Forums

WordPress › Support » Plugins and Hacks

wpDirAuth
wpDirAuth and lost password link + converting existing users (2 posts)

  1. doctorproctor
    Member
    Posted 5 months ago #

    I've just successfully configured wpDirAuth to work with our LDAP, and much seems good. I have several questions at this point:

    1. The "Lost Password" link shows up on the login page for both LDAP authenticated and existing users, though it's only applicable for the latter. Is there a way to hide this for LDAP authenticated users, since they are supposed to update their passwords via our institutional link?
    2. I just discovered what seems to be a password security issue with LDAP-authenticated users, which I'll email you separately...not sure if it's due to wpDirAuth, our LDAP server, or something else, but it's crazy.
    3. We have a number of existing users whom I'd like to convert to LDAP-authenticated users. They registered using their institutional login as username. The only distinguishing characteristic I see in wp_usermeta is that wpDirAuthFlag is set to 1. If we do so manually for existing users, would this then authenticate logins against our LDAP?

    Thanks again for the great plugin, and appreciate input on the above.

    Jim

    http://wordpress.org/extend/plugins/wpdirauth/

  2. gilzow
    Member
    Posted 5 months ago #

    Already emailed you but figured i would respond here as well.

    #1, Since all users (both ldap-authenticated and local WordPress) use the same login page, we cant really hide the reset password link. What I could do, possibly, is hook the password reset function and return an error if the user attempting to reset their password is an ldap-authenticated user. I'll do some experimenting to see if I can do that.

    #2, I think this is an issue with your particular set up, as I cant recreate the issue, and the plugin doesn't really touch the password except to hand it over to the LDAP connection when attempting the bind. The plugin is just checking for a successful bind response from your ldap instance which, as far as i know, should mean that your ldap instance has accepted the user account (or DN) and password. As I mentioned in the email, send me some more info about your particular LDAP set up and we'll see if we cant figure out what is going on.

    #3, I don't have anything currently to convert users. It's something I could look into doing for a future version, though my focus right now is trying to get the plugin to work in WordPress MU/network. Maybe I could add it to the user's profile section....

    Yes, if you manually add a 'wpDirAuthFlag' meta_key with a value of 1 for those users who need to be converted, they will start authenticating against your LDAP instance. Not ideal, but it will work. Just make sure not to do that to your main administrator account as you should still have at least one local account in case your LDAP instance is unavailable.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags