This plugin allows users to be authenticated via CAS, and logins to be controlled via LDAP.
THIS IS FOR DEVELOPMENT PURPOSES, NOT FOR USE ON PRODUCTION SITES
This plugin is meant to be a reference; I've talked to several people who have similar setups, and thought it would beneficial to share some code.
This plugin allows users to be authenticated via CAS, and logins to be controlled via LDAP. Default user roles can be assigned based on LDAP group membership, and accounts can be auto-created for users that exist in LDAP, but not yet in WordPress.
It assumes that, for CAS authentication, the user is redirected to an outside address, then back to the referring address; that's how it works where I'm at :-). You can also specify a group in LDAP that will always have admin privileges; useful for tech staff.
Before the plugin is used, the constants in
soj-ldap_constants.inc.php must be filled out. The CAS default password is the one the user is registered with in WordPress; so all WP users will have this password. Be aware of that. There is obviously more that could be done there, and I'm happy to work with others who have ideas.
I've adapted this from an in-house plugin I made, so there might be leftover code bits or things that look strange... feel free to harass me about that, I did this in a bit of a rush.
I've only ever used this plugin on one environment, so it might not work out-of-the-box for you. I'm interested in making this plugin more robust, however, so please let me know of any issues.
Contact me: firstname.lastname@example.org