Comments on: Simple LDAP Login 1.3 for Wordpress

By: unicast

unicast — Thu, 04 Mar 2010 10:10:34 +0000

Hi! I’m tryin to authenticate via LDAP and got some troubles with my LDAP-tree with many ou-containers.
In example, i have containers ou=dev,ou=users,dc=examble and dc=com, ou=test,ou=users,dc=examble,dc=com
BASE_DN ou=users,dc=examble,dc=com
And authentication fails…
Here is small patch:

case “directory_ol”:
//OpenLDAP create all
$ldap = ldap_connect(LDAP_HOST, LDAP_PORT)
or die(“Can’t connect to LDAP server.”);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION);
$ureturn=@ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ’sn’, ‘givenname’, ‘mail’));
$uent=@ldap_first_entry($ldap, $ureturn);
$bn=@ldap_get_dn($ldap, $uent);
$ldapbind = @ldap_bind($ldap, $bn, $password);
if ($ldapbind == true)

case “directory_ol”:
//OpenLDAP create based on group
$ldap = ldap_connect(LDAP_HOST, LDAP_PORT)
or die(“Can’t connect to LDAP server.”);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION);
$ureturn=@ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ’sn’, ‘givenname’, ‘mail’));
$uent=@ldap_first_entry($ldap, $ureturn);
$bn=@ldap_get_dn($ldap, $uent);
$ldapbind = @ldap_bind($ldap, $bn, $password);
//$ldapbind = @ldap_bind($ldap, LOGIN .’=’ . $username . ‘,’ . BASE_DN, $password);
if ($ldapbind == true)

By: Clifton Griffin

Clifton Griffin — Tue, 23 Feb 2010 13:37:38 +0000

You placed it in the mu-plugins folder?

By: Carlos

Carlos — Tue, 23 Feb 2010 04:34:55 +0000

I am using Version 1.3.0.3, and have a problem when new blogs get created, the LDAP configuration is empty, and it has to be manually configured. The problem arises when the user needs to login from the blog’s own login page, it does not recognize the LDAP credentials, and gives me an “Incorrect password error”.

The plugin is activated site-wide, and still does not work

By: Clifton Griffin

Clifton Griffin — Mon, 22 Feb 2010 19:18:22 +0000

It seems to me that even if an installation is configured so it doesn’t need to bind to read group information, you would still be able to bind to read group information.

By: Barry

Barry — Mon, 22 Feb 2010 19:13:44 +0000

I think it is default behavior in a Windows domain. I first thought it would bind using the user login also, but that wasn’t the case. At least I couldn’t get it to work. I got a clue when a vendor setting up a different Linux application needed a bind login for there app to do the same. Thx.

By: Clifton Griffin

Clifton Griffin — Mon, 22 Feb 2010 18:38:43 +0000

A bind user wouldn’t matter for simple authentication. If you’re using group membership, it will try to bind with the user that’s logging in (I think).

Is your directory configured to prevent this? (I can’t imagine why this would be true…just asking)

By: Clifton Griffin

Clifton Griffin — Mon, 22 Feb 2010 18:37:28 +0000

Are all of the users in basically the same Forest/Tree/OU structure?

Or do you have users that are located at the same level in the directory that one works and the other doesn’t?

By: Clifton Griffin

Clifton Griffin — Mon, 22 Feb 2010 18:35:52 +0000

Yes.

Installing php-ldap would be preferable.

By: Barry

Barry — Mon, 22 Feb 2010 17:43:59 +0000

This wouldn’t work for our Active Directory because it does not use a Bind User for authenticating to AD. If this does not work for you you should try the Active Directory plugin, I did get it to work.

By: Kevin

Kevin — Mon, 22 Feb 2010 16:09:38 +0000

Oh, I forgot to mention. I am not limiting access to any specifc AD group. If you can authenticate to AD, it should create the account in Wordpress and allow the person in.