Simple LDAP Login 1.4.0.1 for Wordpress

Simple LDAP Login 1.4.0.1 for WordPress

05.13.09Posted by clifgriffin in Code272 CommentsTags: adLDAP, plugins, Simple LDAP Login, wordpress

This article only deals with version 1.3 and later. To view and discuss issues pertaining to version 1.2 and prior, click here.

Integrating WordPress with LDAP shouldn’t be difficult. Now it isn’t.

Simple LDAP Login provides the features you need with the simple configuration you want. It has everything you need to get started today.

Features

Supports Active Directory and OpenLDAP (and other directory systems which comply to the LDAP standard, such as OpenDS)
Supports TLS
Uses up-to-date methods for WordPress 3+ authentication routines.
Includes three login modes:
- Normal Mode: Authenticates existing wordpress usernames against LDAP. This requires you to create all WordPress accounts manually using the same usersnames as those in your LDAP directory.
- Account Creation Mode 1: Creates WordPress accounts automatically for any LDAP user.
- Account Creation Mode 2: Creates WordPress accounts automatically for LDAP users in a specific Group you specify.
Intuitive control panel.

Architecture

Simple LDAP Login adds an authentication filter to WordPress that authentication requests must pass. In doing so, it makes several decisions.

Can the provided credentials be authenticated against LDAP?
- If so, is the username a valid WP username?
  - If not, can we create a WP user?
    - If we can, does the user belong to the right (if any) group?
      - If the user does, create the WordPress user and log the user in.
- If the username is already valid wordpress user, are they in the right group?
  - Is so, log the user in.

This is simply a high level overview. The actual logic the plugin employs is more complex, but hopefully this gives you an idea, philosophically, about how the plugin accomplishes what it does.

Installation

Use the WordPress plugin directory to install the plugin or upload the directory “simple-ldap-login” to the `/wp-content/plugins/` directory
Activate the plugin through the ‘Plugins’ menu in WordPress
Immediately update the settings to those that best match your environment by going to Settings -> Simple LDAP Login
If you don’t get the settings right the first time…don’t fret! Just use your wordpress credentials…they will always work in low security mode.
Once you have the settings correct, you can change the security mode to High Security (if you so desire).
To make your life easier, consider using two different browsers (e.g., IE and Firefox) to do testing. Change settings in one. Test in the other. This will prevent any chance of being locked out.

Control panel.

Frequently Asked Questions

Other than WordPress, what does my system require?

If you are using Active Directory, you will probably need PHP 5. This is because I’m using adLDAP 3.0 to do my Active Directory integration. As far as I know, the rest of the code should work with PHP 4. It is also possible that the functionality I’m using with adLDAP 3.0 does not depend directly on PHP 5. Your mileage may vary.

Other than that, it is imperative that your installation of PHP be compiled with LDAP. Without it you may see errors referencing undefined functions like “ldap_connect”. You can view more information about PHP and LDAP here.

How do I know what the correct settings are?

I have tried to make the settings as self-explanatory as possible. If you are struggling figuring them out, you may need to speak with your LDAP administrator. I realize this is an obnoxious response, but there is no good, fail proof way to help you discover these settings. A good place to start, if you’re feeling daring, might be to use ADSIEdit for Windows and Active Directory, or GQ for Linux and OpenLDAP.

It’s still not working, what other things can I try?

If you are confident your settings are correct and it still does not work, it may be time to check for port or firewall issues. If your LDAP server is running on a non-standard port or an obsolete version of the LDAP protocol you are going to have issues. Port 389 is the port this plugin, and nearly every other LDAP enabled software expects. They are also expecting protocol version 3. If you are using an old version of LDAP or running a non-standard port you may need to modify the code that the plugin runs or update your LDAP installation.

Unfortunately I can’t be relied upon to assist with these types of requests. I chose not to support these scenarios because they are infrequent and because they confuse everyone else.

I took all of your advice, it’s still not working!

Post your question in the comments below, or e-mail me: me[at]clifgriffin.com

I’ll do my best to get you up and running!

How can I donate?

If you would like to donate to this project, please visit the donations page.

Download Now – Updated 9/09/2010

Click here to download Simple LDAP Login 1.4.0.1 from the WordPress plugin directory.

You can leave a response, or trackback from your own site.

Pingback: Simple LDAP Login 1.2 Wordpress Plugin « Clifton Griffin
Layne

Fatal error: Call to undefined function ldap_connect() in C:\wamp\www\wordpress\wp-content\plugins\simple-ldap-login\adLDAP.php on line 157

Im getting this error, Im 99% sure all my settings are correct, but when i test settings, it returns to a page with settings saved, and the above message. any ideas?

http://clifgriffin.com clifgriffin

It sounds like your installation of PHP does not have LDAP compiled. It may be a simple config file change. See this document for more information: http://us.php.net/manual/en/ldap.installation.php

Let me know if this takes care of the issue.

Josh

I had this issue too on an Ubuntu Server.
Installing php5-ldap worked for me:
sudo apt-get install php5-ldap
sudo /etc/init.d/apache2 restart

http://facebook.com/DustBunnyMafia Dust Bunny Mafia

This is great, it was just what I needed. Thanks!

http://nawelv.com nawelv

I had this issue too.. If you are using Apache, for example, you must active the ldap extension in php.ini

;extension=php_ldap.dll >> extension=php_ldap.dll

Fredrik

Hi Clifton.

Great plugin! I’ve been looking for something that integrates with AD and doesn’t break XML-RPC. Thanks!

I have a small problem. AD isn’t username case-sentitive but it seems that your plugin is. Any chance of making it case insensitive?

http://clifgriffin.com clifgriffin

Hi Fredrik,
I’m glad the plugin works well for you. The case sensitive username issue is not actually an issue with my plugin in this instance. WordPress itself seems to enforce this case sensitivity.

There are plugins that override this functionality but unfortunately they conflict with my plugin. I will consider adding that as an advanced option, but I’m leary of adding even more features to my “Simple” plugin.

Ben

Hi, and thanks for a great plugin.

I’ve added a small feature to adLDAP to support TLS so that passwords are not sent in the clear; I’ll send the patch upstream and you’re welcome to it too if you like, it’s very simple.

One thing I’ve hit a problem with. I’m using the feature to create users in a certain group. It works fine except that I’ve asked for new users to be made Authors, but they are being created as Subscribers. A log of what’s going into the userData array supplied to wp_insert_user() shows that ‘role’ is set to ‘Author’ so I’m mystified as to why it’s not working. Any ideas?

Cheers!
Ben

Small addition to the above; the new user gets created with whatever the default is in the blog’s settings. So I can work around the problem by changing the default to Author, which is fine because this is an intranet blog so everyone can be an author. Still perplexed why your option isn’t working though!

http://clifgriffin.com clifgriffin

Thanks for all of the feedback. I’m perplexed as well. I never tested that option thoroughly because it seemed so obvious and I knew the array I was sending was complete.

I wonder if there is a case sensitivity problem here or something. I guess I’ll have to look at what is actually going on in the database…what role is being recorded and what it looks like once it is changed.

TLS support is a good idea. Send me the patch and I’ll include it in future versions.

Ben

This seems to be a bug, or incorrect documentation of the API, in WordPress. wp_insert_user() ignores ‘role’ if it’s creating a new account!

I’ve raised a ticket at http://core.trac.wordpress.org/ticket/9891

My TLS patch is at https://sourceforge.net/tracker/?func=detail&aid=2794301&group_id=104193&atid=637242

http://clifgriffin.com clifgriffin

I’m releasing a small update to fix the role problem as well as disallow LDAP users from logging in if they are removed from the specified group.

I decided to not incorporate the TLS patch into this as I’m afraid it could create problems for those who do not have their LDAP installations sufficiently configured.

I did have one question though: you patched adLDAP but in your patch description you talk about modifying your openldap configs…this makes me think you are using the plugin with OpenLDAP but have the plugin set to Active Directory. Is this true?

I ask because I was under the impression that adLDAP doesn’t work with OpenLDAP at all. If it does, I’m wondering if I wasted my time creating two binding methods.

Part of the problem is that I don’t have a fully functional OpenLDAP installation to test with. I have thought about setting one up but haven’t followed through yet.

Any feedback you can give me on this would be great.
http://clifgriffin.com clifgriffin

You can download version 1.3.0.1 here. Warning: it has the original version of adLDAP.

http://downloads.wordpress.org/plugin/simple-ldap-login.zip

Ben

clifgriffin :
I’m releasing a small update to fix the role problem as well as disallow LDAP users from logging in if they are removed from the specified group.
I decided to not incorporate the TLS patch into this as I’m afraid it could create problems for those who do not have their LDAP installations sufficiently configured.

All you’d need to do is change the initialisation of $_use_tls to false instead of true and it would have no effect unless specifically enabled. TBH I should have set it that way in the patch, I just didn’t spot that I’d left it true until too late!

I did have one question though: you patched adLDAP but in your patch description you talk about modifying your openldap configs…this makes me think you are using the plugin with OpenLDAP but have the plugin set to Active Directory. Is this true?

Not quite. I’m using the plugin on Linux, which uses openldap (lowercase) as the client library, configured in /etc/openldap/ldap.conf. But I am authenticating against a Windows Active Directory server, not an OpenLDAP (mixed case) one. Make sense?

I think you are correct that adLDAP is only for talking to AD servers, not OpenLDAP ones, so you do still need your two binding methods.
Kurt Cypher

I just installed Simple LDAP Plugin, and it’s working, to a point. I have it set to automatically create a wordpress account upon successful LDAP authentication, but when I try to login as a valid LDAP user that doesn’t have a wordpress account, I get:
ERROR: Invalid username.

However, if I login using a valid LDAP user who DOES have a wordpress account, I get logged in.

Any ideas?
Thanks,
Kurt

http://clifgriffin.com clifgriffin

Are you using OpenLDAP or Active Directory?

Kurt Cypher

We’re currently using openLDAP.

http://clifgriffin.com clifgriffin

One more thought: Have you tried the dev version linked to at the end of this article? I don’t think it will fix any of your problems but the error message might be more useful. (Possibly…if you’re just getting “Invalid username” with no details, it’s hard to say)

It’s worth a shot though.

Kurt Cypher

I may give that a shot when I get back in the office on Tuesday. It’s certainly worth a shot, if it’ll potentially give a better error message.

Nick

I am using openLDAP and I got the first option to work, that is the default option where the I log into with existing usernames for both wordpress and LDAP.

However, I am trying to get the second option to work but it keeps throwing me the error message: Invalid username. Simple LDAP Login mode allows account creation but the LDAP credentials provided are incorrect.
So I am assuming it is the code somewhere between line 108 and 134 for the simple-ldap-login file.

Any suggestions? I am trying to debug it at the moment, I will let you know if I find something useful.
Nick

Actually, the default option doesn’t seem to be working too great anymore, it seems to only work for one of our accounts “pc01″ but not “pc02″, “pc03″… etc. It just so happened that pc01 worked and I thought it was working.

http://clifgriffin.com clifgriffin

I can’t imagine it working for one account and not another under the first option. I’ve had several reports that the OpenLDAP login code is working well for a few people.

Can you try downloading the dev version linked to above? It’s version 1.3.0.1 and it’s error messages are a little more instructive. I preemptively added a “location” suffix to them to help with debugging in the future.

Nick

Thanks Clifton, I am pretty sure it was a problem on our end, the openLDAP creating new users also works now that I have upgraded WordPress to the latest version.

Just wondering if you are considering the option of creating new blogs for the users that authenticate for the first time.
Nick

Also, it seems that the role option doesn’t seem to be working using 1.3.0.1 for our us, everyone created is still a subscriber.

Michiel

Hi there,

Thanks for the plugin, it seems to work as intended, except for one little thing.
I’ve got it set to create a user in WP upon successful authentication against AD, but when I try to log in with a valid AD user, I get the following:

Array ( [user_pass] => [user_login] => Michiel [user_nicename] => Michiel [user_email] => michiel@domain.com [display_name] => Michiel [first_name] => Michiel [last_name] => [role] => Contributor )
Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 649

Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 650

Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 651

Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 850

This is using version 1.3 of the plugin, with a completely fresh install WP 2.7.1.
The odd thing is, after I see the above error messages, when I try to log in with the new user by going back to the login page, it works. The user is actually successfully created it seems.

Any ideas where these errors come from and how I could fix this?

Thanks

http://clifgriffin.com clifgriffin

This a weird error message that I have seen randomly with every plugin I’ve written. One of my plugins had this problem because there was a single blank line at the end of the main plugin file. Strange…I know.

Is this happening every time? Perhaps reinstalling the plugin? (Just replacing the files will work…settings will be saved.)

You might also try the dev version linked to above, though it’s in a transition stage to implement new features. (Should work though)

Michiel

Yeah, this happens every single time I try to log in with a user who does not exist in the WP user system, but is valid in AD.
I tried reinstalling it as per your suggestion, but I keep getting the same error. I tried installing it via the new plugin auto-install system, and tried it manually; same result.
I’ll do some more testing, see if I can find out what the issue is. Thing is, tbh I know jack all about code, I just know what buttosn to press to make stuff happen every now and then

http://clifgriffin.com clifgriffin

Thanks for checking back. I’ll take a look at the code and see if I can imagine why this would happen.

What version of PHP are you using?

Michiel

PHP 5.2, with a pretty vanilla Apache.
Anything else you might want to know?

Also, thanks for taking the time to look into this. Much appreciated.

Nathan

Excellent plugin that works as advertized!

I have worked on this all day with other plugins and was never able to get them to work. Installed this and was connected to AD within 5 minutes. The only reason I didn’t go with yours to begin with is that I need to be able to have users, when created, put into a specific WP role depending on their AD group. Is this a feature that may come in the future?

Either way, the plugin is excellent!

http://clifgriffin.com clifgriffin

I’m glad it works for you! I had the same experience which is why I wrote it. It seemed like it didn’t have to be so hard.

I hadn’t considered that possibility but I’ll think about it for future releases.

Btw, the role setting doesn’t work at all in version 1.3. Download 1.3.0.1 to fix this. (Though it may have other bugs…haven’t gotten the chance to test it fully)

Justin

I’m currently getting an Incorrect Password error when trying to login with a network account. The plugin is currently set for Normal Mode.

First I entered all the settings that are required.

I then used the Test Setting box to verify that a username and password in AD can successfully authenticate. I receive the “Congratulations!” message and move forward.

Using the same name i verified with the test tool, I then created that account WordPress.

After logging out of my admin user, at the main page I am unable to login using the newly created account.

I’m not really sure where I went wrong. Any suggestions would be greatly appreciated.

Thanks!

Justin
http://clifgriffin.com clifgriffin

That’s strange. Which version are you using?

Justin

Im using the 1.3 Version in WordPress 2.7.1.

Today is my first time trying to use this Plugin, so I’m not sure if its caused by the way I have things installed.

I figured if the test tool said that it can authenticate, it should work though. I have tried several accounts in the test tool that are only in AD, and all have authenticated successfully.

I turned on the Account Creation mode too, and tested an account and got the incorrect password as well.

Justin

Well i tested a few more things tonight.

First I upgraded XAMPP and created a new dev WordPress directory. The plugin worked correctly in the dev wordpress. Funny thing though is I got the same error message as Michiel above when i created a new user.

I went back to my other install of WordPress that i was still having problems and removed the plugin, re downloaded it and installed it. I noticed it retained all of the domain information that i entered before. Where is this information being held? Is there anyway i can reset this saved information? Maybe when i entered it in the very first time, i entered something incorrectly and its retaining that incorrect information.

Justin

Justin :
Funny thing though is I got the same error message as Michiel above when i created a new user.

I forgot to mention, even after the error it successfully created the user and i was able to login with it. It just gave that nasty error at user creation.

Justin

The theme our Graphic Designer chose for the site is whats causing the issues. I applied the theme to my dev site and the login stopped working. I was still able to use the test tool to authenticate under the admin panel while the theme was active though. Bummer…

I know its something outside of the plugin causing problems, but at least it might be a reason others are having problems.

Here is the theme we are using if your curious: http://wordpress.org/extend/themes/atahualpa

http://popularfront.com Bobby

I am having this same problem with the theme I developed. I was wondering if anyone knew of what could be causing themes to break the authentication? The two just seem unrelated.

http://popularfront.com Bobby

I found the issue. The plugin uses the variable $options and it conflicts with a variable used in my custom theme options. Thanks for this awesome plugin!

Michiel

Justin :
I know its something outside of the plugin causing problems, but at least it might be a reason others are having problems.

Odd thing is, I’m still using the default theme while trying to implement some of the (to us) more important plugins like this one. I would assume that the default is what it was developed against, or tested on.

Anyways, I figured the error messages problem out. I had a look at the code for the plugin, and started looking for the line numbers referenced in the error itself. Turns out, the Simple-LDAP-Login.php file on line 99 says the following:

print_r($userData);

I found out that the main error itself (Cannot modify header information – Headers already sent by) means that the code for some reason is trying to send data while being told afterwards to redirect you to another page by using a header command. Which makes sense, the plugin tells WP to create a user and log in with it, and then sends that users on his/her way to the dashboard. Long story short, all you have to do is comment out that print_r($userData); line and that should be it. Fixed it for me in any case. Commenting that line out is done by inserting two slashes before the line of code in the Simple-LDAP-Login.php file so it looks like:

// print_r($userData);

That’s all folks.

Oh, and damn you Clif, you made me try and learn to at least understand code now

http://clifgriffin.com Clifton Griffin

Justin,
I noticed that when I was working on 1.3.0.1…not sure how that slipped by.

I’m sorry that caused you so many issues! I’m going to do some testing with 1.3.0.1 today and tomorrow and try to fix some of these issues and release the version.

Thanks for your help!

Justin

No worries, the new features of the plugin are sweet. Thanks for your help and dedication on looking into the issues. = )

http://clifgriffin.com Clifton Griffin

I still haven’t gotten a chance to do a proper review of the code for the next release. I expect to be able to do this either this weekend or sometime next week. Thanks for your patience.

http://www.vinodlive.com/ Vinod

I am getting an error like “Invalid username”. But in the test-panel it is working properly. Not on the Login screen. I am on wordpress 2.8

Gaurav Sharma

Hi Clifton,

I am using “Simple LDAP Login” for my application which is using wordpress 2.8 , after setting the credentials in the settings tab when i use your testing option at the bottom of the page then it gives me the congratulation message.

But when i try to login from the frontend after signout from the admin section with valid username/password that exists in LDAP it gives me the error message

“ERROR: Invalid username. Simple LDAP Login mode allows account creation but the LDAP credentials provided are incorrect.”

And when i do testing with same username/password it shows congratulation message.

Please suggest for the same , where i am doing wrong.

Gaurav

http://www.stradeperdute.net Domenico Calojero

Hi,
I have the same situation.
From the control panel it works, but not from the login screen.
Also with version 1.3.01.

http://ardacetin.net Arda Çetin

I have a same problem too.
Is there any solutions about that?

http://clifgriffin.com clifgriffin

I haven’t seen this issue before.

Unfortunately, I don’t have an installation to test with at the moment. (I no longer manage the installation I originally developed this for.)

I will say that I know a lot of users who are not having this issue.

Are you guys using the OpenLDAP option or AD?

Pingback: Create blog for mxc-ldap plugin
Tobias

Hello there… Just to let you know: I’d really like the TLS feature to be implemented. We have our open ldap servers set up to only accept encrypted connections.

Anyway, thanks for your hard work.
Matt Combs

I’ve upgraded to version 1.3.0.1 and still can’t get the roles to work correctly. I have it set to create them as Editors but its not settings roles at all. I’m using option 3 to just allow a certain group to log in. Could this be causing something?

Matt Combs

solved my own problem by changing

‘role’ => get_option(‘simpleldap_account_type’)

to

‘role’ => strtolower(get_option(‘simpleldap_account_type’))
http://cxzcxz.com nocash

It does appear that the role name needs to be lowercase in order for accounts to be created correctly. When the wp_options simpleldap_account_type value was set to ‘Author’ my users were being created with no role. When I changed it to ‘author’ it appears to work fine.

Peter

This plugin works for me with OpenLDAP& wordpress 2.8.1. I also would like to use the group feature but it currently works for AD but not OpenLDAP. Hope it can be used via OpenLDAP as well soon.
Nasir

I am trying to use this plugin for wordpress. I am confident about the configuration settings, but for some reason it is not passing. Can I get some help here ?
Test Results:
Failure. Your settings do not seem to work yet.
Nasir

Forgot to mention: I am using wordpress 2.8.1
Nasir

Nasir :
I am trying to use this plugin for wordpress. I am confident about the configuration settings, but for some reason it is not passing. Can I get some help here ?
Test Results:
Failure. Your settings do not seem to work yet.
and on login screen:
ERROR: Invalid username. Simple LDAP Login mode allows account creation but the LDAP credentials provided are incorrect.
Tyrel Newton

I have the beta dev version installed on a wordpress 2.8.2 installation and am attempting to auth user’s against apple’s version of the openldap directory. In my server logs, I was seeing invalid passwords entries even though I knew I was typing the password correctly. It turns out that in the password I was using to test with, there was an apostrophe (‘). So at some point in the login process, the password was being corrupted because it was not sanitized for special PHP characters. I don’t know what the solution to this problem is, but I wanted to throw it out there because maybe there is an easy fix.

Tyrel Newton

Oh, and once I replaced the apostrophe with an underscore, the authentication worked just fine.
Ian Altgilbers

We’ve run into the same issue here… We have had a couple of complaints now with people using apostrophe in their password. This could potentially open the door to some sort of injection attack, if the password is not being properly escaped.

http://twitter.com/clifgriffin Clifton Griffin

I don’t think an injection vulnerability is likely unless one exists in adLDAP itself.

I’m not really sure what the root cause is here. I’ll see if I can report an issue with adLDAP.

Louie

I implemented the ldap 1.3.0.2 on our system and chose to “Create WordPress account for anyone who successfully authenticates against LDAP.”. Evrytime someone login it creates a username on wordpress. So now I have lots of user with the same username. It is so wierd.

I am also getting this error on the Admin screen

“Oddly, your version of PHP doesn’t allow file_get_contents to use URLs. But even more oddly, your browser doesn’t allow frames! I think it’s time for you to consider leaving 1998 in the past.

“; ?> ”

I am running windows 2003 with PHP 5.2.6

http://clifgriffin.com clifgriffin

Fixed in 1.3.0.2.1. This is seemingly the day of updates!

Louie

nevermind I fixed…. It was the case sensisitivity. I converted them to lower….
http://www.kentschools.net/ Chris Carman

Hello! We’re using your plugin for our school district’s upcoming transition to a WordPress-Mu based web site, and it’s working very well so far. LDAP authenticates successfully against our AD server, and everything is going well there.

The only odd thing is that it only works properly when users log in to the main district blog (i.e., our home page, /) and not when they try to log into their own blog or school blog (e.g. /ccarman or /rhs). When I go to those blogs’ dashboards, I see the default bogus settings for the plugin, which points to mydomain.com etc., so obviously that’s not going to work. Do you know of any way to either:
A: grab the LDAP settings from the main blog for all other blogs (ideal), or
B: redirect any requests from /blog/wp-login.php to /wp-login.php, so they don’t get confused.

I think we can accomplish “B” with themes, but I’d like to do a redirect if possible. Thanks!

http://clifgriffin.com Clifton Griffin

I believe this is because of how WordPress-MU operates. I will investigate the feasibility of having global settings for all blogs and get back with you.

http://journals.utoledo.edu Brian

Any news on using global settings for MU. This would come in handy for me right now….

http://clifgriffin.com clifgriffin

Try putting the plugin in the mu-plugins folder. I think this will enable it globally for all blogs.

http://cxzcxz.com nocash

I was encountering an issue where authentication would fail if the password contained a backslash (or other character that is escaped by whatever is doing the escaping). I had to add the following line to the authenticate method defined at line 197:
$password = stripslashes($password);

http://cxzcxz.com nocash

I imagine this is the same issue described in comment #52 above.

Steve Palm

QUOTE:
If you are using Active Directory, you will probably need PHP 5. This is because I’m using adLDAP 3.0 to do my Active Directory integration. As far as I know, the rest of the code should work with PHP 4. It is also possible that the functionality I’m using with adLDAP 3.0 does not depend directly on PHP 5. Your mileage may vary.

QUESTION:
I get an error activating the plugin, I only have PHP4. Do I have to do something to turn off the adLDAP stuff? I’m not using it, but apparently it’s trying to load it.

http://clifgriffin.com clifgriffin

There may be other portions that only work in PHP5. What is the error message you get when activating?

Is there a reason you haven’t gone to 5? Most hosts make it extremely simple to switch between versions.

Steve Palm

It’s an old host that we don’t want to break anything on. Not sure what else on there may be affected. Anyway, it is dying on trying to load the adLDAP module. I just was curious if there was a way to turn it off so that it didn’t even try. I’ll poke at it here. The funny thing is that I saw the upgrade come along, and I thought we were using the previous version just fine, but the plugin wouldn’t re-activate. So it seems like something in the most recent update. I’ll post back when i find more.

http://clifgriffin.com clifgriffin

What version were you on before?

You can always try replacing the adLDAP.php file with an older, PHP4 compatible version from the adLDAP site if you believe that’s the issue.

Steve Palm

Thanks, rolling adLDAP back to v2.1 which supports PHP4 works fine. Since that is only required for those using Active Directory, I wonder if you could change your plugin code to only require it if it was being used. Probably not worth the effort, though. Eventually all these old boxes running PHP4 will die.

Brian

Version 1.3.0.2.1 works perfectly with my Active Directory, but version 1.3.0.3 fails with the following error (when testing settings):

“Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.”

Any ideas on why the latest version has broken AD authentication?

Brian

Please ignore. I don’t know what happened but after going back and forth between the two versions, it now works?? I will make another note if this occurs again or open a ticket.

Brian

I see now. If the user does not exist in the wordpress database, the authentication TEST fails. This was not the case in 1.3.0.2.1.

http://blog.whiking.se jonas

Did you ever get this plugin to work, with the 1.3.0.3 version, or does the authentication still fail ?

Chris

Hi, firstly, great plugin, thanks.

I’m wanting to use the
‘Create WordPress account for users in specified AD group:’

Is it possible to check more than one AD user group?

http://clifgriffin.com Clifton Griffin

Thanks, Chris I’m glad you like it. There is currently no way to do this. . I plan to support this type of functionality in the future but have yet to implement it.

I want to be able to let users link groups to account types and so on, but it will take a bit of work to get there. What I did in my organization was create a group to add all the other groups to. This should get around the problem.

Per-Arne Jørgensen

Hi, tanks for a great plugin! But I have a problem with openldap where I use memberUid instead of memberof. Got this message:
Warning: Invalid argument supplied for foreach() in simple-ldap-login/Simple-LDAP-Login.php on line 205.

Do you have any tips?
Josh

There appears to be two problems that I can immediately find which prevents my use of this plugin, unfortunately.

One, the LOGIN varaible appears to be preset to “uid” and I don’t see anywhere to change that other than editing the code. However, we don’t use “uid,” we use something else.

Second, it doesn’t look like you are connecting to the server via TLS. This is required by our LDAP server.

However, I’m still not totally sure if these are the only things that need fixing for it to work for us, because even after I changed uid to what we needed and threw in ldap_start_tls($ldap); into simple-LDAP-login.php, it still doesn’t work, so….

http://clifgriffin.com Clifton Griffin

Hi Josh,
You are not the first to suggest TLS. I briefly investigated adding it in the past, but without a way to test it and only one user requesting it, I abandoned it.

For the second, I will have to investigate that as well. I have no encountered a situation like yours.

I can’t make any promises on when these things will be addressed. At the moment I have no installation (test or otherwise) to test against.

Stace

Your plug in is exactly as advertised: simple and gets the job done. Thanks!

Lately, I’ve been running it in a WordPress MU installation and that seems to work without issue as well. Only problem is at my end: I have to configure settings for each new blog a user creates. What I’d like to do is configure the settings within the plugin file itself, without any calls or writing to the database. Can you help point me in the right direction?

Thanks,
Stace

http://clifgriffin.com Clifton Griffin

Hi Stace,
If you look in the code for function simpleldap_activation_hook() you’ll see that all of the default settings are declared there.

If you change these to what you like (should be *fairly* straightforward), any new blogs that activate the plugin should pickup the new settings.

Because I use add_option, blogs that have already had the plugin activated before will not benefit from this change.

And, remember, if you do an upgrade in the future, those defaults will be reverted to my defaults (though your settings for existing blogs will be fine).

I hope this makes sense.

Clif

Stace

Hi Clif,
Thanks for the reply! Swapping out the defaults as you mentioned does, indeed, work. But this is all for a K-8 elementary school where everything needs to be locked down. In other words, they will still be able to access the admin panel and mess with settings.

I think what I’d like to have is no admin panel and nothing writing to the db. I know this is totally NOT what your great piece of code is all about but any chance you could help me get there?

Thanks,
Stace

http://clifgriffin.com Clifton Griffin

I’m not sure I understand. The users who need to login shouldn’t have access to the admin panel in any capacity? That seems to defeat the purpose.

If you don’t want them changing settings you could always set the default role to Subscriber or something incapable of making changes. (But, depending your setup, it is questionable they would even need to login at all if there role would be subscriber)

Maybe some more information would be helpful.

Stace

Sorry to be confusing. The application is this: setting up WPMU for a specific class project in which each student will create their own website. When a student creates their blog(site), they are, of course, admin. Which is fine, up to a point.

We want them to have control over most aspects of their site but there are several backend areas I’d like them to stay out of and authentication is one of them. Because we’re a school, we require users to authenticate against our LDAP to get access – using your simple plugin. If the kids can modify it, they will, just to see what happens. So I would like to take out the settings page for the plugin and just configure within the plugin file.

Does that make sense? I want admins to have some access but not to this.

Thanks,
Stace

http://clifgriffin.com Clifton Griffin

I understand now.

Unless you make them full admins, they won’t see the settings page. Make them Contributor or a more minor role like that.

The plugin is designed to only let administrators use the admin page.

Stace

OK – thanks!
Dessie Lunsford

Can this plugin be configured for SSO with active directory?
We’re using an instance of WordPress MU and havent had any luck with any of the other LDAP plugins with passing in the currently logged in users credentials. Can this one auto log-in users?

Thanks,

Dez
Caleb Jeffery

I love your plugin! it is simple and straight to the point.

I do have an issue though and not sure how to resolve it.

I have setup an internal blog site on our intranet. The thing is is that our intranet is on a wan where we have people on different domains that want to login.

Your plugin states that it can have mulitple domains but I can’t seem to get this working.
each of our domains requires a different Base DN
and after some testing i have discovered the suffix also plays a part.

Could this be a new feature request or am I missing something?

Thanks,
Caleb
Pingback: Top 1000 WordPress Plugin Authors « Metode de promovare
Phillip

This plugin is really great, but I’m having one problem implementing it.

When I navigate to the login page of my blog, an error message appears just above the normal WordPress login box saying, “Error: The username field is empty.” If I then enter my domain credentials in the login box, it will accept them and log me in.

I’ve traced the error to line 72 of the Simple-LDAP-Login.php file. I can even hard-code a $username and $password value from AD into the file, and it will log me in.

Any ideas of how I can resolve this?

Thanks!

http://clifgriffin.com Clifton Griffin

Hi Phillip,
This is a known issue. (http://traq.clifgriffin.com/simpleldap/ticket/7/) As it does not impede the functionality of the plugin in anyway, I have not spent a lot of time researching/fixing this.

It will be fixed in the next version though!

Clif

George

Nice plugin! I’ve gotten it to work with AD (Win2003 R2 SP2) and Linux (Debian) apache2 and php5-ldap, etc. However, I’ve noticed accounts authenticate ONLY IF the Display Name = User Logon Name in the AD. Typically the Display Name is the user’s full name and not the Logon Name. Changing an AD db of users with accounts like this would be a major workaround.

I noticed this is the case for both login modes “Authenticate WordPress users against LDAP” and “Create WordPress account for anyone who successfully authenticates against LDAP”.

Any suggestions? Thanks.
http://oit.hostos.cuny.edu/socialnetwork Carlos

I am using Version 1.3.0.3, and have a problem when new blogs get created, the LDAP configuration is empty, and it has to be manually configured. The problem arises when the user needs to login from the blog’s own login page, it does not recognize the LDAP credentials, and gives me an “Incorrect password error”.

The plugin is activated site-wide, and still does not work
Dietmar

Maybe useful for others (1.3.0.3): If you use OpenLDAP and created your entries with DN “cn=…,ou=…,o=…” be sure to change following line in Simple-LDAP-Login.php:

define (‘LOGIN’, ‘uid’);

to

define (‘LOGIN’, ‘cn’);

Maybe this should be a configuration option?
http://www.glump.net Brendan Kidwell

I was able to patch this plugin to make it work with my company’s Domino server. Basically, use the OpenLDAP mode and make the following code changes:

In Simple-LDAP-Login.php, find every
$ldapbind = @ldap_bind($ldap, LOGIN .’=’ . $username . ‘,’ . BASE_DN, $password);
and change it to
$ldapbind = @ldap_bind($ldap, $username, $password);

And in Simple-LDAP-Login.php find every
$result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’ [...]
and change it to
$result = ldap_search($ldap, $ldapconfig['basedn'], ‘uid=’ . $username);

YMMV.

If enough people badger me, maybe I’ll fork the plugin, strip out the Active Directory stuff and just call it “Domino LDAP login” or something like that, and publish the fork.
Colleen

Is is possible to change the LDAP password from within WordPress? If I use the profile page it seems to only change the local user password.
Barry

Should this work if I install php and then install php-ldap.i686 instead of compiling php with ldap support? According to the package descriptions, the php-ldap packages are supposed to add ldap support to php. I ask because I am unfamiliar with compiling.

http://clifgriffin.com Clifton Griffin

Yes.

Installing php-ldap would be preferable.

Kevin

I have configured the plug-in (v1.3.0.3) to work with our Active Directory, however some accounts are able to login and others are not. In testing the accounts that do not work using the Test Settings, I get the message “Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership”. Is there anyway to debug why one account would work and another won’t? I’m assuming it’s a permissions setting within AD, but not sure what it would be. My Sys Admin says there should be no difference between accounts, is there a way to debug the call to get additional details on what the issue is?

Kevin

Oh, I forgot to mention. I am not limiting access to any specifc AD group. If you can authenticate to AD, it should create the account in WordPress and allow the person in.
http://clifgriffin.com Clifton Griffin

Are all of the users in basically the same Forest/Tree/OU structure?

Or do you have users that are located at the same level in the directory that one works and the other doesn’t?

Barry

This wouldn’t work for our Active Directory because it does not use a Bind User for authenticating to AD. If this does not work for you you should try the Active Directory plugin, I did get it to work.

http://clifgriffin.com Clifton Griffin

A bind user wouldn’t matter for simple authentication. If you’re using group membership, it will try to bind with the user that’s logging in (I think).

Is your directory configured to prevent this? (I can’t imagine why this would be true…just asking)

Barry

I think it is default behavior in a Windows domain. I first thought it would bind using the user login also, but that wasn’t the case. At least I couldn’t get it to work. I got a clue when a vendor setting up a different Linux application needed a bind login for there app to do the same. Thx.

http://clifgriffin.com Clifton Griffin

It seems to me that even if an installation is configured so it doesn’t need to bind to read group information, you would still be able to bind to read group information.

Carlos

I am using Version 1.3.0.3, and have a problem when new blogs get created, the LDAP configuration is empty, and it has to be manually configured. The problem arises when the user needs to login from the blog’s own login page, it does not recognize the LDAP credentials, and gives me an “Incorrect password error”.

The plugin is activated site-wide, and still does not work

http://clifgriffin.com Clifton Griffin

You placed it in the mu-plugins folder?

unicast

Hi! I’m tryin to authenticate via LDAP and got some troubles with my LDAP-tree with many ou-containers.
In example, i have containers ou=dev,ou=users,dc=examble and dc=com, ou=test,ou=users,dc=examble,dc=com
BASE_DN ou=users,dc=examble,dc=com
And authentication fails…
Here is small patch:

case “directory_ol”:
//OpenLDAP create all
$ldap = ldap_connect(LDAP_HOST, LDAP_PORT)
or die(“Can’t connect to LDAP server.”);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION);
$ureturn=@ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ‘sn’, ‘givenname’, ‘mail’));
$uent=@ldap_first_entry($ldap, $ureturn);
$bn=@ldap_get_dn($ldap, $uent);
$ldapbind = @ldap_bind($ldap, $bn, $password);
if ($ldapbind == true)

case “directory_ol”:
//OpenLDAP create based on group
$ldap = ldap_connect(LDAP_HOST, LDAP_PORT)
or die(“Can’t connect to LDAP server.”);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION);
$ureturn=@ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ‘sn’, ‘givenname’, ‘mail’));
$uent=@ldap_first_entry($ldap, $ureturn);
$bn=@ldap_get_dn($ldap, $uent);
$ldapbind = @ldap_bind($ldap, $bn, $password);
//$ldapbind = @ldap_bind($ldap, LOGIN .’=’ . $username . ‘,’ . BASE_DN, $password);
if ($ldapbind == true)
http://www.leandrotec.com Leandro Tec Can

Hi, i have a big problem, when i Active the plugin i can’t see my CSS and Images.

so my login has a nasty look.

any ideas?
Tony Power

Hi Clifton, Using the plugin with OpenLDAP, its working fine, WordPress is authenticating against our directory. I have a question about adding some extra functionality to the plugin though, maybe you’ve taken a look at this already. We’re setting up single sign on for a number of things, but initial registration of a user will happen in WordPress. I’d like for WordPress to add an entry to the LDAP directory when a new user is created rather than the other way around. Any ideas? Cheers

http://clifgriffin.com Clifton Griffin

Hi Tony,
Unfortunately, creating LDAP object is a different ballgame and not something I intend to include.

If you are familiar with PHP, I encourage you to take a swing at it yourself. The WordPress plugin model is very simple and I think you could make a lot of progress quickly.

If you have any questions, I’ll do my best to answer them.

Clif

Tony Power

Cheers Clif, I’ll give that a go, took a brief look and it should be do-able

Daniel

Great plugin! I get an error each time I (or user) tries to get into the dashboard even though they are logged in. “ERROR: The username field is empty.” Any help would be much appreciated. Cheers, Dan

Daniel

Still get this error and I have raised a ticket but get an error when I try to view that too! Any help on this would be great as its causing some fuss with our users. Cheers, Dan

http://www.lawweekonline.com James

I am getting this same error. I can not even get to my dashboard. Can anyone help?

http://clifgriffin.com Clifton Griffin

James, Daniel…sorry I missed these comments.

I’ll send you guys an e-mail shortly requesting more information.

http://DashboardUnavailable Gena

Hi Clifton,
I’ve been using your plug-in and it has been working great except for the last 3 months.

It seems I’m having the same issue as James and Daniel so I’m interested in reading what you shared with them to resolve their issues.
http://clifgriffin.com clifgriffin

Sent you an e-mail. (For others, I don’t remember specifically what was done for this problem.)

http://contented.qolc.net Ben Wheeler

Hi Clif,
Looks like you’ve been getting a few spams lately. If you’re not already using it I recommend WP-HashCash – this is completely invisible to anyone using a normal browser to add a comment as long as they have javascript enabled, but prevents bots (which generally don’t have js) from adding comments. You can configure it to just put failures in the Moderation queue in case of false positives – I don’t know what the false pos rate is because I don’t get many genuine comments on my sites *sniff* but it has successfully stopped every single spam attempt.
Rods

Hi clif,

The users created by ldap plugin doesn´t sync with buddypress. How can I do this?
At this moment all my users doesn´t have an entry in the wp_bp_xprofile_data table.

Ian Altgilbers

I believe the problem is with user_nicename. The buddypress and this plugin have differing views on what that field should be.

I change this plugin to set the user_nicename to be the same as username and buddypress sprang back to life.

Rods

Hi Clifton, I´m using Simple LDAP with BuddyPress. The authentication goes fine, but the new user created by the plugin doesn´t get an entry in the xprofile’s tables. How can I managed that, since without this, the activity replies doesn´t show properly?

Thank´s in advance.
Benjamin

I’ve made additions to plugin which allow for connecting through an LDAP proxy with an intermediate user name (required in some environments). Is there a way to get this code to you for possible inclusion in the next version of Simple LDAP?

http://clifgriffin.com Clifton Griffin

Hi Benjamin,
Thanks for your contribution.

At this point I’m not spending any development time on this plugin. I have too many other profitable projects I’m managing.

I do plan to eventually make changes to this plugin, but I think that will mostly be a setup where users can contribute their own various versions of the plugin for others to use.

Feel free to e-mail me a copy of your changes and I’ll attempt to include them when I make these changes. (Hopefully in the next month or two)

Clif

Benjamin

Will do. Can you pull the email address from my post and send me your address?

James

Hi Clifton,
Does the plugin work on WP 3.0? For the account suffix, if i dunt have suffix, would the plugin still work? Thank you!

james

http://clifgriffin.com clifgriffin

I’m not sure on either of those. I haven’t had a chance to test it.

Pingback: » Wordpress LDAP Login Kodo-Dev
http://pdpu.ac.in Devang Patel

Hi

I have just installed word press 3 on Windows server 2008 32 bit Machine with My Sql ,IIS and PHP 5 with ldap and mysql.

I have done the procedure described by you for installing simple ldap login by placing it in wp-content and under settings i also done.

i have several queries,
does this work for windows server 2008 32 bit Active Directory
i need to enter domain details in adldap.php and simple-ldap-login.php.
once i successful the ldap users can post comment only if they login using their username and password.
I’m very helpful if u reply on my email id
Bertrand

Is there a possibility to bind non anonymously to the ldap server in simpleldap?

It is common with Active Directory to deny anonymous bind if security is an issue.

Thanks. B.
Chuck Thompson

Do you have time to look this over and tell me if you think Simple LDAP Login for WordPress will accomplish my goals? I am a complete amateur and not at all skilled in this sort of thing, but if I use your product I will donate. After reviewing what follows please tell me whether you think Simple LDAP will do the trick and also give me an opinion on whether you think a complete amateur will be able to administer it.

What I’m trying to accomplish is this:
There are a number of sites to consider – all on the same server.

The MAIN SITE and all the WordPress SUB-SITES will be WordPress 3.0.
All registered users will be members of the MAIN SITE.
Some users will be members of one or more of the WordPress SUB-SITES.
All registered users of the MAIN SITE will have access to a forum hosted on the PhpBB3 site. PhpBB3 uses MySQL.
All registered users of the MAIN SITE will have access to the eFront Learning site. eFront uses MySQL. http://www.efrontlearning.net/
Membership only on the MAIN SITE will give users access to the MAIN SITE, the eFront site and the PhpBB3 site only.
Membership in any of the SUB-SITES will give users access to that particular SUB-SITE and the MAIN SITE, the eFront Site and the PhpBB3 site.

I hope I’ve given you everything necessary to advise me, but if you have any questions please do not hesitate to ask and I will get back to you as soon as I can.

http://clifgriffin.com Clifton Griffin

Hi Chuck,
Sorry for my belated response.

This plugin can only help you with logging users in. I’m not sure what the plugin schema is for subsites in WP3.0, but I think you can enable the plugin with a different set of settings. So, for instance, you could have it enabled for the main site with a different role and group requirement than for subsites.

As for providing access to all of the other things, the plugin can’t help there out of the box.

I’m available for hire if you need a developer to provide some of these changes, so feel free to e-mail me.

And, let me know if you have any questions.
Clif

http://goodwin.drexel.edu/ Amir

Hi Clif,
Why is it that the settings don’t ask for the ldap server? Is it assuming localhost? Is it guessing it based on the Base DN and/or Domain Controller?

Thanks,
Amir

http://goodwin.drexel.edu/ Amir

Nevermind – Controller=Server – I misunderstoond the Domain Contoller settings that someone had put in place earlier. Still, I can’t log in because my manager username is a different DN than the Base DN…

http://www.johnciacia.com John

Is it possible to authenticate and create WordPress accounts for users in several groups? For example, I have three groups: Students, Faculty, and Staff. I would like to give Faculty and Staff the ability to login, but not Students. I tried separating groups with commas, but it doesn’t seem to be working.
*starts looking through the code*

http://clifgriffin.com Clifton Griffin

Not as configured, but I think you should be able to figure out how to make that happen. Especially in version 1.4…should be easy to loop through.

But, that being said, you still would need to come up with a way to make the permissions different which would be a whole different animal.

http://www.johnciacia.com John

Ok, I will probably be adding this feature. I’ll post it here when I’m done.

Ashish Upadhyay

I have downloaded the Simple LDAP login 1.3 plug-in and uploaded into wordpress plug-in directory, then activate this plug in.

I have specified the host name of the LDAP server (i.e. IP addrees of the server)

After doing this when I test the settings, it will show me the following error.

Fatal error: Call to undefined function ldap_connect() in C:\xampp\htdocs\wordpress\wp-content\plugins\simple-ldap-login\adLDAP.php on line 157

Is any body can suggest? I have Domino directory and I want to authenticate user form the Domino directory using LDAP.

Are the settings specified above mandatory? because
I have tried it with and with out specifying setting, in both the cases I got the same error.

Please help.

Thank you
Ashish

http://www.johnciacia.com John

You need to have php_ldap installed. It is not installed by default. See here: http://www.php.net/manual/en/ldap.installation.php

Pingback: LDAP authentication for multi-site WordPress 3.0
Oliver Seeliger

Hi Clif,

I’ve finally made it to set up all the options correctly. I’m using the Advanced Option ” Create WordPress account for anyone who successfully authenticates against LDAP. ” and when I try to log in an error comes up saying ” Catchable fatal error: Object of class WP_Error could not be converted to string in /var/www/sevencs-intranet-wordpress/wp-includes/formatting.php on line 2772 ”

When I set up the user name manually before I log in everything works as it should.

Any idea?

Thank you.

I’ am using WP3

http://clifgriffin.com Clifton Griffin

I’ll investigate and get back with you. Thanks.

Oliver Seeliger

Hi again,

I investigated a bit by myself and found out that the error occurred because *sigh* I had the email address already registered. But, anyway, in this the return value of sll_authenticate() is of type object WP_Error and this raises the fatal error.

The function wp_insert_user() returns an array containing a useful error message and I think you should pass this message to the frontend.

So, I got it working for me now and I must say it’s an awesome plugin. Great work.
http://www.timothyjcoulter.com Tim Coulter

Hi Clif,

First, great plugin. Exactly what I need, and it’s going to be a lifesaver.

I wanted to say that I’m running into the same problem as Oliver, though I’m not sure why. I’m a newbie to LDAP, and I don’t even have the email schema installed — but it still appears to pop up. I’m going to investigate as well, but displaying the error messages as Oliver says below would be great. Thanks a ton for everything so far!

http://clifgriffin.com Clifton Griffin

Tim,
I’m still working on a solution to this problem.

It’s due to a change in the way WordPress’s user creation functions work in WP3.0. I have successfully increased the level of error reporting, but without a firm solution to this problem I am reluctant to release a new version.

Thanks for your patience,
Clif

Gilad Aharoni

Thanks, Oliver, for pointing me in the right direction!

Since, when creating users in my LDAP server, I do not assign any emails to them, I was getting this exact same error after creating the first user, as all the following users were trying to be created with the same email (blank). The solution was to create a string-randomizing function in Simple-LDAP-Login.php, and use it to replace both instances of:
'user_email' => $userinfo[0][mail][0],
with:
'user_email' => genRandomEmail(),

The wordpress admin can then change the email address if they want to.

The randomizing string function:

function genRandomEmail() { $length = 10; $characters = ’0123456789abcdefghijklmnopqrstuvwxyz’; $string = ''; for ($p = 0; $p < $length; $p++) { $string .= $characters[mt_rand(0, strlen($characters))]; } $string = $string."@ChangeMe.com"; return $string; }
Got this function from:
http://www.lost-in-code.com/programming/php-code/php-random-string-with-numbers-and-letters/

All seems to work great now. Would still be helpful if the plugin could display the WP_Error, though.

Jordan

Hi there! I’m running into an error right on activation:

“Plugin could not be activated because it triggered a fatal error.

Fatal error: Uncaught exception ‘adLDAPException’ with message ‘No LDAP support for PHP. See: http://www.php.net/ldap‘ in /home/MYDIR/public_html/wp-content/plugins/simple-ldap-login/adLDAP.php:338 Stack trace: #0 /home/MYDIR/public_html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php(60): adLDAP->__construct(Array) #1 /home/MYDIR/public_html/wp-admin/plugins.php(158): include(‘/home/MYDIR/pub…’) #2 /home/MYDIR/public_html/wp-admin/plugins.php(160): plugin_sandbox_scrape(‘simple-ldap-log…’) #3 {main} thrown in /home/MYDIR/public_html/wp-content/plugins/simple-ldap-login/adLDAP.php on line 338″

Any thoughts?

http://www.johnciacia.com John

That means your PHP install does not support LDAP.
Oliver Seeliger

You have to install and activate the PHP ldap module what is only possible if you have root access to the server.

http://www.perinatalconference.com Dwight

Warning: ldap_search() [function.ldap-search]: Search: No such object in C:\inetpub\wwwroot\wordpress\wp-content\plugins\simple-ldap-login\adLDAP.php on line 970

Warning: ldap_get_entries() expects parameter 2 to be resource, boolean given in C:\inetpub\wwwroot\wordpress\wp-content\plugins\simple-ldap-login\adLDAP.php on line 971

Catchable fatal error: Object of class WP_Error could not be converted to string in C:\inetpub\wwwroot\wordpress\wp-includes\formatting.php on line 2772

http://www.perinatalconference.com Dwight

This seems to indicate the presence of enabled LDAP module — but I still get above errors

LDAP Support enabled
RCS Version $Id: ldap.c 293036 2010-01-03 09:23:27Z sebastian $
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version 20319

Olivier Roger

Hello,

I installed and used your plugin with ease.
I only encountered a single problem which seems strange to me since the documentation says explicitly the opposite.

When I enable the plugin, I cannot log with the local ‘admin’ user anymore. I got the message saying the LDAP plugin is enabled.

Any reason for this ? Anybody experienced the same behavior ?

Thanks in advance !

http://clifgriffin.com Clifton Griffin

Olivier,
That is my fault completely. I removed this function because I felt that most people weren’t naming their admin accounts admin and that it probably wasn’t helping anyone.

Do you need this feature?

Clif

Olivier Roger

Clif,
I see your point.
Still, I think it is a nice feature since not everybody can/want to have a admin user in LDAP for that.

What would be great would be to have an option to enable this behavior and, eventually, being able to select the user(s) it applies to in the settings. In my case I only need it for ‘admin’.

Olivier

Gustavo Campos

Hey Clifton!

Nice work with the plugin, sounds awesome, but I can’t make it work.

It’s all installed and configured fine, but the users never logon. I enabled Kerberos logging on my Windows 2008 R2 server, and for every request I receive a KDC_ERR_ETYPE_NOTSUPP.

Microsoft documentation says that it means the client doesn’t have the appropriate Crypthography type and/or key. I already authenticate some sites within this same server, using apache’s mod_auth_kerb.

I don’t know what else should I check, any help would be much appreciated!

And keep up the really good work!
http://www.sportbrain.it Francesco Martino

Hello there!
Everything beautiful, just a question. Every time I set up a new blog, I have to re-configure the plugin in that blog backend.

Is there any way to propagate the main blog settings, to all newly created ones?

Regards,

Francesco
http://www.sportbrain.it Francesco Martino

Hello, I got the answer to my question (see above). It’s a plugin called YD-Network-Wide-Options.

Now I’m trying to let the users login with their email address (not only username). Any idea about how to do it!?!
Scott

I know i have LDAP configured correctly.
I feel confident I have PHP setup right for LDAP.
I turned on debug, and got this during my test auth against AD (along with my failure):

Notice: Undefined property: WP_Error::$ID in C:\wamp\www\wp-content\plugins\simple-ldap-login\Simple-LDAP-Login-Admin.php on line 119
Eric

Pretty new to WP. I have a multi-site setup with WP 3.0.1. I do not get the “settings” option on my plugin page. I do get an edit option but some pages (e.g. Simple-LDAP-Login-Admin.php) are “inactive”. Any idea what I’m doing wrong?
Ryan

Is Open LDAP the same as Open Directory? I teach at a high school and have two Xserves that have learned to setup them up over the last couple of years. One is open directory master so the students can authenticate to the network. The other is the Web server for the class page and school newspaper. The sites are running on WP3.0. I want to give the students WP blogs and just base it off their lab logins through open directory. However, it isn’t working, so I wasn’t sure if openLDAP is different from Open Directory. I don’t want to hand create 200 accounts every year.
Will

Hello. Great plugin! But fyi, the space you add to user_nicename breaks the author page links. So I flipped

‘user_nicename’ => $userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0]

to

‘user_nicename’ => $userinfo[0][givenname][0] . $userinfo[0][sn][0]

and then the links worked fine.

thanks again.

http://clifgriffin.com Clifton Griffin

Thanks, Will!

I’ll make sure this is fixed in the next update.

http://Internalcompanysitebehindfirewall. Bejal Patel

How do i set up the TLS. My Site works fine but we are in the mist of eliminating onon-secure LDAP authentication. I have to use TLS. I checked the TLS option but our told me the following one to indicate the attempt to start TLS, one to indicate whether the attempt was successful, and one to indicate which cipher was negotiated.

Please advice.
lexter-groove

Hello the It service at the company i work for requires the following info to access the LDAP directory (OpenLDAP) but the settings page of the plugin doesn’t have the sane label for every field and some fields are missing like a password…

Can you help me with the making a link between the seetings if the plugin and the one required by openladap of my company…

Ldap: ldapauth.company.com

Base DN : ou=PersonCompany,o=sqli,c=com

User DN : uid=authappli,o=companyi,c=com

Port : 389

password : ******

Ian Altgilbers

We have a similar restriction for users who have “private” LDAP entries… Those entries are only discoverable if the plugin makes an authenticated bind before doing its user search. I hacked the code and hardcoded the password to make it work for us.
Unfortunately, it seems to have broken as a multi-site plugin… Older versions used to work with WPMU, but the current version only seems to work on the “root blog” in a Network Install.

Ian

http://Internalcompanysitebehindfirewall. Bejal Patel

How do I set up the TLS setting? My Site works fine currently however my company is in the mist of eliminating unsecure LDAP authentication. I have to use TLS. I checked the TLS option but it does not work as our Admin told me the following: It didn’t work. If it it was secure, you should see the following lines in the transaction, one to indicate the attempt to start TLS, one to indicate whether the attempt was successful, and one to indicate which cipher was negotiated. Is there any other setting that I need to do. Open LDAP has been configured on the server correctly with the security certificate.

Please Help and advice.
Kindest Regards
Bejal

http://clifgriffin.com Clifton Griffin

Are you receiving any error messages?

TLS is a beta feature…I have no way of testing it myself.

http://Internalcompanysitebehindfirewall. Bejal Patel

No I am not getting an error and funny enough the authentication works however according to our LDAP administrators, the connection is not secured even though TLS is checked in the plug-in setup. He stated that is the TLS was successful he would be able to see if it started, if it was successful and if the cipher was negotiated. So my question to you is apart from checking the TLS checkmark do we have to configure something else on the server etc. We have Open ldap configured 100% with the security certificate.

Please advice.

Bob

Hi,

I am trying to use the TLS feature of the simple LDAP plugin and getting the following error.

Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Connect error in /opt/fedex/webapps/data/dev/wp-content/plugins/simple-ldap-login/adLDAP.php on line 372

Please help.
Thanks

http://clifgriffin.com Clifton Griffin

Hi Bob,
TLS is a beta feature so I’m not 100% sure how to fix this. Were you able to find any solution?

Rutger

Great plugin, compliments!
I configured it, and users can login with their LDAP-account.
One question: do users need to login manually (type their username and password)? Because in my situation they do. I can’t find out if this plugin can/should login users automatically.

http://clifgriffin.com Clifton Griffin

Unfortunately, SSO isn’t something I have the ability to support so users will have to enter their username/password.

Pat J

Hi,

I love the Simple LDAP login plugin. It’s been immensely helpful.

I’m in a situation, though, where I need to authenticate users that may be in one of several DNs. Is there any way to do this, currently, or am I going to have to modify the plugin?

http://clifgriffin.com Clifton Griffin

I have a Dual LDAP Login plugin that can bridge between 2 domains. Would this be sufficient?

It isn’t published in the plugin directory, so let me know if you need it. You can e-mail me if you like. clifgriffin[at]gmail.

Jim T

For the good of the order I thought I share my success with using Simple LDAP Login with my Mac OS X Server 10.6 OpenDirectory setup. All that was needed in addition to the documented information on the plugin’s setup page was to prepend the Base DN with CN=users

Thanks for the plugin, Clifton!

Jim T

I should add that users log in with their shortname, not their Full Name. The user is defined as “Clifton Griffin” with a shortname of “cliftongriffin” — so logging in at the WordPress login page will not work as “Clifton Griffin” but will work as “cliftongriffin”

The code would have to consult the LDAP database to find the shortname associated with that full name… at present it doesn’t do that.

Anonymous

Yes, that is by design

Glad you got it working!

Kaz

Hi, Great plugin, works really well against our Novell edirectory.

Slight problem for us though is that we have users in several containers at the same level eg. ou=IT and ou=TREAS. Users who do not exist in the IT container have an alias object in the IT container.

If we set the base dn to point to the IT container, users with an alias in that container don’t get an error message when logging in but are left at the login screen as if login has failed (ie they do not get the invalid username or password error).
If we set the base dn to the parent container of the IT and TREAS containers, then nobody can login. Users from the IT container who have previously logged in, get an “incorrect password” error. Users who exist in the IT or TREAS subcontainers who have not previously logged in to WordPress get an “invalid username” message.

It seems like the ldap is not searching subcontainers???
Would you also be expecting it to work with aliases?
Thanks

http://clifgriffin.com Clifton Griffin

Hi Kaz,
I’ve seen this issue a couple of times before but haven’t found a solid reason/solution.

Have you tried pointing to just the parent OU that contains both of these child OUs? (if one exists)

Kaz

Hi Cliff, Yes if I point the base dn to the parent container, nobody can login. I think the ldap is not searching subcontainers. Thanks

Anonymous

I would like to figure this issue out eventually, but I don’t have much of a way to test (and very little time for personal development these days).

Let me know if you found a solution.

http://www.activatedcarbonfilter.net Activated Carbon Filter

Politics is of course very annoying, politicians do annoy me because of their bad performance `*’
http://www.ndfilter.net ND Filter

what matters most is the good deeds that we do on our fellow men, it does not matter what religion you have as long as you do good stuffs ;..
Vince Thyng

I was able to get the plug in working well with an active directory and am trying to change it over to a corporate Tivoli directory server. Since it isn’t working, I’d like to see the commands that are being sent. Is there a log? I haven’t found a way to turn one on for PHP LDAP, and don’t see anything in the apache logs.

Anonymous

I don’t know how to do that either. I developed the non-AD LDAP code pretty much blind as I don’t have a test server.

I would suggest using WireShark or something similar.

Mike

I was wondering if it is possible to use ldap filters. For example I have a filter something like (&(|(urpsaffiliation=FAC)(urpsaffiliation=STF))(|(urpsemployeestatus=A) (urpsemployeestatus=L) WHRE CAN I PLACE THIS?

Anonymous

I’m not extremely familiar with LDAP filters, sorry. If you look at the code, it’s pretty simple so I think if you know what you want to do you can figure it out. Good luck!

http://templetv.net Paul

I installed Simple LDAP Authentication and configured it properly. Now I cannot log into my site. When I go to the wp-login.php page all I get is a white screen.

Anonymous

I’m thinking that maybe you have the wrong version of PHP installed or something (PHP 5 is required). In any rate, you can rename the folder to “deactivate” the plugin. Once it is deactivated, you can rename it back to the original name.

Let me know if you find any specific errors in the logs and I’ll see if I can help you.

http://staff.iar.org Matthew Brewer

I love the plug-in! Thanks!

I’m using P2 theme and when I click an author to view their posts it gives me a 404 page. The url has the persons full name in it so I even tried modifying it to first initial last name and that failed too. Should an author page get created when someone logs in the first time? How can I fix this? Thank you!

Anonymous

I’m not sure, Matthew. I can’t really think of anyway this would break because of something the plugin does…unless it sets one of the profile values in such a way that breaks it?

Have you been able to find anything?

James

Great plug-in. I have it running on my website currently. One question though. I used to be able to change the author of a page or post, but now only I show up in the available authors list. Any ideas on how to get that functionality back?

THANKS!

Anonymous

I can’t think of anything that would affect this functionality. My hooks begin and end with the login process.

Sorry!

mmihelic

If I understand the process correctly, the plugin uses an unauthenticated bind to search for the user and then tries to authenticate using the user record it found with the password that was provided by the user.
Would it not be better to have an option to provide the DN structure? This way you could authenticate the user directly without having to do a search first. I would spare you the time for one bind+search and would make the plugin work with setups that do not allow unauthenticated searches.

Anonymous

This came from a user contribution. I pushed the updates in kind of a rush…your logic makes perfect sense and I should have used more critical thinking.

I’m going to rollback that portion.

Dellantre

Hi,

I love this plugin. But i have a little big problem. User can enter any password to login. When i did test setting, it also succeed even my password was different in ldap server.

How to fix this.

Anonymous

Craptacular.

I patched some things based on user contribution, but didn’t have a great way to test. I’ll roll back some of yesterday’s changes.

alex

I’ve been running this plugin for some time and it’s amazing. We just figured out that single quotes and double quotes in PW’s are causing failed logins but it appears that the problem exists in adLDAP.php. Has anybody else run into this problem and come up with a fix?
Josh

Great plugin very easy to use and setup. do you know of anyway to add integrated/NTLM authentication to this plugin in addition to forms auth?
http://openid-provider.appspot.com/DonChino DonChino

So what do you do if you lock yourself out?

Anonymous

Rename the plugin folder. Refresh. This will deactivate the plugin.
Rename it back.

http://www.facebook.com/anlief Andi Hakim Irhaby

———————————-this is my root openLDAP——————————-
# root, People, politel.edu
dn: uid=root,ou=People,dc=politel,dc=edu
uid: root
cn: root
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJFliTTVrcmxhJE1GRXd2emVvN2FpU3V1MjdiNzFrdy8=
shadowLastChange: 15046
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root

————————–this is my drupal config———————-
account suffix : @politel.edu
LDAP login attribute : uid
base DN : dc=politel,dc=edu
Domanin Controller : ldap.politel.edu

when i try to connect with admin ldap. it’s return:
Test Results:
Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.

OMG, this error message make me crazy.
Guest

Is there a way to use this plugin with a Multisite? I’d like to configure it once for all users and not allow them the option of even seeing the settings.
Anonymous

I’m confused as to how ‘Create WordPress account for users in specified AD group:’ works.

I’ve entered ‘Intranet_User’ in the field (which has an analogous security group in AD populated with a few users for testing) but users cannot log in with their AD credentials unless I use the ‘auth against AD’ catch-all option.

Is it something obvious, like I need to put the link to the group as a DN? Other Ideas?

clifgriffin

You should be able to use just the name of the group. It is supposed to check group membership with no more information. I would make sure it is spelled exactly the same, including case.

Other than that, I’m not sure. Is there anything different about the group?

Anonymous

It is like for like. I’ve even tried trimming its name (both the Group Name & Pre-Win2000 Name) down to just ‘Intranet’ in case the underscore was introducing an issue – no dice. It’s a global security group in a OU higher up the tree than the actual users, so inheritance shouldn’t be an issue.

It’s not a problem – the ‘Auth against AD’ option works and suits our purpose, as ‘Auth against Group’ would only of really been any use if you could control multiple roles against multiple groups (possible future development? )

Prasannapsp

Fatal error: Uncaught exception ‘adLDAPException’ with message ‘No LDAP support for PHP. See: http://www.php.net/ldap‘ in C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginadLDAP.php:338 Stack trace: #0 C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginSimple-LDAP-Login.php(60): adLDAP->__construct(Array) #1 C:xampphtdocscosmicblogwp-adminplugins.php(108): include(‘C:xampphtdocs…’) #2 {main} thrown in C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginadLDAP.php on line 338

http://twitter.com/clifgriffin Clifton Griffin

Your PHP installation does not have LDAP enabled/installed. You will need to enable this before proceeding.

Robert Conard

I had Simple LDAP 1.4.0.1 working fine on WP 3.1.1, I upgraded Simple LDAP to version 1.4.0.4 and it worked fine. I then upgrade WP to 3.1.2 and now Simple LDAP is broken. I get an error when testing Simple LDAP with settings that worked before the upgrade. The error is:

Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership

I haven’t changed my credentials and they are correct. I have verified that the combination of WP 3.1.2 and Simple LDAP 1.4.0.4 don’t seem to work for my configuration. I can downgrade my Simple LDAP from 1.4.04 to 1.4.01 and it works fine with WP 3.1.2.

Anonymous

Robert,
Thanks for reporting this.

Do you use AD or some other LDAP install?

I made a very small change in 1.4.0.4 that only effects account creation so
I would suspect the error crept in between 1.4.0.1 and 1.4.0.3. I’ll do a
diff and see if I can find likely suspects. In the meantime, I’d suggest
using the older version.

I apologize for the inconvenience!
Clif

Leandro Fontenla

Hi Clif,

Plugin is login fine but i have the following problem, when i set in the Advanced settings to search for a specific group (in this case SYSADMIN) i get this error:

Warning
: ldap_search() [
function.ldap-search
]: Search: Bad search filter in
/mnt/opt/apache-2.2.14/htdocs/wp.www.site.com/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line
226

Warning
: ldap_get_entries() expects parameter 2 to be resource, boolean given in
/mnt/opt/apache-2.2.14/htdocs/wp.www.site.com/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line
227

But the real problem is when i look into openldap logs and i get this:

May 12 17:10:22 ldap slapd[12539]: conn=2889 fd=74 ACCEPT from IP=10.193.102.66:47644 (IP=0.0.0.0:389)

May 12 17:10:22 ldap slapd[12539]: connection_get(74)

May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 BIND dn=”uid=user,ou=People,dc=site,dc=com” method=128

May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “uid=lfontenla,ou=people,dc=site,dc=com”

May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”

May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “uid=lfontenla,ou=people,dc=site,dc=com”

May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “cn=sysadmin,ou=policies,dc=site,dc=com”

May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”

May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “cn=sysadmin,ou=policies,dc=site,dc=com”

May 12 17:10:22 ldap slapd[12539]: ==> bdb_bind: dn: uid=lfontenla,ou=People,dc=site,dc=com

May 12 17:10:22 ldap slapd[12539]: => access_allowed: result not in cache (userPassword)

May 12 17:10:22 ldap slapd[12539]: => access_allowed: auth access to “uid=lfontenla,ou=People,dc=site,dc=com” “userPassword” requested

May 12 17:10:22 ldap slapd[12539]: => acl_get: [1] attr userPassword

May 12 17:10:22 ldap slapd[12539]: => acl_mask: access to entry “uid=lfontenla,ou=People,dc=site,dc=com”, attr “userPassword” requested

May 12 17:10:22 ldap slapd[12539]: => acl_mask: to value by “”, (=0)

May 12 17:10:22 ldap slapd[12539]: <= check a_dn_pat: self

May 12 17:10:22 ldap slapd[12539]: <= check a_dn_pat: anonymous

May 12 17:10:22 ldap slapd[12539]: <= acl_mask: [2] applying auth(=xd) (stop)

May 12 17:10:22 ldap slapd[12539]: slap_access_allowed: auth access granted by auth(=xd)

May 12 17:10:22 ldap slapd[12539]: => access_allowed: auth access granted by auth(=xd)

May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 BIND dn=”uid=lfontenla,ou=People,dc=site,dc=com” mech=SIMPLE ssf=0

May 12 17:10:22 ldap slapd[12539]: send_ldap_result: err=0 matched=”" text=”"

May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “uid=lfontenla,ou=people,dc=site,dc=com”

May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”

May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “uid=lfontenla,ou=people,dc=site,dc=com”

May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 RESULT tag=97 err=0 text=

May 12 17:10:22 ldap slapd[12539]: connection_get(74)

May 12 17:10:22 ldap slapd[12539]: conn=2889 op=1 UNBIND

May 12 17:10:22 ldap slapd[12539]: conn=2889 fd=74 closed

Looking closer the plugin is searching in “cn=sysadmin,ou=policies,dc=site,dc=com”.

Do you know how to force the plugin search to a specific search ???

Thanks in advance,
Diamnd

Hi, I’m trying to create WordPress Account for users in Specified AD Group and allways give the following message:

Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.

Anybody knows how to do it? Is needed to insert an specific reference or only the name of the AD Group?

Thanks!

Anonymous

Just the name should work.

Do you get that message when actually trying to login? (The test settings
panel isn’t bullet proof)

Diamnd

That message is from the test settings panel… but it works fine if I select “Create WordPress account for anyone who successfully authenticates against LDAP” option…

Anonymous

So do you get the same error when you try logging in with group setting on?

The best way to do this is to try it in a separate browser. That way you
don’t accidentally lock yourself out. Let me know what you find.

Simonjday

Hi

Are there any known issues with the plugin and WP 3.2 as i would like to upgrade my site to WP 3.2 and use your ldap login plugin a lot

Thanks

Anonymous

I have not tested it. I will say WordPress is very good at maintaining
compatibility across versions so I would be pretty surprise of there were
issues.

I have seen no compatibility issues with other plugins as of yet.

I welcome feedback as I don’t have a great way to test.

David Rogers

I have just installed a new version of WP and upgraded it to latest version. Installed Simple LDAP login 1.4.0.01. I am using AD to authenicate and create WP users. I have set my base DN to be DC=bhs,DC=local and can log in with my account which is in this context. I have users who are in other contexts coming off this base DN, like ou=staff,DC=bhs,DC=local. These users are not able to log in either through the test panel or on the site itself. Will this plugin search subcontexts? If not, how do I specify multiple contexts? Separating with ; does not seem to work.
I am surprised that I do not need to specify a username and password for authentication with this as I do with other LDAP authentication systems.
http://twitter.com/svrooij Stephan van Rooij 

Really like your plugin.

I’m developing a plugin that with use wordpress with single sign on behind microsoft isa server. This will use your plugin for authentication, and an this new plugin to get every user logged in.

More on this soon….
Francisco

Dear Clif: I communicate from Tierra del Fuego, Ushuaia, Argentina, use your plugin for the intranet of the Government of the province is working great and we are grateful. my question would be:
how to make once logged rather than redirect you to the back end will be redirected to the front end.
thank you very much for your time.
Francisco

Dear Clif: I communicate from Tierra del Fuego, Ushuaia, Argentina, use your plugin for the intranet of the Government of the province is working great and we are grateful. my question would be:
how to make once logged rather than redirect you to the back end will be redirected to the front end.
thank you very much for your time.
http://www.facebook.com/profile.php?id=1282241432 Michael Ray Whittenburg

Is it possible to have the LDAP department field come into a custom field I created in the wordpress user table?

I have added the user_market into the wp_insert_user statement, but it doesn’t seem to be filling out the field in the table, you got any thoughts?
function sll_create_wp_user($username)
{
global $ldap, $adldap;
$result = 0;

switch(get_option(‘simpleldap_directory_type’))
{
case “directory_ad”:
$userinfo = $adldap->user_info($username, array(“samaccountname”,”givenname”,”sn”,”mail”,”department”));
//Create WP account
$userData = array(
‘user_pass’ => microtime(),
‘user_login’ => $userinfo[0][samaccountname][0],
‘user_nicename’ => sanitize_title($userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0]),
‘user_email’ => $userinfo[0][mail][0],
‘user_market’ => $userinfo[0][department][0],
‘display_name’ => $userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0],
‘first_name’ => $userinfo[0][givenname][0],
‘last_name’ => $userinfo[0][sn][0],
‘role’ => strtolower(get_option(‘simpleldap_account_type’))
);

$result = wp_insert_user($userData);
break;

case “directory_ol”:
if($ldap == null) {return false;}
$result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ‘sn’, ‘givenname’, ‘mail’, ‘department’));
$ldapuser = ldap_get_entries($ldap, $result);

if ($ldapuser['count'] == 1) {
//Create user using wp standard include
$userData = array(
‘user_pass’ => microtime(),
‘user_login’ => $ldapuser[0][LOGIN][0],
‘user_nicename’ => sanitize_title($ldapuser[0]['givenname'][0].’ ‘.$ldapuser[0]['sn'][0]),
‘user_email’ => $ldapuser[0]['mail'][0],
‘user_market’ => $ldapuser[0]['department'][0],
‘display_name’ => $ldapuser[0]['givenname'][0].’ ‘.$ldapuser[0]['sn'][0],
‘first_name’ => $ldapuser[0]['givenname'][0],
‘last_name’ => $ldapuser[0]['sn'][0],
‘role’ => strtolower(get_option(‘simpleldap_account_type’))
);

//Get ID of new user

$result = wp_insert_user($userData);
}
break;
}

return $result;
}

Anonymous

Do you mean you added a column to the wp_users table?

http://www.facebook.com/profile.php?id=1282241432 Michael Ray Whittenburg

Yep

Anonymous

I have never heard of such a technique…and I’m nearly positive it isn’t designed to work that way.

I know there are ways to add information to a user’s profile but I’m not personally familiar with them. From your modification, it looks like you have the right idea though and it shouldn’t be too hard to do once you find the correct method.

http://www.facebook.com/profile.php?id=1282241432 Michael Ray Whittenburg

and im just trying to bounce ideas off you, but how would you have gone about it? if you needed to capture the department of a new user…would you try and store it in the wp_usermeta table instead?

Victor Gatnicki

Hi,

I found a little bit of a bug with OpenLDAP. In file Simple-LDAP-Login.php if the LDAP search returns more than 1 item in the sll_create_wp_user method ADD USER fails.

To fix this change:
if ($ldapuser['count'] == 1) {
TO
if ($ldapuser['count'] > 0) {
http://twitter.com/hoisc Christian Hois

I use your plugin. Is great but i have the following urgent questions:

* I want to connect ala SSO against MS AD with my PC (Windows 7 Login) without the need to login in word press too. this is a overhead which my userns in the intranet not want. Option 1:

Authenticate WordPress users against LDAP. I will create the accounts in
wordpress myself. (default)
does not provide this functionality SSO. how is this possibly?
* how can i make user ldap login happend automatically without
the need to login in wordpress twice. windows login account name should be used and connect automaticall.
* Can i connect automatically to LDAP without the neccisarity to create a wordpress account too. is connecting againt LDAP and only using the account data from MS AD not enough . or is it neccessary to create a wordpress account too?
* do you know an other plugin solution which solves my SSO problems?

thx for your answer
Chris
from Austria, Linz

Monandra

I have this problem too. Do you have the answers for this question?

Thanks!
Monica
from Brasil

Subversive

Hi, I’m having trouble getting the plugin to activate. I get the error: “Fatal error: Cannot redeclare class adLDAPException in
C:inetpubwwwrootmysitewp-contentpluginssimple-ldap-loginadLDAP.php
on line 2411″

If I comment out that line, then I get the same error, but on a different line. If I comment out that line, then the error changes completely, it seems I’m just digging deeper. Would appreciate any suggestions. Thanks.
todopoj

Hey Clif,
Your plugins works really well with WP3.2.1 with just one exception.
Once the plugin is activated it gets the users from AD just fine. But, then, none of the original wp users are able to log in.

Keep getting this error:
Simple LDAP Login Error: adLDAP may have errored. Message: Invalid credentials

No shake either, like that for invalid credentials.

Help is deeply appreciated.

http://twitter.com/hoisc Christian Hois

Ich bin am 28.11.2011 wieder im Office erreichbar.
Mfg EDV AK OÖ, Mag. Christian Hois
Anonymous

If you turn security mode to low, wp users can login. Otherwise LDAP is enforced.

http://twitter.com/hoisc Christian Hois

Ich bin am 28.11.2011 wieder im Office erreichbar.
Mfg EDV AK OÖ, Mag. Christian Hois
todopoj

Wow ! That was quick.

I just tried it and it worked. I don’t know why id did not work earlier.

Thanks a ton.

http://twitter.com/hoisc Christian Hois

Ich bin am 28.11.2011 wieder im Office erreichbar.
Mfg EDV AK OÖ, Mag. Christian Hois

Hois Christian

i installed the plugin and when i wanted to login i got the error:
Test Results:
Failure. Your settings do not seem to work yet or the
credentials are either wrong or have insufficient group membership.

i marked: LOW Mode as mentioned in other comments but it doesnt work.
BUT: i have an simple LDAP_TEST.php script which works fine . there LDAP PHO Module works fine.
why not your plugin.

please help
Christian

Anonymous

Hi Christian,

Open another browser and try logging in. Set it to high security mode first. You should get a better error message.

Clif

http://twitter.com/hoisc Christian Hois

I use IE9.
Set it to high security mode first. where to do it?
which other browser? where to confugure high security mode ?

thx

Anonymous

In the plugin settings, set it to use High Security mode.

Then, open a different browser. If you usually use IE9, open Chrome or Firefox. Then try logging in. See if it gives you a different error.
The test form in the settings doesn’t always give great errors.

Hois Christian

i tested it in crome and set plugin mode = HIGH.
same error :
Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.
http://twitter.com/hoisc Christian Hois

Hi

Thx for your Tipp . now it works fine.

One Question: I want that all automatically created User accounts do not have the option “show admin menu” under the personal settings enabled. how can i control this? can you give me a tipp how WordPress control this and where you rely on this settings and how can i overrule the default role settings of an user profile settings?

thx su much for your tips and comments.

Nice greatings from Austria
Chris
Lnlau

Hi guys,

Does anyone know if this plugin work with AD LDS?
I encountered failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership when I tried to test out.
Please help.
Kevin

Latest update causing weird issues where admin logins using IE and Safari show blank white screens or Error 500. Chrome seems to work fine.

Kevin

This is actually happening for the original ADMIN account only. All my LDAP users are logging just fine.

Anonymous

Hi Kevin,

The admin account only has problems in Chrome?

Also, did you upgrade from 1.4.0.4?

Sorry you’re having problems!
Clif

Kevin

I thought it was just the admin account but I have staff now reporting issues on my sub blogs. They are using IE. When the issues started, last night after I updated to the latest version, IE and safari would not login using the local admin account. Chrome would work. I disabled the plugin and everything started working.

I reloaded the plugin from scratch and that did not solve the issue. I thought I was fine though because Chrome worked. Now even Chrome doesn’t work. Not sure what I’m going to do now.

Anonymous

Hi Kevin,

I highly suggest you roll back to 1.4.0.4 until I figure this out. Sorry for screwing up your site. :-/

Clif
Kevin

Couldn’t find that version but installed 1.4.0.1 and things are back to normal now. Thanks.
Anonymous

You can use this link: http://downloads.wordpress.org/plugin/simple-ldap-login.1.4.0.4.zip
Kevin

Thanks for all your work on this. It’s a great plugin. :-)
Anonymous

Hi Kevin, I just uploaded 1.4.0.5.1 that I think fixes the problem. My mistake was updating adLDAP and assuming it was backwards compatible as previous versions have been. My apologies. Let me know if this version has issues.
Kevin

So far so good! :-)

Adam

We were having problems with users who had a password that included a single quote. It seems there is a need for:
$password = stripslashes($password); in the authenticate function.
Phil

I was able to get your plugin without much effort, thanks! I had one quick question: If I change the password for an AD user that already exists in wordpress, is there a way to automatically update the wordpress password on a new login? thanks!

Anonymous

Hi Phil,
Simple LDAP will use whatever the LDAP password is. The WordPress password isn’t modified.

Clif

http://twitter.com/hoisc Christian Hois

Ich bin am 4.1.2012 wieder im Office erreichbar.
Mfg EDV AK OÖ, Mag. Christian Hois

Jens Vieler

Is there a way to ask two different ldap-servers in chain, if the first is out of order?

Joe Murphy

I have the same question. Any thoughts?

Anonymous

Hi Joe,

It isn’t possible at the moment. I believe it selects the Domain Controller randomly.

I think it could probably be accomplished without a ton of effort, but it would definitely take a lot of testing. Unfortunately, I’m not setup to implement such a change at the moment.

Clif

Chris

I am getting an error.
Simple LDAP Login Error: LDAP credentials
are correct and user creation is allowed but an error occurred creating the user
in WordPress. Actual WordPress error: Cannot create a user with an empty login
name.Everything works ok if I manually add the network id to the users id. What is causing it not to pass the username? I suspect it’s a setting on the AD server
http://profile.yahoo.com/6KSGX32XSHJCYILHVBZCBYJBJI Elvina

this plugin allows subscribers to view the LDAP settings !!!!!
ridiculous low level of security.

Anonymous

Elvina,

This is the first I’ve heard of this. The call to add the options page requires a level 10 user. This is a deprecated way of adding an options page, but it still works.

You sure this this happening? How are you accessing the page from the subscriber role?

Clif

elvina

Hi Cliff,
I had it set up so that everyone needed to login to view our site, LDAP users were made subscribers. When they logged in, the wordpress dashboard shows them their profile and your plugin settings page. (using wordpress 3.2)

i changed this line
function simpleldap_admin_actions()
{
add_options_page(“Simple LDAP Login”, “Simple LDAP Login”, 10, “simple-ldap-login”, “simpleldap_menu”);

}

to:

function simpleldap_admin_actions()
{
add_options_page(“Simple LDAP Login”, “Simple LDAP Login”, ‘install_plugins’, “simple-ldap-login”, “simpleldap_menu”);

}
and now it doesn’t show.

cheers

msuzer

Hi all,

I used the plugin today for my wordpress blog against OpenLDAP. I want to contribute as I solved some problems for my installation.first: in openLDAP setups, usually, BASE_DN looks like: ou=users,dc=example,dc=com, so if someone miss ou part, it will not work.second: once you add ou=users, then the group authentication will fail. then you have to tweak the code in the main php file as: //$result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(‘cn’));
$result = ldap_search($ldap, “ou=groups,dc=example,dc=com”, “memberuid=$username”, array(‘cn’));please note another change as “memberuid=$username”.I am not an expert, but these changes may hopefully help someone to make the setup work. And Clif may find these suggestions helpful to update the plugin.
Thanks to Clif for this handy plugin.
Cariberecord

Saludos, este pluing funciona como SSO, es decir que al registrarme en mi pagina me registre también en otro servidor? hay alguna documentación al respecto? gracias.