Support » Plugin: Authorizer » LDAP Login WordPress Docker

  • Resolved jthomae1

    (@jthomae1)


    Hello, I have a problem authenticating via LDAP on my wordpress site.
    My configuration must be correct, at least ldapsearch with the same credentials from my host is working, and another application with ldap connection is using the same configuration.

    Unfortunately, the login is not possible. I would like to know if I can see logs somewhere, with possible error messages.
    I’m using wordpress version 5.2.4 in a docker setup, I already installed the php-ldap extension (via own Dockerfile). The info-message on the “external services” site, that the php extension is required, disappeared after it. (PHP version 7.3.1)

    Are there any problems known, regarding docker setups with WordPress and Authorizer?

    Thanks in advance!

Viewing 6 replies - 1 through 6 (of 6 total)
  • Further information:

    I’m using
    LDAP Host: ldaps://<mydomain>.de
    Port: 636
    Use TLS: Unchecked
    Search Base: ou=Customers,dc=<mydomain>,dc=de

    Standard fields for first name and last name.
    As mentioned, user and password working with ldapsearch and for another app on the same host.

    Works with the username instead of the email address in the login field. Can you explain why the login does not work with the email address?

    I will mark the issue as resolved

    Plugin Author Paul Ryan

    (@figureone)

    Right now the default LDAP search filter is just on whatever attribute you put in LDAP attribute containing username:
    https://github.com/uhm-coe/authorizer/blob/master/src/authorizer/class-authentication.php#L618-L619

    However, it does make sense to check both that and LDAP attribute containing email address.

    You can do that manually right now by filtering authorizer_ldap_search_filter and adding your own filter, e.g.:

    /**
     * Allow username or email matches in LDAP.
     *
     * @hook authorizer_ldap_search_filter
     *
     * @param string $search_filter The filter to pass to ldap_search().
     * @param string $ldap_uid      The attribute to compare username against (from Authorizer Settings).
     * @param string $username      The username attempting to log in.
     */
    add_filter( 'authorizer_ldap_search_filter', function ( $search_filter, $ldap_uid, $username ) {
    	return "(|(uid=$username)(mail=$username))";
    }, PHP_INT_MAX, 3 );

    Filter is documented here:
    https://github.com/uhm-coe/authorizer/blob/master/src/authorizer/class-authentication.php#L621-L631

    We’ll work on adding that into the default behavior. Thanks!

    • This reply was modified 3 weeks, 2 days ago by Paul Ryan.
    Plugin Author Paul Ryan

    (@figureone)

    Added here:
    https://github.com/uhm-coe/authorizer/commit/e3571a6b68f48dbfda0a437a62e82b2b8fc2e0a3

    Will be included in the next release. Thanks!

    Thanks for the explanation!
    Great, that the filter will be included in the next release. Thanks!

    Plugin Author Paul Ryan

    (@figureone)

    Just to clarify that the filter is already there, and you can use it now if needed. The next release will include a change to the default behavior so you won’t have to use the filter.

    Only other thing on the release radar is fixing up some admin styles for the upcoming changes in WordPress 5.3. Once that is done, the next release should drop.

    Noteworthy Admin CSS changes in WordPress 5.3

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.