Active Directory Integration
Need to also enter Bind DN and Bind Password (6 posts)

  1. garymgordon
    Posted 2 years ago #

    My connection to LDAP requires that I enter the Bind DN and Bind Password.

    How and where can I enter this information?



  2. jrebelo
    Posted 2 years ago #


    I'm having the same problem here.
    Did you got any solution on how to do this?

    Anyone else have some ideas on how to do this?


  3. jrebelo
    Posted 2 years ago #

    An update..
    after some hours at the code I've managed to authenticate, but properties are not comming.

    I've changed at /ad_ldap/adLDAP.php the line
    $this->_bind = @ldap_bind($this->_conn, $username . $this->_account_suffix, $password);

    into this:
    $this->_bind = @ldap_bind($this->_conn, "uid=" . $username, $password);

    since the ldap I'm connecting on seems not to authenticate by mail address (??) but by the uid.

    My problem now is on the stage to load attributes. I've tried using by setting, and not setting, the user as described here: http://wordpress.org/support/topic/need-the-bind-user?replies=11

    in both cases it showed:

    [NOTICE] Authentication successfull for "jrebelo"
    [NOTICE] cleaning up failed logins for user "jrebelo"
    [0] => cn
    [1] => givenname
    [2] => sn
    [3] => displayname
    [4] => description
    [5] => mail
    [6] => samaccountname
    [7] => userprincipalname
    [8] => useraccountcontrol


    [ERROR] This user exists in Active Directory, but has not been granted access to this installation of WordPress.

    By looking at the code, seems that after login the user info is obtained, using the adLdap.php / user_info method, which creates a filter like:

    if ($isGUID === true) {
    $username = $this->strguid2hex($username);
    else if (strstr($username, "@")) {
    else {

    to use on ldap_search. By browsing my LDAP entry, I don't see this attributes (should I see it??)
    Also I've replaced this to look by $filter="uid=".$username; but it still doesn't work.

    My question is what might be missing so that the user info can be obtained?
    Might this be the cause for the failure or should I be looking to some other code part?

    Thanks for the help!

    ps: I'm not a PHP Developer, neither I've any know-how on LDAP...so I don't quite know if these changes are the way to solve this! but it seems that some advance has been achieved..

  4. jrebelo
    Posted 2 years ago #

    ok...it seems like I'm not a person in this LDAP...

    by removing the line: $filter = "(&(objectCategory=person)({$filter}))";

    and keeping the


    already can see my details.

    But still I have the error:
    [ERROR] This user exists in Active Directory, but has not been granted access to this installation of WordPress.

    My guess is that some other code must be reviewed...
    I'll try to take a look, but any suggestions? :)

  5. jrebelo
    Posted 2 years ago #


    at this stage it was only missing to allow the plugin to create the user (sorry but not the most intuitive error message..)

    so, the point is..can this behavior (option to authenticate and filter by uid) be integrated at the plugin?

  6. Wes Crow
    Posted 2 years ago #

    The adLDAP library has protected variables that can be overwritten to accomplish this administrative bind:

    // from file: wp-content\plugins\active-directory-integration\ad_ldap\adLDAP.php
        * Optional account with higher privileges for searching
        * This should be set to a domain admin account
        * @var string
        * @var string
        protected $_ad_username=null;
        protected $_ad_password=null;

    This has got to be the cleaner way of handling this.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Active Directory Integration
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.