Posts Tagged adLDAP
Simple LDAP Login 1.3 for WordPress
Posted by clifgriffin in Code on May 13th, 2009
Find a bug?
If you believe you have found a bug, please open a ticket here. This will allow me to track the issue as a single issue and others to comment and give feedback.
I’m finding it difficult to discern user error from bug from configuration differences among different installations. All of this will lead to a quicker turn around for reported issues. Isn’t that cool?
This article only deals with version 1.3 and later. To view and discuss issues pertaining to version 1.2 and prior, click here.
Integrating WordPress with LDAP shouldn’t be difficult. Now it isn’t.
Simple LDAP Login provides the features you need with the simple configuration you want. It has everything you need to get started today.
Features
- Supports Active Directory and OpenLDAP (and other directory systems which comply to the LDAP standard, such as OpenDS)
- Includes three login modes:
- Normal Mode: Authenticates existing wordpress usernames against LDAP. This requires you to create all WordPress accounts manually using the same usersnames as those in your LDAP directory.
- Account Creation Mode 1: Creates WordPress accounts automatically for any LDAP user.
- Account Creation Mode 2: Creates WordPress accounts automatically for LDAP users in a specific Group you specify.
- Intuitive control panel.
Architecture
Simple LDAP Login redefines the main function WordPress uses to authenticate users. In doing so, it makes several decisions.
- Is the provided username a valid WordPress user?
- If not, are we allowed to create a wordpress user?
- If we are, are we able to authenticate the username and password provided against LDAP?
- If we are, does the user belong to the right (if any) group?
- If the user does, create the wordpress user and log the user in.
- If we are, does the user belong to the right (if any) group?
- If we are, are we able to authenticate the username and password provided against LDAP?
- If the username is a valid wordpress user, is the password provided the same as the one in the WordPress database?
- Is the security mode set to low or the username admin?
- If so, log the user in.
- If not, do the provided credentials successfully authenticate against LDAP?
- If so, is the user in the required groups? (if any)
- If so, log the user in.
- If so, is the user in the required groups? (if any)
- Is the security mode set to low or the username admin?
- If not, are we allowed to create a wordpress user?
This is simply a high level overview. The actual logic the plugin employs is more complex, but hopefully this gives you an idea, philosophically, about how the plugin accomplishes what it does.
Installation
- Upload the directory “simple-ldap-login” to the `/wp-content/plugins/` directory
- Activate the plugin through the ‘Plugins’ menu in WordPress
- Immediately update the settings to those that best match your environment by going to Settings -> Simple LDAP Login
- If you don’t get the settings right the first time…don’t fret! Just use your wordpress credentials…they will always work! (See security section)
The control panel.
Frequently Asked Questions
Other than WordPress, what does my system require?
If you are using Active Directory, you will probably need PHP 5. This is because I’m using adLDAP 3.0 to do my Active Directory integration. As far as I know, the rest of the code should work with PHP 4. It is also possible that the functionality I’m using with adLDAP 3.0 does not depend directly on PHP 5. Your mileage may vary.
Other than that, it is imperative that your installation of PHP be compiled with LDAP. Without it you may see errors referencing undefined functions like “ldap_connect”. You can view more information about PHP and LDAP here.
How do I know what the correct settings are?
I have tried to make the settings as self-explanatory as possible. If you are struggling figuring them out, you may need to speak with your LDAP administrator. I realize this is an obnoxious response, but there is no good, fail proof way to help you discover these settings. A good place to start, if you’re feeling daring, might be to use ADSIEdit for Windows and Active Directory, or GQ for Linux and OpenLDAP.
It’s still not working, what other things can I try?
If you are confident your settings are correct and it still does not work, it may be time to check for port or firewall issues. If your LDAP server is running on a non-standard port or an obsolete version of the LDAP protocol you are going to have issues. Port 389 is the port this plugin, and nearly every other LDAP enabled software expects. They are also expecting protocol version 3. If you are using an old version of LDAP or running a non-standard port you may need to modify the code that the plugin runs or update your LDAP installation.
Unfortunately I can’t be relied upon to assist with these types of requests. I chose not to support these scenarios because they are infrequent and because they confuse everyone else.
I took all of your advice, it’s still not working!
Post your question in the comments below, or e-mail me: me[at]clifgriffin.com
I’ll do my best to get you up and running!
How can I donate?
If you would like to donate to this project, please visit the donations page.
Roadmap/Security Issues
The following features and concerns will be addressed in coming versions.
- Potentially allow the provision of an admin password for binding to domains with tighter security.
- Potentially Support TLS
- Look into supporting non-standard LDAP installations
- Code cleanup to improve readability, on-going maintenance.
Download Now – Updated 8/04/2009
Click here to download Simple LDAP Login 1.3.0.3 from the WordPress plugin directory.
Simple LDAP Login Updated to Version 1.1
Posted by clifgriffin in Technology on December 3rd, 2008
Official WordPress Link
Full details are here.
You can upgrade from the wordpress plugin page, or download it here:
Simple LDAP Login 1.2 WordPress Plugin
Posted by clifgriffin in Technology on October 28th, 2008
This page contains information about an older version of Simple LDAP Login. While this version is stable and I encourage you to use it if you would like to, please note that the current version is being discussed and supported here.
If you have used this plugin (successfully or unsuccessfully), please leave me some feedback below. Doing so will help me help others who may be experiencing problems I am not aware of! Alternatively, you can e-mail me at webmaster[at]clifgriffin.com.
Official WordPress Link
Having a single login for every service is a must in large organizations. This plugin is a very simple. It authenticates your wordpress username against LDAP using the same username. It does this by redefining the wp_authenticate function and adding a simple hook to adLDAP. The logic goes like this:
- If wordpress login fails, try adLDAP.
- If adLDAP succeeds, login.
- Else, fail.
Your WordPress usernames MUST be the same as your LDAP usernames for this to work!
Background
In times past, our organization used a custom hack of wp-login.php that allowed us to implement adLDAP. This was not an upgrade proof solution. In the recent round of upgrades, I tried several purported LDAP plugins. Some of them didn’t work at all. Some of them worked but didn’t provide the exact functionality I desired.
Version History
Version 1.2.0.1
- Fixed security issue. Now only administrators can access admin pages.
Version 1.2
- Implemented multiple domain controllers.
- Changed field sizes on admin page to be more user friendly.
Version 1.1
- Moved settings to administration pages under settings.
- Upgraded to latest version of adLDAP 2.1.
- Got rid of credentials. (They are not neccessary for the authenticate function in adLDAP!)
- Plugin is now upgrade proof. Settings are stored using WordPress’s setting functions.
Version 1.0
- Original release.
Installation (new instructions 1.1+)
- Upload the directory “simple-ldap-login” to the `/wp-content/plugins/` directory
- Activate the plugin through the ‘Plugins’ menu in WordPress
- Immediately update the settings to those that best match your environment by going to Settings -> Simple LDAP Login
- If you don’t get the settings right the first time…don’t fret! Just use your wordpress credentials…they will always work!
Change the settings under Settings -> Simple LDAP Login
Installation (old instructions)
- Upload the directory “simple-ldap-login” to the `/wp-content/plugins/` directory
- Customize settings by modifying adLDAP.php in /plugins/simple-ldap-login/
- Activate the plugin through the ‘Plugins’ menu in WordPress
Note: You may wish to create a backup of adLDAP.php once you’re done. Automatic plugin updates might overwrite this file and make upgrades more difficult.
Frequently Asked Questions
Will you be moving the settings to the admin panel?Version 1.1 accomplished this.
At some point. These settings are not frequently changed however and a competent system administrator should not have any issues with configuration.I noticed you’re using adLDAP 1.4. Why?Version 1.1 upgraded adLDAP to 2.1
This is the version my organization was using previously and it was very easy to simply copy over. It should work fine. If there are issues with this version that affect you, let me know and I’ll investigate.- It’s not working, what am I doing wrong?
- Make sure PHP is compiled with LDAP. If it is, running phpinfo should reveal a section entitled LDAP and it should indicate that it is enabled.
- Make absolutely sure your setttings are right and that your server can talk to your domain controller.
- Make sure your wordpress user accounts are the same as the LDAP user accounts you wish to use. This plugin does not bypass wordpress user accounts…just wordpress user account passwords! - It’s still not working? How can I get help?
There are two ways. You can post a comment below or you can e-mail me: webmaster[at]clifgriffin.com. I will respond as soon as I can. - Can feature x be added
Probably! E-mail me: webmaster[at]clifgriffin.com
Download it now…
Simple LDAP Login 1.2.0.1 for WordPress 2.7.1
Recent Comments