Please see changelog below for recent updates/changes.
wpDirAuth allows users of central directory (LDAP) servers to login to
authorized WordPress instances without having to register. The plugin creates
a new account for each directory user on first login so that they have full
access to preferences and functions, as any WP user would.
Activating the plugin will not restrict you to using directory authentication
and you will still be able to both create new WP-only users as well as turn on
public registration in WordPress. You can also assign any privilege levels to
your directory users, and the those users will be referred to their
institutional password policy whenever they would normally able to update
their WP passwords (on the profile screen, in user edit, etc).
Authentication should work with most LDAP enabled directory services, such as
OpenLDAP, Apache Directory, Microsoft Active Directory, Novell eDirectory,
Sun Java System Directory Server, and more.
wpDirAuth supports LDAP and LDAPS (SSL) connectivity and can force SSL for
WordPress authentication if it is available on the Web server. It also supports
server connection pools, for pseudo load balancing and fault tolerance, or
multiple source directory authentication.
Because the key used to locate a user’s profile in the LDAP server is not
always the same, depending on your LDAP server type and institutional choices,
you can define your own through the wpDirAuth administration tool.
When logging in as a directory user, the WP “remember me” feature is downgraded
from 6 months for regular WP users to only 1 hour, so that institutional
passwords are not overly endangered when accessing WP from public terminals.
Branding & Notifications
You can define notifications addressed to your directory users in key WordPress
areas, such as the login screen and the profile edit screen.
Since these admin-editable values support HTML (admin, coders, beware of xss!),
you can point your directory users to central support information related to
functions such as changing their institutional password, a WordPress usage
related policy, etc.
There is also a simple and optional terms of services concept, only implemented
for directory users, which will simply record a one-time acceptance date when
agreed upon. Note that agreeing to the TOS has no effect on the user’s level of
access in the system, fact which could change in future version if there is a
demand for it, or through direct code contribution to that effect.
You can download the latest stable version of wpDirAuth from the WordPress
Plugin Finder at the following locations:
* Direct download: https://downloads.wordpress.org/plugin/wpdirauth.zip
* WPPF home: https://wordpress.org/extend/plugins/wpdirauth/
Once installed and activated, you will be able to administer your directory
settings through the dedicated plugin configuration tool found under the
Directory Auth. menu found in the WordPress
Options admin section.
Directory Authenticated users can now be pre-added to your wordpress system
and granted roles by going to the
Add Dir Auth User menu found in the
Users admin section. Contextual help for this section is
available for this section within WordPress’ built-in help menu.
See the inline help found in the tool for more information on the settings.
There is a secondary activation toggle, so you can install and activate the
plugin, check out the options panel, but not immediately accept directory
authentication, or even simply turn the feature on or off at any time.
Help and Support
Please post questions, request for help to the WordPress plugins forum or
email email@example.com. Please be sure to include ‘wpdirauth’ in the
Tons. The entire codebase could stand refactoring.
Source and Development
wpDirAuth welcomes friendly contributors wanting to lend a hand, be it in
the form of code through SVN patches, user support, platform portability
testing, security consulting, localization help, etc.
The [current] goal is to keep the plugin self-contained (ie: no 3rd-party lib)
for easier security maintenance, while keeping the code clean and extensible.
Focus is on security, features, security, and let’s not forget, security.
Unit tests will hopefully be developed and constant security audit performed.
Recurring quality patch contributions will lead to commit privileges to the
project source repository.
Please post questions/requests for help to the wordpress forums and/or
The project source code is available on the WordPress Plugin Repository:
* Stable: http://svn.wp-plugins.org/wpdirauth/trunk/
* Unstable: http://svn.wp-plugins.org/wpdirauth/branches/dev/
* Historical: http://svn.wp-plugins.org/wpdirauth/tags/
The Sybversion repository can be browsed and tracked (RSS, etc) through the
WP Plugin Repo source browser at:
The generated code documentation can be found at:
The WP Plugin Repo also offers a convenient ticketing system for bug and
* Existing tickets: http://dev.wp-plugins.org/query?status=new&status=assigned&status=reopened&group=priority&component=wpdirauth&order=priority
* Open a new ticket: http://dev.wp-plugins.org/newticket
General Public License
Copyrights are listed in chronological order, by contributions.
wpDirAuth: WordPress Directory Authentication, original author
Copyright (c) 2007 Stephane Daury – http://stephane.daury.org/
wpDirAuth and wpLDAP Patch Contributions
Copyright (c) 2007 PKR Internet, LLC – http://www.pkrinternet.com/
wpDirAuth Patch Contributions
Copyright (c) 2007 Todd Beverly
wpLDAP: WordPress LDAP Authentication
Copyright (c) 2007 Ashay Suresh Manjure – http://ashay.org/
wpDirAuth Patch Contribution and current maintainer
Copyright (c) 2010, 2011, 2012 Paul Gilzow – http://gilzow.com/
wpDirAuth is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
by the Free Software Foundation.
wpDirAuth is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see http://www.gnu.org/licenses/.
Originally started from a patched version of wpLDAP (1.02+patch), wpDirAuth has
since then been heavily overhauled and features have been modified and added.
In other words, a classic case of
pimp my lib' (hopefully for the better).
* Current: wpDirAuth: http://tekartist.org/labs/wordpress/plugins/wpdirauth/
* Original: wpLDAP: http://ashay.org/?page_id=133
* wpLDAP Patch: http://www.pkrinternet.com/~rbulling/private/wpLDAP-1.02-ssl.patch
Great plugin, great support! Filter wpdirauth_filterquery can be updated for advanced config; Just one file => really nice from a security point of view (no hidden sub-plugin or any custom library)
We´re runnig wp in a multi site environment for academic purposes. wpDirAuth is easy to use and helps us to let site administrators easyly integrate users without establishing additional passwords. Thats comfortable for the users and helps us to raise acceptance of the blog system.
And, last but not least, the plugin developers are very keen to help in cases of technical issuses. That´s for me as multi service provider veeeerrry helpful. So five stars!
- bugfix – a local user account on systems using PHP version < 5.3.9 would fail authentication, even if correct password was used. Many thanks to @tommcgee for helping me track this one down.
- minor bugfixes that were causing PHP warning errors in specific situations.
- let’s try this again. filter wpdirauth_filterquery will pass THREE parameters: current AD filter, the account filter as set in the wpDirAuth settings and the username of the person attempting to authenticate. Callback function must pass back a valid AD filter.
- Why no 1.7.13? Because I’m superstitious.
- Added hookable filter wpdirauth_filterquery. Will pass 2 parameters: the current AD filter and the username of the person attempting to authenticate. Callback function must pass back a valid AD filter.
- v4.4.2 of wordpress changed some of the roles & caps. Role create_users no longer allows admins who do not posses super-admin privilege in a multisite to see the wpDirAuth add user menu item when in a site. changed the cap to add_users, but will continue to research
missed an instance of split (deprecated php function).
Adding stripslashes_deep because wordpress.
Bug fixes and minor clean-up
- The plugin no longer automatically creates accounts for directory-authenticated users who log into the site. You can enable this behavior in the plugin settings, but it is no longer the default behavior.
- Not sure why but I never set the plugin up to block Directory-Authenticated users from attempting to use the wordpress builtin password reset tool. It can’t actually change the password, but it definitely caused confusion among users. wpDirAuth now blocks directory-authenticated users from using the password reset tool.
- Removed a bunch of deprecated function calls.
- Cleaned up some of the debugging messages.
Corrected situation where a new authenticated user logging into a child site in a multisite network was added to the parent site, instead of the child site where they initiated the login. Also, somewhere along the way, I reintroduced a bug that when using authentication groups, the plugin would fail to redirect a successfully logged in user.
- PLEASE NOTE Beta testers of the 1.7.X branch prior to version 1.7.5, you will need to deactivate wpdirauth before you updgrade to this latest version. Once you have installed and network activated the plugin, it will copy your options from their previous location to the sitemeta table. You will only need to do this once. This will also work for anyone who was using the 1.6.X branch or older and plans on using it in MULTISITE mode.
- MULTISITE support, bug fixes, security enhancements
- Corrected a bug that would prevent user profiles from successfully being found. Thanks go to jgiangrande for identifying the problem area.
Add Dir Auth Userto Admin User menu. Now able to pre-add Directory Authenticated users and assign roles where previously users would have to log in first, and then have an admin change their role.
- Added ability to limit logins to specific AD groups. Fixed a bug that produced an incorrect filter when using a single Authentication Group
- Remove default password nag for wpdirauth accounts