WordPress.org

Author: Clifton H. Griffin II

Having a single login for every service is a must in large organizations. This plugin allows you to integrate Wordpress with LDAP quickly and easily.

Features

• Supports Active Directory and OpenLDAP (and other directory systems which comply to the LDAP standard, such as OpenDS)
• Includes three login modes:
• • Normal Mode: Authenticates existing wordpress usernames against LDAP. This requires you to create all Wordpress accounts manually using the same user names as those in your LDAP directory.
• • Account Creation Mode 1: Creates Wordpress accounts automatically for any LDAP user.
• • Account Creation Mode 2: Creates Wordpress accounts automatically for LDAP users in a specific Group you specify.
• Intuitive control panel.

Architecture

Simple LDAP Login redefines the main function Wordpress uses to authenticate users. In doing so, it makes several decisions.

• Is the provided username a valid Wordpress user?
• • If not, are we allowed to create a wordpress user?
• • • If we are, are we able to authenticate the username and password provided against LDAP?
• • • • If we are, does the user belong to the right (if any) group?
• • • • • If the user does, create the wordpress user and log the user in.
• • If the username is a valid wordpress user, is the password provided the same as the one in the Wordpress database?
• • • Is the security mode set to low or the username admin?
• • • • If so, log the user in.
• • • If not, do the provided credentials successfully authenticate against LDAP?
• • • • If so, is the user in the required groups? (if any)
• • • • • If so,log the user in.

This is simply a high level overview. The actual logic the plugin employs is more complex, but hopefully this gives you an idea, philosophically, about how the plugin accomplishes what it does.

Version History

Version 1.3.0.3

• Test form now implements wp_authenticate and uses the same routines as the actual login. This also means account creation and group membership are tested.
• Implemented stripslashes() to correct issue with some special characters such as a single quote and backslash.
• Wordpress account "admin" is now allowed to login using local password even when security mode is set to high. For safety.
• Made some minor wording changes to the admin panel.

Version 1.3.0.2.1

• Fixed case sensitivity issue that could result in multiple accounts. There may be lingering case insensitivity issues due to the get_userdatabylogin function being case-sensitive. We'll figure this out in due time.
• Sorry for posting two updates on the same day!

Version 1.3.0.2

• Fixes several tickets including role assignment, case sensitivity, and potential compatibility issues with other themes/plugins.
• Added security mode setting to allow security to be tightened.
• Changed auto created accounts to use a random password rather than the LDAP password given.
• Fixed error with the way announcements are displayed in the admin panel.
• More code clean up.

Version 1.3.0.1

• Never officially released.
• Contained code cleanup and some attempted fixes.

Version 1.3 Beta

• Support for both Active Directory and OpenLDAP.
• The ability to create wordpress users automatically upon login based on LDAP group membership OR by LDAP authentication alone.
• The ability to test domain settings straight from admin panel.
• Announcements pane that allows me to update you with fixes, cautions, new beta versions, or other important information.

Version 1.2.0.1:

• Changed required user level for admin page to 10, Administrators only.

Version 1.2:

• Implemented multiple domain controllers.
• Changed field sizes on admin page to be more user friendly.

Version 1.1:

• Moved settings to administration pages under settings.
• Upgraded to latest version of adLDAP 2.1.
• Got rid of credentials. (They are not neccessary for the authenticate function in adLDAP!)
• Plugin is now upgrade proof. Settings are stored using Wordpress's setting functions.

Version 1.0:

• Original release.