WordPress.org

Ready to get started?Download WordPress

Forums

Active Directory Integration
Need to also enter Bind DN and Bind Password (6 posts)

  1. garymgordon
    Member
    Posted 10 months ago #

    My connection to LDAP requires that I enter the Bind DN and Bind Password.

    How and where can I enter this information?

    Gary

    http://wordpress.org/plugins/active-directory-integration/

  2. jrebelo
    Member
    Posted 9 months ago #

    Hi,

    I'm having the same problem here.
    Did you got any solution on how to do this?

    Anyone else have some ideas on how to do this?

    Regards
    João

  3. jrebelo
    Member
    Posted 9 months ago #

    An update..
    after some hours at the code I've managed to authenticate, but properties are not comming.

    I've changed at /ad_ldap/adLDAP.php the line
    $this->_bind = @ldap_bind($this->_conn, $username . $this->_account_suffix, $password);

    into this:
    $this->_bind = @ldap_bind($this->_conn, "uid=" . $username, $password);

    since the ldap I'm connecting on seems not to authenticate by mail address (??) but by the uid.

    My problem now is on the stage to load attributes. I've tried using by setting, and not setting, the user as described here: http://wordpress.org/support/topic/need-the-bind-user?replies=11

    in both cases it showed:

    [NOTICE] Authentication successfull for "jrebelo"
    [NOTICE] cleaning up failed logins for user "jrebelo"
    [DEBUG] ATTRIBUTES TO LOAD: Array
    (
    [0] => cn
    [1] => givenname
    [2] => sn
    [3] => displayname
    [4] => description
    [5] => mail
    [6] => samaccountname
    [7] => userprincipalname
    [8] => useraccountcontrol
    )

    [DEBUG] USERINFO[0]:

    [ERROR] This user exists in Active Directory, but has not been granted access to this installation of WordPress.

    By looking at the code, seems that after login the user info is obtained, using the adLdap.php / user_info method, which creates a filter like:

    if ($isGUID === true) {
    $username = $this->strguid2hex($username);
    $filter="objectguid=".$username;
    }
    else if (strstr($username, "@")) {
    $filter="userPrincipalName=".$username;
    }
    else {
    $filter="samaccountname=".$username;
    }

    to use on ldap_search. By browsing my LDAP entry, I don't see this attributes (should I see it??)
    Also I've replaced this to look by $filter="uid=".$username; but it still doesn't work.

    My question is what might be missing so that the user info can be obtained?
    Might this be the cause for the failure or should I be looking to some other code part?

    Thanks for the help!

    ps: I'm not a PHP Developer, neither I've any know-how on LDAP...so I don't quite know if these changes are the way to solve this! but it seems that some advance has been achieved..

  4. jrebelo
    Member
    Posted 9 months ago #

    ok...it seems like I'm not a person in this LDAP...

    by removing the line: $filter = "(&(objectCategory=person)({$filter}))";

    and keeping the

    $filter="(uid=".$username.")";

    already can see my details.

    But still I have the error:
    [ERROR] This user exists in Active Directory, but has not been granted access to this installation of WordPress.

    My guess is that some other code must be reviewed...
    I'll try to take a look, but any suggestions? :)

  5. jrebelo
    Member
    Posted 9 months ago #

    FINALLY GOT IT!!

    at this stage it was only missing to allow the plugin to create the user (sorry but not the most intuitive error message..)

    so, the point is..can this behavior (option to authenticate and filter by uid) be integrated at the plugin?

  6. Wes Crow
    Member
    Posted 6 months ago #

    The adLDAP library has protected variables that can be overwritten to accomplish this administrative bind:

    // from file: wp-content\plugins\active-directory-integration\ad_ldap\adLDAP.php
    
       /**
        * Optional account with higher privileges for searching
        * This should be set to a domain admin account
        *
        * @var string
        * @var string
        */
        protected $_ad_username=null;
        protected $_ad_password=null;

    This has got to be the cleaner way of handling this.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.