joomla site with a user that belongs to the testGroup LDAP group. Click on Log in.
- After the user is successfully logged in to your Joomla site using their LDAP credentials, the user will automatically get assigned to the testGroup1 group in Joomla. This can be configured as below: