We are running Joomla! Content Management System (CMS) Version 1.5.9 on Red Hat Enterprise Linux (RHEL) V5.5. It is integrated with our Active Directory (Windows 2003 Domain Controllers) via Secure LDAP (ldaps) for user authentication. This is how it is setup.

1. We use our own Certificate Authority (CA) to issue certificates for the Domain Controllers. So, to trust the certificates that AD presents when we connect to it we need to trust the root CA. We copied the CA’s root certificate to /etc/pki/tls/certs on the Linux server hosting Joomla! and then ran the commands 
   cd /etc/pki/tls/certs
   ln -s root-ca.crt `openssl x509 -hash -noout -in root-ca.crt`.0
2. Next we had to tell Joomla! to connect to Active Directory using the Secure LDAP (ldaps) protocol. This is not documented anywhere but by looking at the Joomla! code we found out the way to do this is in the Host parameter field of the LDAP Authentication plugin. Instead of just entering a host name put in the full connection string e.g.
   ldaps://dc3.ourdomain.local . Note the name of the domain controller must be as it is specified on the Domain Controllers certificate. In the Port field, enter 636. It is best to point Joomla! to a DC that is also a Global Catalog server, particularly if you have a multi-domain forest; you may have problems with referrals otherwise.
3. These are the rest of the parameters for the LDAP Authentication plugin. All of our user accounts are in an Organizational Unit (OU) Corp.
   After making the changes, restart Apache.
   Note that Active Directory does not allow ldap anonymous connections so you must have a user setup to be able to connect to AD via LDAP. A regular Domain User acount is all that is needed in this case.
   LDAP V3 – Yes
   Negotiate TLS – No
   Allow Refferals – No
   Authorization Method – Bind and Search
   Base DN – OU=Corp,DC=ourdomain, DC=local
   Search String – sAMAccountName=[search]
   User’s DN – Blank
   Connect Username – CN=ldap_user,OU=Corp,DC=ourdomain,DC=local
   Connect Password – ********
   Map: Full Name – displayName
   Map: E-mail – mail
   Map: User ID – sAMAccountName
4. In the plugin Details section, enable the plugin, set Access level to Public and Order to 1.
   Important: Make sure the Authentication – Joomla plugin is enabled and and set to Order 2. Also, in User Manager make sure you have the local admin account defined and enabled so you can still login and make changes if ldap fails!

The way this works is when a user first logs in using their domain credentials Joomla! will create a local matching entry in the user table. You can then use User Manager to assign the user to a group if they need more priviliges and to make other changes as required. You will see that the password fields are greyed out as this is set in AD.