Posted 1 year ago #
Hi,
I recently installed WP 3.0.4 and wpDirAuth 1.5.2 plugin to our company's server to allow users to authenticate against our LDAP server.
I already had to hack wpdirauth.php to get the users first, last and display names right but now it seems that users who have special characters (e.g. ! and ")in password are not able to authenticate.
Anybody have similar problems?
Posted 1 year ago #
Exclamation points work for me but I do have a few users who can't seem to login. Not sure if it's special characters or not.
Posted 1 year ago #
Sorry I didnt notice your posts. Can both of you give me some more information? The code doesnt touch the passwords it is given, and instead passes it on to the DC when it attempts to bind. Can you try the new version (1.6.0) and let me know if you are seeing the same issue? If you are still seeing the same issue in the new version, can you give me some more information on how you have wpDirAuth configured?
@tiainpa - what did you have to change in order for first, last and display names to show correctly? The code requests givenname (first), and sn (last) upon a successful match, which I was under the impression is fairly standard for most DC's. I will let you know that I'm planning to rework that section so that additional keys can be retrieved, but am interested to know what you had to change.
Posted 1 year ago #
Hi Paul,
My DC is set to something like ed.es.xxx.net:389 (I cannot reveal full details because of our company's intranet), and the account filter is 'uid'.
I tried to work with this DC without modifying anything, but it seems that WordPress cannot get anything returned to keys sn and givenname. We have a web based LDAP client and this also doesn't show any details like that, the closest one having my full name is displayName, but I didn't get that one to work either. DisplayName seems to be the same kind of string as I see in Microsoft Outlook's mail recipients.
For these reasons, I am using PHP magic to strip the user's first and last name from the 'mail' key.
Regarding 1.6.0 version, I installed it to one of our WordPress servers and now I'm waiting for the user with the troublesome password to give it a go. I'll let you know how it works.
Posted 1 year ago #
The user with the troublesome password reported back to me that there is still a problem with login.
I also deleted my user in order to see what details are there when using the original wpDirAuth.php:
- Username is OK (same username as in our intra)
- First and Last Names are blank
- Nickname is quite OK (firstname_lastname)
- Display name is blank
- E-mail is OK
Posted 1 year ago #
@tianpa by chance can you use Softerra's LDAP Browser (make sure to click on and download the LDAP Browser 2.6 instead of LDAP Administrator 2011) to log into your DC, perform a query and take a screenshot of the results? I'm wondering if you can use either cn, name or possibly displayName attributes.
What I'm finding odd is that sn is a mandatory attribute for person entries (according to the RFC) so your DC should have it.
The problem from the plugin view of using the displayName (or cn) attribute is that the organization is free to use whatever format for names they want (e.g. Gilzow, Paul; Paul Gilzow; Gilzow, Paul F.; Paul Franklin Gilzow, etc.) so i'd have to think up some way to let the end-user define how their organization has formatted that field.
As for the user who is still having issues logging in... Do you know if your php installation has magic quotes enabled?
Posted 1 year ago #
@gilzow Call me overly paranoid, but I sent you the information you requested in a Facebook message as I didn't know any other private way to reach you.
As for the other question, I have no idea about the magic quotes but as I'm the admin of our WordPress installation I could check it if it helps.
Posted 1 year ago #
I'm big into web security, so i COMPLETELY understand about being paranoid. ;)
Looked at the sceenshot you sent. I'd suggest using the cn attribute vs the email address since it is POSSIBLE that your organization might have an exception to it's normal rule for email addresses. I hate saying hack the plugin since that means you'll have to redo the hacks everytime i release an update, but until i can figure out an easy way to have that be a configuration option, i dont know any other option.
As for contacting me, it's in the info on the wpdiratuh wordpress directory page, but you can always email me at wpdirauth@gilzow.com. Just make sure to include 'wpdirauth' in the subject line. I'm also monitoring these forums for any mention of 'wpdirauth'. And facebook works as well (facebook.com/gilzow).
Back to the password issue. Let's try this. At the beginning of the function wpDirAuth_auth (line 335 in version 1.6.0), add the following:
if(get_magic_quotes_gpc()){
$password = stripslashes($password);
}And then have your user try again. I was under the impression that wordpress disabled magic_quotes if it was enabled in the ini file, but i could be wrong.
This topic has been closed to new replies.
