WordPress.org

Ready to get started?Download WordPress

Forums

Users can log on withtout a password!! LDAP Plugin used (6 posts)

  1. pknox
    Member
    Posted 3 years ago #

    We installed the LDAP plugin and use Windows Authentication. So far so good but we discovered by accident if you use a valid Windows Ad username you can logon forthe first time without a password and a blog is created for you. What is more worrying is anyone can log on as another user and have access to that users blog and admin console.

  2. @mercime
    Volunteer Moderator
    Posted 3 years ago #

    What is more worrying is anyone can log on as another user and have access to that users blog and admin console.

    Which LDAP plugin are you using? Suggest you mention it here and also contact plugin dev and find a resolution for unsecured access.

  3. pknox
    Member
    Posted 3 years ago #

    We downloaded version 2.8.2 from WordPress.org. wpmu-ldap_2.8.2.tar.gz.

    We set the default of 'No' for the 'single sign-on' option when configuring this plugin.

  4. @mercime
    Volunteer Moderator
    Posted 3 years ago #

    Check out WPMU LDAP plugin version 3.0 at http://sourceforge.net/projects/wpmu-ldap/

  5. pknox
    Member
    Posted 3 years ago #

    Many, many thanks Mercime. The first thing I should have checked was if there was a newer version available which had this fixed. We have installed it and it works fine. An error message appears that the password field is blank and so it prevents a user logging on until that is done. If the user uses a wrong password it will only allow 2 more attempts to login.

  6. @mercime
    Volunteer Moderator
    Posted 3 years ago #

    You're welcome pknox. Glad it's working out for you.

Topic Closed

This topic has been closed to new replies.

About this Topic