LDAP Configuration


Step 1: Connection to the Active Directory/LDAP Server

The first step is to establish a connection to your Active Directory/LDAP Server.

  • Navigate to the Configure LDAP tab.

  • Enter your Active Directory IP or Server address URL in the form of myldapserver.domain or 89.38.192.1. If you are using SSL, select LDAPS from the dropdown and change the port number to 636. Click on the Contact LDAP Server button to connect to your LDAP Server.

  • If you wish to establish a connection to your LDAP Server using LDAPS and bypass the certificate, you can check the Ignore LDAPS certificate option.

  • Enter the Service Account DN to establish the connection. You can add the service account username name in various formats such as Username@domainname, domainname\Username, or cn=username,cn=group,dc=domain,dc=com.

  • Enter your Service Account Password (Bind account password) and click on the Test Connection and Save button to test whether or not you can bind to your LDAP/ Active Directory server.

Step 2: User Mapping Configuration

The second step is to add the configuration to search for a user. To search for a user, we need to know where to search (Search Base) and how to search (Search Filter) for it.

  • Search Base - where to search for the user: To search for a user, we need to provide the location where the user's details are stored. The Active Directory/LDAP Server has a hierarchical structure, and data is stored in the form of branches of a tree. Eg: DC=Users;DC=domain;DC=com, etc.
  • Search Filter- how to search for the user: While logging in to Joomla, your users will be searched by this attribute in your Active Directory. This field is important for two reasons:
    • While searching if the user exists, this attribute is going to be matched.
    • If you want your users to log in with their username or firstname or lastname or email - you need to specify those options in this field eg: LDAP_ATTRIBUTE. Replace with the attribute where your username is stored. Some common attributes are:
LDAP Attribute Name LDAP Attribute Value
common name (&(objectClass=)(cn=?))
email (&(objectClass=)(mail=?))
login name (&(objectClass=)(sAMAccountName=?)) or (&(objectClass=)(userPrincipalName=?))
custom attribute where you store your Joomla usernames use (&(objectClass=)(customAttribute=?))
Multiple attributes (&(objectClass=*)(|(cn=?)(mail=?)))

Multiple Search Bases: If you wish to search for users in multiple bases, you can configure the search base, separated by (;).

Step 3: Test the Connection