WordPress.org

Ready to get started?Download WordPress

Forums

Active Directory Integration
RealDolmen IIS Authentication and ADI (11 posts)

  1. Lee Hord
    Member
    Posted 11 months ago #

    Has anyone else managed to get these two plugins working together?

    I'm running the RealDolmen IIS Authentication plugin which is excellent and works well. However I'm having some issues getting ADI to create/update the user in the database.

    User is authenticated but the LDAP lookup from ADI doesn't take place. If I disable the IIS Auth then ADI will update the user in the DB after logging in manually.

    http://wordpress.org/extend/plugins/active-directory-integration/

  2. J_Walker
    Member
    Posted 11 months ago #

    I've been using these two plugins also, but I setup a scheduled task on the server to run the ADI import once daily, so i'm not too concerned if the ADI update is taking place during login or not. It seems to work great in my environment, but maybe not yours.

  3. Lee Hord
    Member
    Posted 11 months ago #

    I think I'm real close on this.

    I discovered an issue whereby bulk import did not work unless the local user account had adi_samaccountname present in the user meta. Creating this value programmatically via the RealDolmen plugin solved the issue (had to rewrite the iisauth_create_wp_user function to do so).

    Problem now is ADI does not automatically fetch the user details during the login process. I suspect this is related to the fact that authentication is using an auth token instead of a password, therefore ADI does not understand what to do with the auth token perhaps?

    Trying to use a bind user didn't fix the issue either.

  4. dmpp
    Member
    Posted 6 months ago #

    What's your system?

    I can't get realdolmen and this plugin to work together.

    I have a win 2012 server, and I'm running the WP 3.8.

  5. Lee Hord
    Member
    Posted 6 months ago #

    I'm running a Windows 2008 R2 server with IIS7.5 and WP 3.8, works fine.

    What problems are you getting?

  6. dmpp
    Member
    Posted 5 months ago #

    Users are not automatically logged in.

    My server is Win 2012 running IIS 8 and WP 3.8.

    Any thoughts?

  7. dmpp
    Member
    Posted 5 months ago #

    I should post some more details... :-)

    This plugin (ADI IIS Auth) works fine. If a user goes to the login page and puts in their credentials, it will connect and assign the proper role to them.

    The RealDolmen plugin (from what I understand) should automatically sign them in with their computer login (same as the AD info), presuming they're using IE. So if I'm correct, when someone goes to the wordpress install and then to a post, it should automatically have them logged in to post a comment. Correct? If so, that's no happening for me.

  8. Lee Hord
    Member
    Posted 5 months ago #

    It does indeed sign users in automatically. Have you enabled Windows Authentication in the Authentication settings for your site in IIS?

  9. dmpp
    Member
    Posted 5 months ago #

    I did have Win Auth enabled.

    After some messing around with the plugin, I realized it was an issue with the IP range it was programmed to look for.

    I have ADI enabled as well.

    So, users will be auto logged in with their windows account details. ADI does not do a lookup on the LDAP for their account, so the username, first name and last name are entered as the computer login name.

    Lee, have you found a fix?

  10. dmpp
    Member
    Posted 5 months ago #

    After playing around with the code for the 1.1 Realdolmen plugin, I realized the issue was with the IP range it was looking for. I changed that, and presto, it's authenticating users and creating WP accounts with their windows login.

    The issue is that their name isn't being populated.

    Lee, have you found a fix for this to have ADI pull in the details?

  11. Lee Hord
    Member
    Posted 5 months ago #

    The only solution I have at the moment is not perfect. Basically what happens is the RealDolmen plugin authenticates the user and if they don't exist in the WordPress database it will create a new user. This in itself seems to interrupt ADI and therefore does not automatically lookup the user in AD, simply unhooking the create user function doesn't make it work either.

    So I had to find another way. One thing I noticed when users are created using the RealDolmen plugin, the user account in the WordPress dashboard is not flagged as an ADI user, therefore when performing a bulk import using ADI it would not fetch the details back. Next I added a new line to the end of the RealDolmen plugin under the last function iisauth_create_wp_user(), here's my code:

    function iisauth_create_wp_user($username)
    {
    
    	$userData = array(
    		'user_pass'		=> microtime(),
    		'user_login'	=> $username,
    		'user_nicename'	=> $username,
    		'user_email'	=> $username . '@localhost',
    		'display_name'	=> $username,
    		'first_name'	=> $username,
    		'last_name'		=> $username,
    		'role'			=> 'subscriber'
    	) ;
    
    	$id = wp_insert_user($userData);
    
    	update_user_meta($id, 'adi_samaccountname', $username);
    }

    This will save an additional piece of user meta when the account is created by the RealDolmen plugin. What you can then do is have a cron job run periodically to bulk import users, the ADI plugin will then fetch attributes for your users from AD.

    Like I said, it's not ideal but it does work, but note there will be a period of time when a new user won't have any attributes in your WordPress database.

    Hope this helps you out.

Reply

You must log in to post.

About this Plugin

About this Topic