Support » Plugin: Active Directory Integration » Need to also enter Bind DN and Bind Password

Viewing 5 replies - 1 through 5 (of 5 total)
  • Hi,

    I’m having the same problem here.
    Did you got any solution on how to do this?

    Anyone else have some ideas on how to do this?


    An update..
    after some hours at the code I’ve managed to authenticate, but properties are not comming.

    I’ve changed at /ad_ldap/adLDAP.php the line
    $this->_bind = @ldap_bind($this->_conn, $username . $this->_account_suffix, $password);

    into this:
    $this->_bind = @ldap_bind($this->_conn, “uid=” . $username, $password);

    since the ldap I’m connecting on seems not to authenticate by mail address (??) but by the uid.

    My problem now is on the stage to load attributes. I’ve tried using by setting, and not setting, the user as described here:

    in both cases it showed:

    [NOTICE] Authentication successfull for “jrebelo”
    [NOTICE] cleaning up failed logins for user “jrebelo”
    [0] => cn
    [1] => givenname
    [2] => sn
    [3] => displayname
    [4] => description
    [5] => mail
    [6] => samaccountname
    [7] => userprincipalname
    [8] => useraccountcontrol


    [ERROR] This user exists in Active Directory, but has not been granted access to this installation of WordPress.

    By looking at the code, seems that after login the user info is obtained, using the adLdap.php / user_info method, which creates a filter like:

    if ($isGUID === true) {
    $username = $this->strguid2hex($username);
    else if (strstr($username, “@”)) {
    else {

    to use on ldap_search. By browsing my LDAP entry, I don’t see this attributes (should I see it??)
    Also I’ve replaced this to look by $filter=”uid=”.$username; but it still doesn’t work.

    My question is what might be missing so that the user info can be obtained?
    Might this be the cause for the failure or should I be looking to some other code part?

    Thanks for the help!

    ps: I’m not a PHP Developer, neither I’ve any know-how on LDAP…so I don’t quite know if these changes are the way to solve this! but it seems that some advance has been achieved..

    ok…it seems like I’m not a person in this LDAP…

    by removing the line: $filter = “(&(objectCategory=person)({$filter}))”;

    and keeping the


    already can see my details.

    But still I have the error:
    [ERROR] This user exists in Active Directory, but has not been granted access to this installation of WordPress.

    My guess is that some other code must be reviewed…
    I’ll try to take a look, but any suggestions? 🙂


    at this stage it was only missing to allow the plugin to create the user (sorry but not the most intuitive error message..)

    so, the point is..can this behavior (option to authenticate and filter by uid) be integrated at the plugin?

    The adLDAP library has protected variables that can be overwritten to accomplish this administrative bind:

    // from file: wp-content\plugins\active-directory-integration\ad_ldap\adLDAP.php
        * Optional account with higher privileges for searching
        * This should be set to a domain admin account
        * @var string
        * @var string
        protected $_ad_username=null;
        protected $_ad_password=null;

    This has got to be the cleaner way of handling this.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Need to also enter Bind DN and Bind Password’ is closed to new replies.