OK, I’ve got some progress.
I’ve made a plugin that hooks an action to “wp”
if the user is_user_logged_in(), do nothing
else:
get the active windows user,
fetch info from AD/LDAP (not implemented yet)
update WP user DB (not implemented yet)
wp_set_auth_cookie to login the active user
Does this sound resonable?
Kind of. A plugin is great, but I’m not sure ‘wp’ is the best action. I believe the user status is not yet established at this point, I would suggest ‘init’.
I’m not sure what you’re updating in the user DB during the auto-login process. I don’t think there’s anything there, login state is completely managed by session. Even if there is, calling wp_set_auth_cookie() would take care of it. Or is this just in case the domain user is not yet a WP user? If so, good idea!(for later)
The thing is though, calling wp_set_auth_cookie() will redirect to the login page if WP doesn’t think the user is logged in. To deal with that, look into the ‘login_init’ and/or ‘login_form_login’ actions. You need to replicate the wp-login.php process without presenting the form to the user. This mainly consists of calling wp_signon() then on success, redirecting to $_REQUEST['redirect_to'].
For wp_signon() to be successful, hook ‘authenticate’ and return the proper user object on success, or WP_Error on failure. Alternately, you can plug (re-declare) the wp_authenticate() function (which applies the ‘authenticate’ filter) to suit your needs.
This only hits the high points, you’ll need to fill in the gaps. Still, this should get you going in the right direction. Good luck!
Hey, I just noticed there are a few plugins already offered that have this functionality. Even if you still prefer to code your own, it’d be a good idea to review the techniques used by other developers to do the same thing.
