http://wordpress.org/support/ WordPress › Support Tag: wpldap en Thu, 26 Nov 2009 02:41:06 +0000 http://wordpress.org/support/topic/129815#post-610156 Sat, 01 Sep 2007 22:40:20 +0000 andrisi 610156@http://wordpress.org/support/ <p>Thanks. In the meantime I succeeded with integrating my login system with WP, including autologin. </p> http://wordpress.org/support/topic/129814/page/2#post-609487 Fri, 31 Aug 2007 00:44:16 +0000 stephdau 609487@http://wordpress.org/support/ <p>Let's take this to <a href="http://groups.google.com/group/wpdirauth-support/msg/437acf108dcd1273" rel="nofollow">http://groups.google.com/group/wpdirauth-support/msg/437acf108dcd1273</a> </p> http://wordpress.org/support/topic/129814/page/2#post-609302 Thu, 30 Aug 2007 15:46:59 +0000 a5Ben 609302@http://wordpress.org/support/ <p>Thanks! We're just trying to find a blog application for our district and like many others LDAP authentication is required. I cant seem to get wpDirAuth to work with plain wordpress either. I get a message that the user cannot be authenticated in wordpress or the directory.</p> <p>Any ideas? </p> http://wordpress.org/support/topic/129814/page/2#post-609300 Thu, 30 Aug 2007 15:42:47 +0000 stephdau 609300@http://wordpress.org/support/ <p>@a5Ben: wpDirAuth is probably not MU ready (yet). </p> <p>We're focusing on standard WP for now.</p> <p>For WPMU/LDAP, see <a href="http://wpmudev.org/project/WPMU-LDAP-Authentication-Plug-in" rel="nofollow">http://wpmudev.org/project/WPMU-LDAP-Authentication-Plug-in</a></p> <p>PS: for the new version of wpDirAuth, see the message right above yours. </p> http://wordpress.org/support/topic/129814/page/2#post-609275 Thu, 30 Aug 2007 14:39:23 +0000 a5Ben 609275@http://wordpress.org/support/ <p>Where can I get the new version of this plugin? I would like to use LDAP with MU but I also wondered if there were any plans to include group based authentication? </p> http://wordpress.org/support/topic/129815#post-608654 Wed, 29 Aug 2007 04:01:19 +0000 stephdau 608654@http://wordpress.org/support/ <p>The closest I could think would be a plugin that integrates with something like <a href="http://www.pubcookie.org/" rel="nofollow">http://www.pubcookie.org/</a></p> <p>Another task for another time. :) </p> http://wordpress.org/support/topic/129814/page/2#post-608627 Wed, 29 Aug 2007 02:02:59 +0000 stephdau 608627@http://wordpress.org/support/ <p>There is also a support group located at <a href="http://groups.google.com/group/wpdirauth-support" rel="nofollow">http://groups.google.com/group/wpdirauth-support</a></p> <p>On another note, wpDirAuth has been accepted in the WordPress Plugin Directory, so the source repository is being moved to its final location at <a href="http://svn.wp-plugins.org/wpdirauth/" rel="nofollow">http://svn.wp-plugins.org/wpdirauth/</a></p> <p>As I understand it, wpDirAuth will therefore now be listed in the wordpress.org Plugin Finder at <a href="http://wordpress.org/extend/plugins/wpdirauth/" rel="nofollow">http://wordpress.org/extend/plugins/wpdirauth/</a> once released (ie: once a stable tag has been created). </p> http://wordpress.org/support/topic/129815#post-608088 Mon, 27 Aug 2007 17:56:04 +0000 andrisi 608088@http://wordpress.org/support/ <p>Can this plugin support auto-login, so the users don't have to click on "login" at all? I don't see how this can be implemented in WP. If you could do this, that would help a lot. Of coutrse this may be inapropriate for LDAP, since you don't know if someone is logged in to LDAP in a web browser. Still if you can suggest anything... Thanks. </p> http://wordpress.org/support/topic/129814/page/2#post-607635 Sun, 26 Aug 2007 13:43:14 +0000 stephdau 607635@http://wordpress.org/support/ <p>I have now setup a Google Group as a better collaboration channel for wpDirAuth.</p> <p>Join us. The water's great. :)</p> <p><a href="http://groups.google.com/group/wpdirauth-dev" rel="nofollow">http://groups.google.com/group/wpdirauth-dev</a> </p> http://wordpress.org/support/topic/129814/page/2#post-606541 Thu, 23 Aug 2007 03:56:55 +0000 stephdau 606541@http://wordpress.org/support/ <p>Oh, and I've committed the new SAFE vs STANDARD modes yesterday.</p> <p>wpDirAuth now tries to detect conflicting plugins by seeing if the wp_login and wp_setcookie functions have already been overwritten.</p> <p>If so, wpDirAuth starts in pseudo safe mode, with a warning message stating so in place of the config panel.</p> <p>Note that we can't detect if another plugin tries to overwrite these function after wpDirAuth has done so (only allowed once in WP, for understandable reasons) </p> http://wordpress.org/support/topic/129814/page/2#post-606540 Thu, 23 Aug 2007 03:49:06 +0000 stephdau 606540@http://wordpress.org/support/ <p>@rbulling: Hey R, thanks for joining in. I've reviewed the patch and applied it in rev. 350 tonight.</p> <p>I'll take all the copy and docs editing support I can get so I can focus on the code. :)</p> <p>And a public thanks for the licensing info in our off-thread discussions. </p> http://wordpress.org/support/topic/129814#post-606158 Wed, 22 Aug 2007 14:01:10 +0000 rbulling 606158@http://wordpress.org/support/ <p>I've done an initial code review before installing the software, and it looks good.</p> <p>Please see <a href="http://www.pkrinternet.com/~rbulling/private/wpDirAuth-copyedit-vs-rev-346.patch">this copy editing patch</a> that corrects a few English usage and punctuation problems.</p> <p>-Richard Bullington-McGuire </p> http://wordpress.org/support/topic/129814#post-605972 Tue, 21 Aug 2007 23:22:19 +0000 stephdau 605972@http://wordpress.org/support/ <p>I have now commited the changes:</p> <ul> <li>better redirection (thanks tabeverly)</li> <li>new optional terms of services acceptance concept</li> </ul> <p>See:</p> <ul> <li><a href="http://tekartist.org/labs/wordpress/plugins/wpdirauth/">Project page</a></li> <li><a href="http://labs.tekartist.org/wordpress/svn/branches/dev/plugins/wpDirAuth/">Development branch</a></li> <li><a href="http://labs.tekartist.org/wordpress/wpdirauth/phpdocs/">Code docs</a></li> </ul> <p>I'll work on the readme and credits file tonight, as well as on packaging the upcoming 1.0rc1. Maybe it'll just be 1.0, since I'm about to roll it into production at my institution anyway. </p> http://wordpress.org/support/topic/129814#post-605630 Tue, 21 Aug 2007 05:13:36 +0000 stephdau 605630@http://wordpress.org/support/ <p>@tabeverly: I have modified the code with your patch (only slightly tweaked), but I forgot to commit it before starting on something else (addition of optional TOS agreement step). Ooops.</p> <p>I'll commit the whole thing when I'm done with it tomorrow, and I think it might just be time to start packaging 1.0rc1, which I will start running on a pilot project WP install in my institution. The latter is in production, but less high visibility than others soon to come.</p> <p>On a separate note, feel free to drop me an email at labs [at] tekartist [dot] org with whatever references you want listed in the credit files. :)</p> <p>But for now, it's 1AM, time to snooze. Ciao. </p> http://wordpress.org/support/topic/129814#post-605488 Mon, 20 Aug 2007 22:05:44 +0000 stephdau 605488@http://wordpress.org/support/ <p>@tabeverly: Ah, excellent.</p> <p>re: quality: Trust me, I've seen worst PHP coming out of much more experienced developers (yes, me included :).</p> <p>I might just use your patch, but I'll first take a look at an ultra portable PHP project I worked on a few years ago (netjuke) because I know I've had to deal with something like that in there(some vars are not available on Windows, etc). The latter would ahve the benefit to have been tested on a slew of platforms and to insure we end up with the best support possible. Having been coding PHP for *nix exclusively in the last few years, it escaped me in this one. :)</p> <p>I'll post later tonight. </p> http://wordpress.org/support/topic/129814#post-605423 Mon, 20 Aug 2007 19:21:29 +0000 tabeverly 605423@http://wordpress.org/support/ <p>@stephdau: I was just going to write in and tell you the $_SERVER["SCRIPT_URI"] isn't set for my php via apache.<br /> I was able to cobble this up from various sources. It seems to work for me: </p> <pre><code>function wpDirAuth_login_form_extra() { if(get_option(&quot;dirAuthEnable&quot;)){ $self_url = sprintf(&#39;http%s://%s%s&#39;, (isset($_SERVER[&#39;HTTPS&#39;]) &#38;&#38; $_SERVER[&#39;HTTPS&#39;] == &#39;on&#39; ? &#39;s&#39; : &#39;&#39;), $_SERVER[&#39;HTTP_HOST&#39;], $_SERVER[&#39;REQUEST_URI&#39;]); //if(get_option(&quot;dirAuthRequireSsl&quot;) &#38;&#38; (!preg_match(&#39;|^https|&#39;,$_SERVER[&quot;SCRIPT_URI&quot;]))){ if(get_option(&quot;dirAuthRequireSsl&quot;) &#38;&#38; (!preg_match(&#39;|^https|&#39;,$self_url))){ $location = str_replace(&#39;http://&#39;,&#39;https://&#39;,$self_url); $refreshMeta = &#39;&lt;meta http-equiv=&quot;refresh&quot; content=&quot;0;url=&#39;.$location.&#39;&quot; /&gt;&#39;; $refreshMsg = &#39;Please access the &lt;a href=&quot;&#39;.$location.&#39;&quot;&gt;encrypted version&lt;/a&gt; of this page.&#39;; if(@ob_end_clean()){ //$location = str_replace(&#39;http://&#39;,&#39;https://&#39;,$_SERVER[&quot;SCRIPT_URI&quot;]); if( (@header(&#39;Location:&#39;.$location)) == false){ echo &#39;&lt;html&gt;&lt;head&gt;&#39;.$refreshMeta.&#39;&lt;/head&gt;&#39; . &#39;&lt;body&gt;&#39;.$refreshMsg.&#39;&lt;/body&gt;&lt;/html&gt;&#39;; }</code></pre> <p>Please excuse the sloppy coding, it's my first attempt at php programming.<br /> Also, I moved the $location line up to just under the <code>get_option(&quot;dirAuthRequireSsl&quot;)</code> line so that it's set for the str_replace. As you say, there may be a variable set that has the value of my calculated $self_url and I'll keep looking. </p> http://wordpress.org/support/topic/129814#post-605400 Mon, 20 Aug 2007 17:57:10 +0000 stephdau 605400@http://wordpress.org/support/ <p>@tabeverly: Thanks for your continued support. :)</p> <p>All the "Require SSL login" should be doing is to scan if the current login screen URL starts https, and redirect to the same URL under https if not. I haven't tested it too much but it seemed to work in my tests.</p> <p>See the first few line of wpDirAuth_login_form_extra(). A potential issue would be if the built-in $_SERVER["SCRIPT_URI"] PHP pre-defined variable is somehow not available in your instance. Could you edit wpDirAuth.php and add something like the following code bits around line 438 of the current dev version (right after if(get_option("dirAuthRequireSsl")...) and tell me what the result is?</p> <p>var_dump($_SERVER["SCRIPT_URI"]); exit;</p> <p>It might just be a matter of using another PHP var that would always contain the accessed protocol. </p> http://wordpress.org/support/topic/129814#post-605354 Mon, 20 Aug 2007 16:20:16 +0000 tabeverly 605354@http://wordpress.org/support/ <p>@stephdau: Update. Login via LDAPv3 server now works great! The only thing that isn't working for me is the option to "Require SSL Login" (Options/Directory Authentication Options/Wordpress Settings/Require SSL Login). When I enable it the Login page constantly refreshes and the url parameter in the meta tag is blank :&lt;meta http-equiv="refresh" content="0;url=" /&gt;&lt;p&gt;Please access the <a href="">encrypted version</a> of this page.&lt;/p&gt;. It could be something strange on my server (again.) I'll keep looking..... </p> http://wordpress.org/support/topic/129814#post-605321 Mon, 20 Aug 2007 15:22:34 +0000 tabeverly 605321@http://wordpress.org/support/ <p>@stephdau: There was an odd ball permissions problem with my certificate authority (CA) file in apache. It looks like PHP is using the apache variable LDAPTrustedCA to pick up the CA and the CLI was using the ldap.conf files. In any case, http/PHP/LDAPs is now working on my system and I'm trying wpDirAuth again. </p> http://wordpress.org/support/topic/129814#post-604708 Sat, 18 Aug 2007 16:52:16 +0000 stephdau 604708@http://wordpress.org/support/ <p>@tabeverly: I didn;t offer before because I don't know your level of sysadmin expertize, but feel free to let me know if you need help troubleshooting the CLI v. http you're having with PHP.</p> <p>On another note, I've published the wpDirAuth code doc, if anyone is interested: <a href="http://labs.tekartist.org/wordpress/wpdirauth/phpdocs/" rel="nofollow">http://labs.tekartist.org/wordpress/wpdirauth/phpdocs/</a> </p> http://wordpress.org/support/topic/129814#post-604526 Fri, 17 Aug 2007 22:59:08 +0000 stephdau 604526@http://wordpress.org/support/ <p>While wpDirAuth is being peer reviewed, I released another plugin I use on my site. :)</p> <p><a href="http://tekartist.org/labs/wordpress/plugins/wpredirect/" rel="nofollow">http://tekartist.org/labs/wordpress/plugins/wpredirect/</a> </p> http://wordpress.org/support/topic/129814#post-604146 Fri, 17 Aug 2007 06:07:12 +0000 stephdau 604146@http://wordpress.org/support/ <p>@tabeverly: good luck. Let me know how it goes. :) </p> http://wordpress.org/support/topic/129814#post-604013 Thu, 16 Aug 2007 20:32:34 +0000 tabeverly 604013@http://wordpress.org/support/ <p>Hi,<br /> Update: I looked at the changes and I <em>think</em> that they'll work OK. There is something odd in my php web installation that I'm working on. I wrote a php routine the does ldap and ldaps OK from command line but only ldap, (not ldaps) works when I run it as a web page in apache. Once I get that straightened out, I'll try the module again. </p> http://wordpress.org/support/topic/129814#post-603936 Thu, 16 Aug 2007 18:10:40 +0000 stephdau 603936@http://wordpress.org/support/ <p>@koelly: thanks for the quick note. Glad it can be of use. :) </p> http://wordpress.org/support/topic/129814#post-603915 Thu, 16 Aug 2007 17:36:12 +0000 koelly 603915@http://wordpress.org/support/ <p>Just wanted to say thank you!<br /> I am new to openLDAP, but your PlugIn works perfect!</p> <p>I didn't take it do a online site, but i sure will do in near future</p> <p>Thx!<br /> Koelly </p> http://wordpress.org/support/topic/129814#post-603681 Thu, 16 Aug 2007 04:55:52 +0000 stephdau 603681@http://wordpress.org/support/ <p>SVN Rev. #309</p> <p>Extra error checking and handling tweaks + cleaned up error messages format for easier future localization. </p> http://wordpress.org/support/topic/129814#post-603659 Thu, 16 Aug 2007 03:26:27 +0000 stephdau 603659@http://wordpress.org/support/ <p>SVN Rev. #308</p> <p>Added extra security check to make sure only one account is returned during the profile search in wpDirAuth_auth, before returning to wp_login. Better safe than sorry. </p> http://wordpress.org/support/topic/129814#post-603657 Thu, 16 Aug 2007 03:05:54 +0000 stephdau 603657@http://wordpress.org/support/ <p>Oh, hadn't refreshed the page before posting my last comment and I missed your added info.</p> <p>The code I added will only really help if the username we search for anonymously matches the unique identifier defined in the account filter. This actually translates to sentUsername + accountSuffix if setup in the wpDirAuth prefs [optional].</p> <p>Here's an example which might help you with part involving locating the user's profile, whether for dn pre-mapping (added code), or binding:</p> <p>In what I've seen in other php/ldap related code, people seem to default the field on which we try to locate the profile with to samAccountName (hence the default in wpDirAuth), which seems to be assumed to be the same value as the username used to bind with.</p> <p>In my context, the samAccount is in one form, but the username used to bind (first.last@myDomaincontroller, not full dn) with simple auth actually matches a field named userPrincipalName.</p> <p>So in my setup, I expect users to enter first.last@myDomainController, leave the Account Suffix pref empty (since we have multiple ones), and set my Account Filter to userPrincipalName.</p> <p>As an aside, I'm realizing that I need to make sure the added code didn't open a hole if the anonymous search returns more than one entry, since we ultimately default to entry[0] when returning to wp_login. </p> http://wordpress.org/support/topic/129814#post-603649 Thu, 16 Aug 2007 02:34:39 +0000 stephdau 603649@http://wordpress.org/support/ <p>The snag I'm hitting with implementing the solution you suggested is that on my side, my dir server won't let me search without binding... The old chicken and egg thing. :)</p> <p>Soooo, what I did was to try and couple both approaches.</p> <p>Since there was already an anonymous bind being performed in the connection pool loop, I'm trying an anonymous search on success, trying to retrieve the targeted user's full dn.</p> <p>If the profile is located, user binding is performed with the full dn, or we try the sent username instead.</p> <p>See lines 363-368 in the updated version available in SVN.</p> <p>Is that solving it for you?</p> <p>On another note, could you post details about your setup?<br /> OS, dir server type, ldap configs with "Blah Corp" instead of your company's info where it matters, etc?</p> <p>PS: I'm in Montreal, and can only devote time to this in the evening, hence my posting timeframe. :) </p> http://wordpress.org/support/topic/129814#post-603644 Thu, 16 Aug 2007 02:30:20 +0000 tabeverly 603644@http://wordpress.org/support/ <p>I glanced at the post. I am using OpenLDAP (on Linux). The problem is for our LDAP is that the DNs are not the same for all users. We also have an "l=" parameter (location??) that will differ depending on the user. Mine is l=US others have l=GB, etc. The users wouldn't necessarily know about this parameter. I wrote a simple php routine to test out ldaps and I couldn't bind with password without the l=US in my DN. I'll do some more experimenting tomorrow when I get into work. </p>