Obviously to enable to SSO on a product like Joomla there needs to be some configuration, especially when you use a package such as "Docman" which is a document manager with its own group system. This was becoming an administrative burden, having to run our Active Directory add user script and then go independently to the Joomla configuration, add the user them add them into the appropriate Docman group(s).
To fix this problem I put together a simple bash script that can handle the adduser task and placed the script on a Debian box with SSH enabled. Then I used the plink (command line) functionality of the famous putty SSH tool and paired it with our existing powershell add user script to trigger the Joomla add user process.
The bash script
The below script assumes the mysql server is on the local host and the table is called "joomla". You can set the mysql username and password in the top variables "mysqlusername" and "mysqlpassword". If you are not using Docman you can comment replace the follow line;
mysql --user=$username --pass=$password -e "use joomla; $string1 $string2 $string3 $string4"
with
mysql --user=$username --pass=$password -e "use joomla; $string1 $string2 $string3"
This will only add the user to Joomla instead of touch any Docman tables.
In short, the script looks for the next available ID to use, then adds the user and assigns them to the "20" or Editor group (this is the group I want my staff in, but you could change the 20 to another number such as 19 for Author or 25 for Super Administrator).
name=$1
username=$2
mysqlusername=joomla
mysqlpassword=joomla
domain=blah.local
email=$2@$domain
if [ -z "$2" ]; then
echo syntax: ./joomlaadd \"real name\" \"username\"
exit
fi
id_users=$((`mysql --user=$mysqlusername --pass=$mysqlpassword -e "use joomla; select ID from jos_users" | tail -n 1`+1))
id_core_acl_aro=$((`mysql --user=$mysqlusername --pass=$mysqlpassword -e "use joomla; select ID from jos_core_acl_aro" | tail -n 1`+1))
docmangrouptemp=`mysql --user=$mysqlusername --pass=$mysqlpassword -e "use joomla; select groups_members from jos_docman_groups;"`
docmangroup=`echo $docmangrouptemp | awk -F " " '{ print $2 }'`
docmangroupfinal="$docmangroup,$id_users"
echo
echo
echo Joomla + docman adduser script
echo
echo name: $name
echo username: $username
echo email: $email
echo users id will be $id_users
echo users acl aro id will be $id_core_acl_aro
echo
echo
echo adding user to joomla...
echo
echo
string1="INSERT into jos_users VALUES ('$id_users','$name','$username','$email','1','Editor','0','0','20','2010-01-01 00:00:01','0000-00-00 00:00:00','','admin_langu"
string2="INSERT into jos_core_acl_aro VALUES ('$id_core_acl_aro','users','$id_users','0','$name','0');"
string3="INSERT into jos_core_acl_groups_aro_map VALUES ('20','','$id_core_acl_aro');"
string4="REPLACE into jos_docman_groups VALUES ('4','staff','','1','$docmangroupfinal');"
mysql --user=username --pass=password -e "use joomla; $string1 $string2 $string3 $string4"
echo
echo
echo adding complete...
Triggering the script
The way you trigger the script is up to you. As I eluded to above, I am using a powershell script to do the active directory configuration, adding the users email account, setting up their home directory, adding them to the appropriate groups and allocating print credits. To trigger my script I simply added the following code to my powershell script. Obviously in my below example you need to set your password in place of "Testpassword" and replace "adduser@debianhostname" with your "username@hostname" of the server where the joomlaadd script is located.
#adding user to joomla and docman groups
invoke-expression '.\plink.exe -pw Testpassword adduser@debianhostname ~/joomlaadd \`"$DisplayName\`" \`"$samAccountName\`"'
For the above code to work correctly you need to have $DisplayName set as the users full name, e.g. James Trevaskis and the $samAccountName as the SAM account name you used to add them to AD. You will also need putty.exe and plink.exe available in the powershell script directory, both are available from here.
You will more than likely need to do a bit of moulding to make this code fit your requirements, but hopefully this is at least a start, so get scripting!