Posts Tagged plugins
Simple LDAP Login 1.3 for WordPress
Posted by clifgriffin in Code on May 13th, 2009
Find a bug?
If you believe you have found a bug, please open a ticket here. This will allow me to track the issue as a single issue and others to comment and give feedback.
I’m finding it difficult to discern user error from bug from configuration differences among different installations. All of this will lead to a quicker turn around for reported issues. Isn’t that cool?
This article only deals with version 1.3 and later. To view and discuss issues pertaining to version 1.2 and prior, click here.
Integrating WordPress with LDAP shouldn’t be difficult. Now it isn’t.
Simple LDAP Login provides the features you need with the simple configuration you want. It has everything you need to get started today.
Features
- Supports Active Directory and OpenLDAP (and other directory systems which comply to the LDAP standard, such as OpenDS)
- Includes three login modes:
- Normal Mode: Authenticates existing wordpress usernames against LDAP. This requires you to create all WordPress accounts manually using the same usersnames as those in your LDAP directory.
- Account Creation Mode 1: Creates WordPress accounts automatically for any LDAP user.
- Account Creation Mode 2: Creates WordPress accounts automatically for LDAP users in a specific Group you specify.
- Intuitive control panel.
Architecture
Simple LDAP Login redefines the main function WordPress uses to authenticate users. In doing so, it makes several decisions.
- Is the provided username a valid WordPress user?
- If not, are we allowed to create a wordpress user?
- If we are, are we able to authenticate the username and password provided against LDAP?
- If we are, does the user belong to the right (if any) group?
- If the user does, create the wordpress user and log the user in.
- If we are, does the user belong to the right (if any) group?
- If we are, are we able to authenticate the username and password provided against LDAP?
- If the username is a valid wordpress user, is the password provided the same as the one in the WordPress database?
- Is the security mode set to low or the username admin?
- If so, log the user in.
- If not, do the provided credentials successfully authenticate against LDAP?
- If so, is the user in the required groups? (if any)
- If so, log the user in.
- If so, is the user in the required groups? (if any)
- Is the security mode set to low or the username admin?
- If not, are we allowed to create a wordpress user?
This is simply a high level overview. The actual logic the plugin employs is more complex, but hopefully this gives you an idea, philosophically, about how the plugin accomplishes what it does.
Installation
- Upload the directory “simple-ldap-login” to the `/wp-content/plugins/` directory
- Activate the plugin through the ‘Plugins’ menu in WordPress
- Immediately update the settings to those that best match your environment by going to Settings -> Simple LDAP Login
- If you don’t get the settings right the first time…don’t fret! Just use your wordpress credentials…they will always work! (See security section)
The control panel.
Frequently Asked Questions
Other than WordPress, what does my system require?
If you are using Active Directory, you will probably need PHP 5. This is because I’m using adLDAP 3.0 to do my Active Directory integration. As far as I know, the rest of the code should work with PHP 4. It is also possible that the functionality I’m using with adLDAP 3.0 does not depend directly on PHP 5. Your mileage may vary.
Other than that, it is imperative that your installation of PHP be compiled with LDAP. Without it you may see errors referencing undefined functions like “ldap_connect”. You can view more information about PHP and LDAP here.
How do I know what the correct settings are?
I have tried to make the settings as self-explanatory as possible. If you are struggling figuring them out, you may need to speak with your LDAP administrator. I realize this is an obnoxious response, but there is no good, fail proof way to help you discover these settings. A good place to start, if you’re feeling daring, might be to use ADSIEdit for Windows and Active Directory, or GQ for Linux and OpenLDAP.
It’s still not working, what other things can I try?
If you are confident your settings are correct and it still does not work, it may be time to check for port or firewall issues. If your LDAP server is running on a non-standard port or an obsolete version of the LDAP protocol you are going to have issues. Port 389 is the port this plugin, and nearly every other LDAP enabled software expects. They are also expecting protocol version 3. If you are using an old version of LDAP or running a non-standard port you may need to modify the code that the plugin runs or update your LDAP installation.
Unfortunately I can’t be relied upon to assist with these types of requests. I chose not to support these scenarios because they are infrequent and because they confuse everyone else.
I took all of your advice, it’s still not working!
Post your question in the comments below, or e-mail me: me[at]clifgriffin.com
I’ll do my best to get you up and running!
How can I donate?
If you would like to donate to this project, please visit the donations page.
Roadmap/Security Issues
The following features and concerns will be addressed in coming versions.
- Potentially allow the provision of an admin password for binding to domains with tighter security.
- Potentially Support TLS
- Look into supporting non-standard LDAP installations
- Code cleanup to improve readability, on-going maintenance.
Download Now – Updated 8/04/2009
Click here to download Simple LDAP Login 1.3.0.3 from the WordPress plugin directory.
Simple LDAP Login 1.3 Beta Released
Posted by clifgriffin in Technology on May 12th, 2009
Simple LDAP Login 1.3 Beta has been posted. The new version supports integrated user creation based on LDAP authentication, group membership, or the original mode. Additionally, I have implemented Olivier Fontes’ MXC LDAP plugin into my plugin. In theory, this should add support for OpenLDAP. It is important to note, however, that I have NOT been able to test any OpenLDAP scenarios. The code logic makes sense to me, but I am 100% confident there will be issues that come up. I’m counting on you guys to help me out in testing this.
The new version seems to work flawlessly in Active Directory. I will be posting a complete description of how the new plugin works philosophically soon. Until now, I believe it should be fairly self-explanatory.
The new version is available under the versions link on the right. I have not made it the primary release because it is in beta at this point and many features have not been tested adequately.
Official WordPress Download Link
Main Page
Please post all issues you find in the comments or e-mail me at me[at]clifgriffin.com.
Simple LDAP Login 1.2
Posted by clifgriffin in Technology on December 20th, 2008
I spent a few minutes updating Simple LDAP Login to support multiple domain controllers. Thanks to commenter babul for reminding me to include this feature!
How To Fix WordPress Automatic Upgrades in WordPress 2.5. – 2.7 (Plugins and WordPress)
Posted by clifgriffin in Technology on December 9th, 2008
Note: These instructions assume Apache is running as the user apache under the group apache. This may not be how your installation is setup. For instance, my MediaTemple account runs apache under the user clifgriffin.com and the group clifgriffin.com. Your mileage may vary. Substitute your user and group for apache and apache in the instructions below.
If you’re looking for a quick solution, skip down to “The easy way”.
I manage three WordPress installations currently. Two are personal. One is for my employer. The personal installations are hosted with MediaTemple. The other is hosted internally on a Dell server with RedHat.
Quite awhile ago, I upgraded this WordPress installation to 2.5.1. At the time, I noticed that automatic plugin upgrades were not functioning, but I didn’t bother to figure out why. After I upgraded to 2.7-RC1, I noticed that the same fate had befell WordPress upgrades. I couldn’t automatically upgrade WordPress or plugins.
When trying to upgrade, I would be presented with a screen asking for my FTP information, including hostname, username, and password.
So, today, armed with absolutely nothing else to do, I decided to attempt to fix this problem. Initially, I was suspicious that the only way WordPress can do upgrades is by utilizing an ftp server on the current machine. Fortunately, this was not the case–in fact its the last resort. While a few Google searches turned up nothing initially, I eventually found this which led me to this. In this article, Keith outlays a few steps to fix this (if you need to fix this, do not perform the following steps…there is an easier way…read on):
- Change the group for the
wp-content/pluginsdirectory toapache. - Manually define a
WP_TEMP_DIR - Set write permissions for this folder and assign
apacheas the group for this folder as well. - Lastly, he recommends replacing the function
getmyuid()withposix_getuid()inwp-admin/includes/file.php
This last step he identifies as either a bug or a feature. (He isn’t sure which.)
These steps seemed to fix the problem–especially the last one–but I wasn’t satifised the result. I’m using WordPress 2.7-RC1…that means this problem has persisted two major versions. I decided to investigate further.
As Keith explaisn, getmyuid() and posix_getuid() return two different things. getmyuid() returns the UID of the person who owns the script that is running. posix_getuid() returns the UID of the process running the script. This led me to believe that the underlying problem was not a bug and simply an issue of file ownership.
The easy way:
I reverted the changes to /wp-admin/includes/file.php and proceeded to do a recursive ownership change across my whole WordPress installation. I also made sure that wp-content/ was user writeable. Simply put, run the following commands from the directory in which WordPress is installed:
chown -R apache:apache * chmod 755 wp-content/
The first command sets both the owner and group of all files and folders in the current directory to apache. It is important to do this because WordPress uses the apache user to accomplish the upgrade. If any of the files are owned by your user, root, or anyone else, it will fail.
After I made these changes, I was able to do all upgrades (both plugins and WordPress) with no issues. Keith’s instructions are very nearly correct. They simply overlook the owner and focus on the group. The group may be important, but it isn’t the problem in this scenario.
If you do not have root access…
If you do not have root access, you will not be able to change ownership of the files. You should be able to compensate for this with more liberal permissions.
If this is true for you, try setting wp-content/ to 775 instead of 755.
So, in short to enable automatic plugin upgrades on WordPress 2.5.1 and later:
- Change owernship and group of all WordPress files to apache.
- Make sure the
wp-content/directory is writeable byapache.
[Thanks to commenter Daniel for non-root user instructions.]
Recent Comments