JMapMyLDAP
JMapMyLDAP copied to clipboard
ShMaunder
Manage Joomla! user (update, delete) when edited in LDAP
Hi there !
First I would like to thank you for this great plugin, awesome work ! I would like to know if there's a way to "link" LDAP user change to the Joomla! user.
By example if I delete the user in LDAP, I would like to delete the Joomla! user too.
Thank you. Best regards, Kevin
Hi Kevin,
Currently there is only optional functionality to delete users from LDAP when a Joomla user is deleted and not round the other way. We are already tagging each Joomla user as an LDAP user so I can't see it being too hard to do this within a batch Cron job. However we would need to be very careful of such functionality and its probably more safe to disable the user. My worry would be issues such as #16 which wouldn't be good if it was going to delete them in Joomla. Also would need to be very confident that an error is always thrown correctly as we wouldn't want to delete an incomplete LDAP list either.
Hi,
Yes it would be better to disable the user in Joomla! that's true. So the best way would be to have a crontab checking the ldap user list ? (But then we might get the error from #16)
Is it already done ? From features list on joomla extensions : "User creation and deletion to and from LDAP"
Bests, Kevin
This feature can be done by personal user request for each user ((sAMAccountName=$user->username)) without php 5.4. But thousands requests to LDAP server is very VERY bad. Updating users is another problem. User can change login, email and other. How to control this? I`m using additional DB table and assign to objectSid LDAP attribute for resolving user account.
The current Joomla ldap_cron.php works great for updating the Joomla users list. To filter only enabled users on import when the ldap_cron.php runs, I use the following filter: Miscellaneous | All User Filter: (&(objectClass=user)(badgeid=*)(employeeid=*)(userAccountControl=512))
However, the disabled A.D. users remain in the Joomla users db and I have to manually delete them. Is there a way to have the ldap_cron.php check the Joomla users db and remove any users within that db that is not within the cron job (remove disabled users)? I have been trying to get the ldap_cron.php to remove the disabled users in A.D. from the Joomla users db with no success.
Is there something I am missing to remove the Joomla users from the db that are disabled in A.D.?
@betheredge (userAccountControl=512) is not 100% guarantee that user is unlocked. You must check second bit of this attribute for 0. In our AD only ~20% has 512 in this attr. Most of other - 62048, for example, etc.
AD has server-side option that limit number of fetching records per one request to LDAP. It`s can be 100 or 1000 records and LDAP tree can contain >300K users.
I have not made any progress on this as our needs have changed. We found that when we delete users from the DB, this displays the Joomla warning "cannot find user ID" if a user has previously submitted any forms within our system.
So instead of deleting the users, we disable and deactivate the user account within Joomla and any other profile created within a component based on the Joomla user profile. By doing this, the disabled users will still show in form fields for previously submitted forms (no more warning "cannot find user ID") but will not show on any new forms if they were part of a dropdown field based on a group they were a part of.
