Find a bug?
If you believe you have found a bug, please open a ticket here. This will allow me to track the issue as a single issue and others to comment and give feedback.
I’m finding it difficult to discern user error from bug from configuration differences among different installations. All of this will lead to a quicker turn around for reported issues. Isn’t that cool?
This article only deals with version 1.3 and later. To view and discuss issues pertaining to version 1.2 and prior, click here.
Integrating Wordpress with LDAP shouldn’t be difficult. Now it isn’t.
Simple LDAP Login provides the features you need with the simple configuration you want. It has everything you need to get started today.
Features
- Supports Active Directory and OpenLDAP (and other directory systems which comply to the LDAP standard, such as OpenDS)
- Includes three login modes:
- Normal Mode: Authenticates existing wordpress usernames against LDAP. This requires you to create all Wordpress accounts manually using the same usersnames as those in your LDAP directory.
- Account Creation Mode 1: Creates Wordpress accounts automatically for any LDAP user.
- Account Creation Mode 2: Creates Wordpress accounts automatically for LDAP users in a specific Group you specify.
- Intuitive control panel.
Architecture
Simple LDAP Login redefines the main function Wordpress uses to authenticate users. In doing so, it makes several decisions.
- Is the provided username a valid Wordpress user?
- If not, are we allowed to create a wordpress user?
- If we are, are we able to authenticate the username and password provided against LDAP?
- If we are, does the user belong to the right (if any) group?
- If the user does, create the wordpress user and log the user in.
- If we are, does the user belong to the right (if any) group?
- If we are, are we able to authenticate the username and password provided against LDAP?
- If the username is a valid wordpress user, is the password provided the same as the one in the Wordpress database?
- Is the security mode set to low or the username admin?
- If so, log the user in.
- If not, do the provided credentials successfully authenticate against LDAP?
- If so, is the user in the required groups? (if any)
- If so, log the user in.
- If so, is the user in the required groups? (if any)
- Is the security mode set to low or the username admin?
- If not, are we allowed to create a wordpress user?
This is simply a high level overview. The actual logic the plugin employs is more complex, but hopefully this gives you an idea, philosophically, about how the plugin accomplishes what it does.
Installation
- Upload the directory “simple-ldap-login” to the `/wp-content/plugins/` directory
- Activate the plugin through the ‘Plugins’ menu in WordPress
- Immediately update the settings to those that best match your environment by going to Settings -> Simple LDAP Login
- If you don’t get the settings right the first time…don’t fret! Just use your wordpress credentials…they will always work! (See security section)
The control panel.
Frequently Asked Questions
Other than Wordpress, what does my system require?
If you are using Active Directory, you will probably need PHP 5. This is because I’m using adLDAP 3.0 to do my Active Directory integration. As far as I know, the rest of the code should work with PHP 4. It is also possible that the functionality I’m using with adLDAP 3.0 does not depend directly on PHP 5. Your mileage may vary.
Other than that, it is imperative that your installation of PHP be compiled with LDAP. Without it you may see errors referencing undefined functions like “ldap_connect”. You can view more information about PHP and LDAP here.
How do I know what the correct settings are?
I have tried to make the settings as self-explanatory as possible. If you are struggling figuring them out, you may need to speak with your LDAP administrator. I realize this is an obnoxious response, but there is no good, fail proof way to help you discover these settings. A good place to start, if you’re feeling daring, might be to use ADSIEdit for Windows and Active Directory, or GQ for Linux and OpenLDAP.
It’s still not working, what other things can I try?
If you are confident your settings are correct and it still does not work, it may be time to check for port or firewall issues. If your LDAP server is running on a non-standard port or an obsolete version of the LDAP protocol you are going to have issues. Port 389 is the port this plugin, and nearly every other LDAP enabled software expects. They are also expecting protocol version 3. If you are using an old version of LDAP or running a non-standard port you may need to modify the code that the plugin runs or update your LDAP installation.
Unfortunately I can’t be relied upon to assist with these types of requests. I chose not to support these scenarios because they are infrequent and because they confuse everyone else.
I took all of your advice, it’s still not working!
Post your question in the comments below, or e-mail me: me[at]clifgriffin.com
I’ll do my best to get you up and running!
How can I donate?
If you would like to donate to this project, please visit the donations page.
Roadmap/Security Issues
The following features and concerns will be addressed in coming versions.
- Potentially allow the provision of an admin password for binding to domains with tighter security.
- Potentially Support TLS
- Look into supporting non-standard LDAP installations
- Code cleanup to improve readability, on-going maintenance.
#1 by Layne at May 15th, 2009
Fatal error: Call to undefined function ldap_connect() in C:\wamp\www\wordpress\wp-content\plugins\simple-ldap-login\adLDAP.php on line 157
Im getting this error, Im 99% sure all my settings are correct, but when i test settings, it returns to a page with settings saved, and the above message. any ideas?
#2 by clifgriffin at May 16th, 2009
It sounds like your installation of PHP does not have LDAP compiled. It may be a simple config file change. See this document for more information: http://us.php.net/manual/en/ldap.installation.php
Let me know if this takes care of the issue.
#3 by Josh at May 19th, 2009
I had this issue too on an Ubuntu Server.
Installing php5-ldap worked for me:
sudo apt-get install php5-ldap
sudo /etc/init.d/apache2 restart
#4 by Fredrik at May 18th, 2009
Hi Clifton.
Great plugin! I’ve been looking for something that integrates with AD and doesn’t break XML-RPC. Thanks!
I have a small problem. AD isn’t username case-sentitive but it seems that your plugin is. Any chance of making it case insensitive?
#5 by clifgriffin at May 18th, 2009
Hi Fredrik,
I’m glad the plugin works well for you. The case sensitive username issue is not actually an issue with my plugin in this instance. Wordpress itself seems to enforce this case sensitivity.
There are plugins that override this functionality but unfortunately they conflict with my plugin. I will consider adding that as an advanced option, but I’m leary of adding even more features to my “Simple” plugin.
#6 by Ben at May 20th, 2009
Hi, and thanks for a great plugin.
I’ve added a small feature to adLDAP to support TLS so that passwords are not sent in the clear; I’ll send the patch upstream and you’re welcome to it too if you like, it’s very simple.
One thing I’ve hit a problem with. I’m using the feature to create users in a certain group. It works fine except that I’ve asked for new users to be made Authors, but they are being created as Subscribers. A log of what’s going into the userData array supplied to wp_insert_user() shows that ‘role’ is set to ‘Author’ so I’m mystified as to why it’s not working. Any ideas?
Cheers!
#7 by Ben at May 20th, 2009
Small addition to the above; the new user gets created with whatever the default is in the blog’s settings. So I can work around the problem by changing the default to Author, which is fine because this is an intranet blog so everyone can be an author. Still perplexed why your option isn’t working though!
#8 by clifgriffin at May 20th, 2009
Thanks for all of the feedback. I’m perplexed as well. I never tested that option thoroughly because it seemed so obvious and I knew the array I was sending was complete.
I wonder if there is a case sensitivity problem here or something. I guess I’ll have to look at what is actually going on in the database…what role is being recorded and what it looks like once it is changed.
TLS support is a good idea. Send me the patch and I’ll include it in future versions.
#9 by Ben at May 20th, 2009
This seems to be a bug, or incorrect documentation of the API, in Wordpress. wp_insert_user() ignores ‘role’ if it’s creating a new account!
I’ve raised a ticket at http://core.trac.wordpress.org/ticket/9891
My TLS patch is at https://sourceforge.net/tracker/?func=detail&aid=2794301&group_id=104193&atid=637242
#10 by clifgriffin at May 20th, 2009
I’m releasing a small update to fix the role problem as well as disallow LDAP users from logging in if they are removed from the specified group.
I decided to not incorporate the TLS patch into this as I’m afraid it could create problems for those who do not have their LDAP installations sufficiently configured.
I did have one question though: you patched adLDAP but in your patch description you talk about modifying your openldap configs…this makes me think you are using the plugin with OpenLDAP but have the plugin set to Active Directory. Is this true?
I ask because I was under the impression that adLDAP doesn’t work with OpenLDAP at all. If it does, I’m wondering if I wasted my time creating two binding methods.
Part of the problem is that I don’t have a fully functional OpenLDAP installation to test with. I have thought about setting one up but haven’t followed through yet.
Any feedback you can give me on this would be great.
#11 by clifgriffin at May 20th, 2009
You can download version 1.3.0.1 here. Warning: it has the original version of adLDAP.
http://downloads.wordpress.org/plugin/simple-ldap-login.zip
#12 by Ben at May 21st, 2009
All you’d need to do is change the initialisation of $_use_tls to false instead of true and it would have no effect unless specifically enabled. TBH I should have set it that way in the patch, I just didn’t spot that I’d left it true until too late!
Not quite. I’m using the plugin on Linux, which uses openldap (lowercase) as the client library, configured in /etc/openldap/ldap.conf. But I am authenticating against a Windows Active Directory server, not an OpenLDAP (mixed case) one. Make sense?
I think you are correct that adLDAP is only for talking to AD servers, not OpenLDAP ones, so you do still need your two binding methods.
#13 by Kurt Cypher at May 21st, 2009
I just installed Simple LDAP Plugin, and it’s working, to a point. I have it set to automatically create a wordpress account upon successful LDAP authentication, but when I try to login as a valid LDAP user that doesn’t have a wordpress account, I get:
ERROR: Invalid username.
However, if I login using a valid LDAP user who DOES have a wordpress account, I get logged in.
Any ideas?
Thanks,
Kurt
#14 by clifgriffin at May 22nd, 2009
Are you using OpenLDAP or Active Directory?
#15 by Kurt Cypher at May 23rd, 2009
We’re currently using openLDAP.
#16 by clifgriffin at May 23rd, 2009
One more thought: Have you tried the dev version linked to at the end of this article? I don’t think it will fix any of your problems but the error message might be more useful. (Possibly…if you’re just getting “Invalid username” with no details, it’s hard to say)
It’s worth a shot though.
#17 by Kurt Cypher at May 23rd, 2009
I may give that a shot when I get back in the office on Tuesday. It’s certainly worth a shot, if it’ll potentially give a better error message.
#18 by Nick at May 22nd, 2009
I am using openLDAP and I got the first option to work, that is the default option where the I log into with existing usernames for both wordpress and LDAP.
However, I am trying to get the second option to work but it keeps throwing me the error message: Invalid username. Simple LDAP Login mode allows account creation but the LDAP credentials provided are incorrect.
So I am assuming it is the code somewhere between line 108 and 134 for the simple-ldap-login file.
Any suggestions? I am trying to debug it at the moment, I will let you know if I find something useful.
#19 by Nick at May 22nd, 2009
Actually, the default option doesn’t seem to be working too great anymore, it seems to only work for one of our accounts “pc01″ but not “pc02″, “pc03″… etc. It just so happened that pc01 worked and I thought it was working.
#20 by clifgriffin at May 23rd, 2009
I can’t imagine it working for one account and not another under the first option. I’ve had several reports that the OpenLDAP login code is working well for a few people.
Can you try downloading the dev version linked to above? It’s version 1.3.0.1 and it’s error messages are a little more instructive. I preemptively added a “location” suffix to them to help with debugging in the future.
#21 by Nick at May 28th, 2009
Thanks Clifton, I am pretty sure it was a problem on our end, the openLDAP creating new users also works now that I have upgraded Wordpress to the latest version.
Just wondering if you are considering the option of creating new blogs for the users that authenticate for the first time.
#22 by Nick at May 28th, 2009
Also, it seems that the role option doesn’t seem to be working using 1.3.0.1 for our us, everyone created is still a subscriber.
#23 by Michiel at May 27th, 2009
Hi there,
Thanks for the plugin, it seems to work as intended, except for one little thing.
I’ve got it set to create a user in WP upon successful authentication against AD, but when I try to log in with a valid AD user, I get the following:
Array ( [user_pass] => [user_login] => Michiel [user_nicename] => Michiel [user_email] => michiel@domain.com [display_name] => Michiel [first_name] => Michiel [last_name] => [role] => Contributor )
Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 649
Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 650
Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 651
Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 850
This is using version 1.3 of the plugin, with a completely fresh install WP 2.7.1.
The odd thing is, after I see the above error messages, when I try to log in with the new user by going back to the login page, it works. The user is actually successfully created it seems.
Any ideas where these errors come from and how I could fix this?
Thanks
#24 by clifgriffin at May 27th, 2009
This a weird error message that I have seen randomly with every plugin I’ve written. One of my plugins had this problem because there was a single blank line at the end of the main plugin file. Strange…I know.
Is this happening every time? Perhaps reinstalling the plugin? (Just replacing the files will work…settings will be saved.)
You might also try the dev version linked to above, though it’s in a transition stage to implement new features. (Should work though)
#25 by Michiel at May 28th, 2009
Yeah, this happens every single time I try to log in with a user who does not exist in the WP user system, but is valid in AD.
I tried reinstalling it as per your suggestion, but I keep getting the same error. I tried installing it via the new plugin auto-install system, and tried it manually; same result.
I’ll do some more testing, see if I can find out what the issue is. Thing is, tbh I know jack all about code, I just know what buttosn to press to make stuff happen every now and then
#26 by clifgriffin at May 28th, 2009
Thanks for checking back. I’ll take a look at the code and see if I can imagine why this would happen.
What version of PHP are you using?
#27 by Michiel at May 28th, 2009
PHP 5.2, with a pretty vanilla Apache.
Anything else you might want to know?
Also, thanks for taking the time to look into this. Much appreciated.
#28 by Nathan at May 27th, 2009
Excellent plugin that works as advertized!
I have worked on this all day with other plugins and was never able to get them to work. Installed this and was connected to AD within 5 minutes. The only reason I didn’t go with yours to begin with is that I need to be able to have users, when created, put into a specific WP role depending on their AD group. Is this a feature that may come in the future?
Either way, the plugin is excellent!
#29 by clifgriffin at May 27th, 2009
I’m glad it works for you! I had the same experience which is why I wrote it. It seemed like it didn’t have to be so hard.
I hadn’t considered that possibility but I’ll think about it for future releases.
Btw, the role setting doesn’t work at all in version 1.3. Download 1.3.0.1 to fix this. (Though it may have other bugs…haven’t gotten the chance to test it fully)
#30 by Justin at May 28th, 2009
I’m currently getting an Incorrect Password error when trying to login with a network account. The plugin is currently set for Normal Mode.
First I entered all the settings that are required.
I then used the Test Setting box to verify that a username and password in AD can successfully authenticate. I receive the “Congratulations!” message and move forward.
Using the same name i verified with the test tool, I then created that account Wordpress.
After logging out of my admin user, at the main page I am unable to login using the newly created account.
I’m not really sure where I went wrong. Any suggestions would be greatly appreciated.
Thanks!
Justin
#31 by clifgriffin at May 28th, 2009
That’s strange. Which version are you using?
#32 by Justin at May 28th, 2009
Im using the 1.3 Version in WordPress 2.7.1.
Today is my first time trying to use this Plugin, so I’m not sure if its caused by the way I have things installed.
I figured if the test tool said that it can authenticate, it should work though. I have tried several accounts in the test tool that are only in AD, and all have authenticated successfully.
I turned on the Account Creation mode too, and tested an account and got the incorrect password as well.
#33 by Justin at May 28th, 2009
Well i tested a few more things tonight.
First I upgraded XAMPP and created a new dev Wordpress directory. The plugin worked correctly in the dev wordpress. Funny thing though is I got the same error message as Michiel above when i created a new user.
I went back to my other install of Wordpress that i was still having problems and removed the plugin, re downloaded it and installed it. I noticed it retained all of the domain information that i entered before. Where is this information being held? Is there anyway i can reset this saved information? Maybe when i entered it in the very first time, i entered something incorrectly and its retaining that incorrect information.
#34 by Justin at May 28th, 2009
I forgot to mention, even after the error it successfully created the user and i was able to login with it. It just gave that nasty error at user creation.
#35 by Justin at May 28th, 2009
The theme our Graphic Designer chose for the site is whats causing the issues. I applied the theme to my dev site and the login stopped working. I was still able to use the test tool to authenticate under the admin panel while the theme was active though. Bummer…
I know its something outside of the plugin causing problems, but at least it might be a reason others are having problems.
Here is the theme we are using if your curious: http://wordpress.org/extend/themes/atahualpa
#36 by Bobby at July 27th, 2009
I am having this same problem with the theme I developed. I was wondering if anyone knew of what could be causing themes to break the authentication? The two just seem unrelated.
#37 by Bobby at July 27th, 2009
I found the issue. The plugin uses the variable $options and it conflicts with a variable used in my custom theme options. Thanks for this awesome plugin!
#38 by Michiel at May 29th, 2009
Odd thing is, I’m still using the default theme while trying to implement some of the (to us) more important plugins like this one. I would assume that the default is what it was developed against, or tested on.
Anyways, I figured the error messages problem out. I had a look at the code for the plugin, and started looking for the line numbers referenced in the error itself. Turns out, the Simple-LDAP-Login.php file on line 99 says the following:
print_r($userData);
I found out that the main error itself (Cannot modify header information – Headers already sent by) means that the code for some reason is trying to send data while being told afterwards to redirect you to another page by using a header command. Which makes sense, the plugin tells WP to create a user and log in with it, and then sends that users on his/her way to the dashboard. Long story short, all you have to do is comment out that print_r($userData); line and that should be it. Fixed it for me in any case. Commenting that line out is done by inserting two slashes before the line of code in the Simple-LDAP-Login.php file so it looks like:
// print_r($userData);
That’s all folks.
Oh, and damn you Clif, you made me try and learn to at least understand code now
#39 by Clifton Griffin at May 31st, 2009
Justin,
I noticed that when I was working on 1.3.0.1…not sure how that slipped by.
I’m sorry that caused you so many issues! I’m going to do some testing with 1.3.0.1 today and tomorrow and try to fix some of these issues and release the version.
Thanks for your help!
#40 by Justin at May 31st, 2009
No worries, the new features of the plugin are sweet. Thanks for your help and dedication on looking into the issues. = )
#41 by Clifton Griffin at June 4th, 2009
I still haven’t gotten a chance to do a proper review of the code for the next release. I expect to be able to do this either this weekend or sometime next week. Thanks for your patience.
#42 by Vinod at July 27th, 2009
I am getting an error like “Invalid username”. But in the test-panel it is working properly. Not on the Login screen. I am on wordpress 2.8
#43 by Gaurav Sharma at June 18th, 2009
Hi Clifton,
I am using “Simple LDAP Login” for my application which is using wordpress 2.8 , after setting the credentials in the settings tab when i use your testing option at the bottom of the page then it gives me the congratulation message.
But when i try to login from the frontend after signout from the admin section with valid username/password that exists in LDAP it gives me the error message
“ERROR: Invalid username. Simple LDAP Login mode allows account creation but the LDAP credentials provided are incorrect.”
And when i do testing with same username/password it shows congratulation message.
Please suggest for the same , where i am doing wrong.
Gaurav
#44 by Domenico Calojero at July 22nd, 2009
Hi,
I have the same situation.
From the control panel it works, but not from the login screen.
Also with version 1.3.01.
#45 by Tobias at July 9th, 2009
Hello there… Just to let you know: I’d really like the TLS feature to be implemented. We have our open ldap servers set up to only accept encrypted connections.
Anyway, thanks for your hard work.
#46 by Matt Combs at July 9th, 2009
I’ve upgraded to version 1.3.0.1 and still can’t get the roles to work correctly. I have it set to create them as Editors but its not settings roles at all. I’m using option 3 to just allow a certain group to log in. Could this be causing something?
#47 by Matt Combs at July 9th, 2009
solved my own problem by changing
‘role’ => get_option(’simpleldap_account_type’)
to
‘role’ => strtolower(get_option(’simpleldap_account_type’))
#48 by nocash at July 29th, 2009
It does appear that the role name needs to be lowercase in order for accounts to be created correctly. When the wp_options simpleldap_account_type value was set to ‘Author’ my users were being created with no role. When I changed it to ‘author’ it appears to work fine.
#49 by Peter at July 16th, 2009
This plugin works for me with OpenLDAP& wordpress 2.8.1. I also would like to use the group feature but it currently works for AD but not OpenLDAP. Hope it can be used via OpenLDAP as well soon.
#50 by Nasir at July 24th, 2009
I am trying to use this plugin for wordpress. I am confident about the configuration settings, but for some reason it is not passing. Can I get some help here ?
Test Results:
Failure. Your settings do not seem to work yet.
#51 by Nasir at July 24th, 2009
Forgot to mention: I am using wordpress 2.8.1
#52 by Nasir at July 24th, 2009
#53 by Tyrel Newton at July 24th, 2009
I have the beta dev version installed on a wordpress 2.8.2 installation and am attempting to auth user’s against apple’s version of the openldap directory. In my server logs, I was seeing invalid passwords entries even though I knew I was typing the password correctly. It turns out that in the password I was using to test with, there was an apostrophe (‘). So at some point in the login process, the password was being corrupted because it was not sanitized for special PHP characters. I don’t know what the solution to this problem is, but I wanted to throw it out there because maybe there is an easy fix.
#54 by Tyrel Newton at July 24th, 2009
Oh, and once I replaced the apostrophe with an underscore, the authentication worked just fine.
#55 by Louie at July 28th, 2009
I implemented the ldap 1.3.0.2 on our system and chose to “Create Wordpress account for anyone who successfully authenticates against LDAP.”. Evrytime someone login it creates a username on wordpress. So now I have lots of user with the same username. It is so wierd.
I am also getting this error on the Admin screen
“Oddly, your version of PHP doesn’t allow file_get_contents to use URLs. But even more oddly, your browser doesn’t allow frames! I think it’s time for you to consider leaving 1998 in the past.
“; ?> ”
I am running windows 2003 with PHP 5.2.6
#56 by clifgriffin at July 28th, 2009
Fixed in 1.3.0.2.1. This is seemingly the day of updates!
#57 by Louie at July 28th, 2009
nevermind I fixed…. It was the case sensisitivity. I converted them to lower….
#58 by Chris Carman at July 29th, 2009
Hello! We’re using your plugin for our school district’s upcoming transition to a WordPress-Mu based web site, and it’s working very well so far. LDAP authenticates successfully against our AD server, and everything is going well there.
The only odd thing is that it only works properly when users log in to the main district blog (i.e., our home page, /) and not when they try to log into their own blog or school blog (e.g. /ccarman or /rhs). When I go to those blogs’ dashboards, I see the default bogus settings for the plugin, which points to mydomain.com etc., so obviously that’s not going to work. Do you know of any way to either:
A: grab the LDAP settings from the main blog for all other blogs (ideal), or
B: redirect any requests from /blog/wp-login.php to /wp-login.php, so they don’t get confused.
I think we can accomplish “B” with themes, but I’d like to do a redirect if possible. Thanks!
#59 by Clifton Griffin at July 29th, 2009
I believe this is because of how Wordpress-MU operates. I will investigate the feasibility of having global settings for all blogs and get back with you.
#60 by Brian at September 11th, 2009
Any news on using global settings for MU. This would come in handy for me right now….
#61 by clifgriffin at September 13th, 2009
Try putting the plugin in the mu-plugins folder. I think this will enable it globally for all blogs.
#62 by nocash at July 29th, 2009
I was encountering an issue where authentication would fail if the password contained a backslash (or other character that is escaped by whatever is doing the escaping). I had to add the following line to the
authenticatemethod defined at line 197:$password = stripslashes($password);#63 by nocash at July 29th, 2009
I imagine this is the same issue described in comment #52 above.
#64 by Steve Palm at August 3rd, 2009
QUOTE:
If you are using Active Directory, you will probably need PHP 5. This is because I’m using adLDAP 3.0 to do my Active Directory integration. As far as I know, the rest of the code should work with PHP 4. It is also possible that the functionality I’m using with adLDAP 3.0 does not depend directly on PHP 5. Your mileage may vary.
QUESTION:
I get an error activating the plugin, I only have PHP4. Do I have to do something to turn off the adLDAP stuff? I’m not using it, but apparently it’s trying to load it.
#65 by clifgriffin at August 3rd, 2009
There may be other portions that only work in PHP5. What is the error message you get when activating?
Is there a reason you haven’t gone to 5? Most hosts make it extremely simple to switch between versions.
#66 by Steve Palm at August 3rd, 2009
It’s an old host that we don’t want to break anything on.
Not sure what else on there may be affected. Anyway, it is dying on trying to load the adLDAP module. I just was curious if there was a way to turn it off so that it didn’t even try. I’ll poke at it here. The funny thing is that I saw the upgrade come along, and I thought we were using the previous version just fine, but the plugin wouldn’t re-activate. So it seems like something in the most recent update. I’ll post back when i find more.
#67 by clifgriffin at August 3rd, 2009
What version were you on before?
You can always try replacing the adLDAP.php file with an older, PHP4 compatible version from the adLDAP site if you believe that’s the issue.
#68 by Steve Palm at August 3rd, 2009
Thanks, rolling adLDAP back to v2.1 which supports PHP4 works fine. Since that is only required for those using Active Directory, I wonder if you could change your plugin code to only require it if it was being used. Probably not worth the effort, though. Eventually all these old boxes running PHP4 will die.
#69 by Brian at August 7th, 2009
Version 1.3.0.2.1 works perfectly with my Active Directory, but version 1.3.0.3 fails with the following error (when testing settings):
“Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.”
Any ideas on why the latest version has broken AD authentication?
#70 by Brian at August 7th, 2009
Please ignore. I don’t know what happened but after going back and forth between the two versions, it now works?? I will make another note if this occurs again or open a ticket.
#71 by Brian at August 7th, 2009
I see now. If the user does not exist in the wordpress database, the authentication TEST fails. This was not the case in 1.3.0.2.1.
#72 by jonas at December 11th, 2009
Did you ever get this plugin to work, with the 1.3.0.3 version, or does the authentication still fail ?
#73 by Chris at August 12th, 2009
Hi, firstly, great plugin, thanks.
I’m wanting to use the
‘Create Wordpress account for users in specified AD group:’
Is it possible to check more than one AD user group?
#74 by Clifton Griffin at August 12th, 2009
Thanks, Chris I’m glad you like it. There is currently no way to do this. . I plan to support this type of functionality in the future but have yet to implement it.
I want to be able to let users link groups to account types and so on, but it will take a bit of work to get there. What I did in my organization was create a group to add all the other groups to. This should get around the problem.
#75 by Per-Arne Jørgensen at October 8th, 2009
Hi, tanks for a great plugin! But I have a problem with openldap where I use memberUid instead of memberof. Got this message:
Warning: Invalid argument supplied for foreach() in simple-ldap-login/Simple-LDAP-Login.php on line 205.
Do you have any tips?
#76 by Josh at October 13th, 2009
There appears to be two problems that I can immediately find which prevents my use of this plugin, unfortunately.
One, the LOGIN varaible appears to be preset to “uid” and I don’t see anywhere to change that other than editing the code. However, we don’t use “uid,” we use something else.
Second, it doesn’t look like you are connecting to the server via TLS. This is required by our LDAP server.
However, I’m still not totally sure if these are the only things that need fixing for it to work for us, because even after I changed uid to what we needed and threw in ldap_start_tls($ldap); into simple-LDAP-login.php, it still doesn’t work, so….
#77 by Clifton Griffin at October 14th, 2009
Hi Josh,
You are not the first to suggest TLS. I briefly investigated adding it in the past, but without a way to test it and only one user requesting it, I abandoned it.
For the second, I will have to investigate that as well. I have no encountered a situation like yours.
I can’t make any promises on when these things will be addressed. At the moment I have no installation (test or otherwise) to test against.
#78 by Stace at October 23rd, 2009
Your plug in is exactly as advertised: simple and gets the job done. Thanks!
Lately, I’ve been running it in a Wordpress MU installation and that seems to work without issue as well. Only problem is at my end: I have to configure settings for each new blog a user creates. What I’d like to do is configure the settings within the plugin file itself, without any calls or writing to the database. Can you help point me in the right direction?
Thanks,
Stace
#79 by Clifton Griffin at October 24th, 2009
Hi Stace,
If you look in the code for function simpleldap_activation_hook() you’ll see that all of the default settings are declared there.
If you change these to what you like (should be *fairly* straightforward), any new blogs that activate the plugin should pickup the new settings.
Because I use add_option, blogs that have already had the plugin activated before will not benefit from this change.
And, remember, if you do an upgrade in the future, those defaults will be reverted to my defaults (though your settings for existing blogs will be fine).
I hope this makes sense.
Clif
#80 by Stace at October 26th, 2009
Hi Clif,
Thanks for the reply! Swapping out the defaults as you mentioned does, indeed, work. But this is all for a K-8 elementary school where everything needs to be locked down. In other words, they will still be able to access the admin panel and mess with settings.
I think what I’d like to have is no admin panel and nothing writing to the db. I know this is totally NOT what your great piece of code is all about but any chance you could help me get there?
Thanks,
Stace
#81 by Clifton Griffin at October 26th, 2009
I’m not sure I understand. The users who need to login shouldn’t have access to the admin panel in any capacity? That seems to defeat the purpose.
If you don’t want them changing settings you could always set the default role to Subscriber or something incapable of making changes. (But, depending your setup, it is questionable they would even need to login at all if there role would be subscriber)
Maybe some more information would be helpful.
#82 by Stace at October 26th, 2009
Sorry to be confusing. The application is this: setting up WPMU for a specific class project in which each student will create their own website. When a student creates their blog(site), they are, of course, admin. Which is fine, up to a point.
We want them to have control over most aspects of their site but there are several backend areas I’d like them to stay out of and authentication is one of them. Because we’re a school, we require users to authenticate against our LDAP to get access – using your simple plugin. If the kids can modify it, they will, just to see what happens. So I would like to take out the settings page for the plugin and just configure within the plugin file.
Does that make sense? I want admins to have some access but not to this.
Thanks,
Stace
#83 by Clifton Griffin at October 26th, 2009
I understand now.
Unless you make them full admins, they won’t see the settings page. Make them Contributor or a more minor role like that.
The plugin is designed to only let administrators use the admin page.
#84 by Stace at October 26th, 2009
OK – thanks!
#85 by Dessie Lunsford at November 3rd, 2009
Can this plugin be configured for SSO with active directory?
We’re using an instance of WordPress MU and havent had any luck with any of the other LDAP plugins with passing in the currently logged in users credentials. Can this one auto log-in users?
Thanks,
Dez
#86 by Caleb Jeffery at November 6th, 2009
I love your plugin! it is simple and straight to the point.
I do have an issue though and not sure how to resolve it.
I have setup an internal blog site on our intranet. The thing is is that our intranet is on a wan where we have people on different domains that want to login.
Your plugin states that it can have mulitple domains but I can’t seem to get this working.
each of our domains requires a different Base DN
and after some testing i have discovered the suffix also plays a part.
Could this be a new feature request or am I missing something?
Thanks,
Caleb
#87 by Phillip at December 4th, 2009
This plugin is really great, but I’m having one problem implementing it.
When I navigate to the login page of my blog, an error message appears just above the normal Wordpress login box saying, “Error: The username field is empty.” If I then enter my domain credentials in the login box, it will accept them and log me in.
I’ve traced the error to line 72 of the Simple-LDAP-Login.php file. I can even hard-code a $username and $password value from AD into the file, and it will log me in.
Any ideas of how I can resolve this?
Thanks!
#88 by Clifton Griffin at December 5th, 2009
Hi Phillip,
This is a known issue. (http://traq.clifgriffin.com/simpleldap/ticket/7/) As it does not impede the functionality of the plugin in anyway, I have not spent a lot of time researching/fixing this.
It will be fixed in the next version though!
Clif
#89 by George at December 11th, 2009
Nice plugin! I’ve gotten it to work with AD (Win2003 R2 SP2) and Linux (Debian) apache2 and php5-ldap, etc. However, I’ve noticed accounts authenticate ONLY IF the Display Name = User Logon Name in the AD. Typically the Display Name is the user’s full name and not the Logon Name. Changing an AD db of users with accounts like this would be a major workaround.
I noticed this is the case for both login modes “Authenticate Wordpress users against LDAP” and “Create Wordpress account for anyone who successfully authenticates against LDAP”.
Any suggestions? Thanks.
#90 by Carlos at December 22nd, 2009
I am using Version 1.3.0.3, and have a problem when new blogs get created, the LDAP configuration is empty, and it has to be manually configured. The problem arises when the user needs to login from the blog’s own login page, it does not recognize the LDAP credentials, and gives me an “Incorrect password error”.
The plugin is activated site-wide, and still does not work
#91 by Dietmar at December 24th, 2009
Maybe useful for others (1.3.0.3): If you use OpenLDAP and created your entries with DN “cn=…,ou=…,o=…” be sure to change following line in Simple-LDAP-Login.php:
define (‘LOGIN’, ‘uid’);
to
define (‘LOGIN’, ‘cn’);
Maybe this should be a configuration option?
#92 by Brendan Kidwell at December 31st, 2009
I was able to patch this plugin to make it work with my company’s Domino server. Basically, use the OpenLDAP mode and make the following code changes:
In Simple-LDAP-Login.php, find every
$ldapbind = @ldap_bind($ldap, LOGIN .’=’ . $username . ‘,’ . BASE_DN, $password);
and change it to
$ldapbind = @ldap_bind($ldap, $username, $password);
And in Simple-LDAP-Login.php find every
$result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’ [...]
and change it to
$result = ldap_search($ldap, $ldapconfig['basedn'], ‘uid=’ . $username);
YMMV.
If enough people badger me, maybe I’ll fork the plugin, strip out the Active Directory stuff and just call it “Domino LDAP login” or something like that, and publish the fork.
#93 by Colleen at January 21st, 2010
Is is possible to change the LDAP password from within Wordpress? If I use the profile page it seems to only change the local user password.
#94 by Barry at January 30th, 2010
Should this work if I install php and then install php-ldap.i686 instead of compiling php with ldap support? According to the package descriptions, the php-ldap packages are supposed to add ldap support to php. I ask because I am unfamiliar with compiling.