[Plugin: Active Directory Integration] Single config for multisite (25 posts)

  1. tirussell
    Posted 5 years ago #

    I am having a little difficulty getting this to work consistently on a multi-site installation. When I first install (with a bunch of pre-existing sub-sites), all is well, but then if I add a new sub-site, it does not have the settings--it's not possible to login to the new sub-site without configuring the LDAP separately for that sub-site.

    However, if I log in to one of the sites that was previously configured and then switch to that same new sub-site that I could not log into, all is well.

    I am using WP3 as a CMS for a university and need each sub-site (usually an office or department) to be able to log in from their own pages.

    Thoughts on how to make new sites use the existing settings?

  2. tirussell
    Posted 5 years ago #

    friendly bump

  3. meltingrobot
    Posted 5 years ago #

    I would like to have this feature as well. The only way people can login successfully is to go to the root site and login, then they can access the sub-sites that they have access to.

  4. tirussell
    Posted 5 years ago #

    I wound up hard-coding the LDAP connection info into lines 703-749 of the plugin as a hack/fix (commenting out the get_option and get_site option calls). This is obviously sub-optimal, but it seems to work.

    Would love to have an official fix for this!

  5. meltingrobot
    Posted 5 years ago #

    Yeah, I'm trying to hold out for an official fix. I really hope whoever is making this is still working on it. Outside of this one issue, this is a great plugin.

  6. glatze
    Posted 5 years ago #

    Sorry, was on vacation for a while. I'll look into this.

  7. tirussell
    Posted 5 years ago #

    glatze - great to see you back!

    another helpful update to the plugin would be to change line 227 so that it uses

    plugins_url('', __FILE__)

    instead of


    The main reason for this is that WP_PLUGIN_URL does not use SSL even when the FORCE_SSL_ADMIN setting is true. For users with a secure backend (as it should be if we are typing in our AD credentials, right?) this causes IE to pop a "Load only content delivered securely?" on every admin page.

  8. meltingrobot
    Posted 5 years ago #

    Thanks. Looking forward to an update that fixes this. This is a great plugin, and it will be perfect after this issue is fixed.

  9. kristianjohansen
    Posted 5 years ago #

    While waiting you could add some redirect-code to wp-login.php.

    For my setup (sub-directory multisite, installed in web root) the following works just fine:

    if ($_SERVER['REQUEST_URI'] != "/wp-login.php") {

    It is not optimal since the users must make a few extra clicks once inside...

  10. Curtiss Grymala
    Posted 5 years ago #

    I found a really handy (at least temporary) fix for this issue. There's a plug-in called "YD Network-wide Options" (to find it in the Add New Plugin section of WordPress you have to search for "sitewide options").

    The interface for the "YD Network-wide Options" plug-in is pretty ugly and utilitarian, but it works. Just install and activate that plug-in, then go to its settings and check off all of the ad_ options so that they are propagated globally rather than on a per-blog basis.

    Still, it would be great to see network-wide options built into the AD Integration plug-in, but the "YD Network-wide Options" solution seems to work for now.

  11. dbvista
    Posted 5 years ago #

    I can't quite get "YD Network-wide options" to work right in this setup. It definitely propagates the "AD_Integration_..." options to existing blogs when you click "Update Plugin Settings". But when I create a new blog, AD logins fail in that blog. I have to click "Update Plugin Settings" again, and then logins succeed. Do you need this manual step too, or am I missing something?

    I do have these checkboxes checked:

    - Overwrite existing blog settings
    - Automatically apply future changes to all blogs
    - Spread options to new blogs

  12. dbvista
    Posted 5 years ago #

    Hmm, now it's working.

  13. Curtiss Grymala
    Posted 5 years ago #

    While studying the code for this plug-in, I discovered a much simpler (and probably less resource-hungry) way to accomplish this task.

    The AD Integration plug-in was initially built with network-wide options in mind, but the methodology it uses to decide whether to use settings on individual sites or throughout the entire network was deprecated when WPMU merged with the WordPress core.

    In this plug-in, the decision as to whether to use network-wide options or individual site options is determined by two things:
    1) Does the global variable "$wpmu_version" exist?
    2) Is the constant "IS_WPMU" defined and non-empty? (This constant is defined as '' within the plug-in if "$wpmu_version" doesn't exist or is empty).

    I'm not sure why the checks are inconsistent (some functions use the global $wpmu_version variable and others use the IS_WPMU constant).

    Anyway, to make your options applicable site-wide, you need to simply create a small PHP file and place it in your mu-plugins folder. Then paste the following code into that file:

    if( !defined( 'IS_WPMU' ) )
    	define( 'IS_WPMU', true );
    global $wpmu_version;
    $wpmu_version = $GLOBALS['wp_version'];

    Then, when you "Network Activate" the AD Integration plug-in, you will no longer see the "Active Directory Integration" menu under "Settings" in the left sidebar, it will appear under "Super Admin" instead, and the settings will now apply throughout your entire network rather than being different for each individual site.

    Be forewarned, though, that if there are other plug-ins using the deprecated $wpmu_version variable to try to determine whether this is a standard WordPress installation or a multi-site installation, this change might have an undesired effect on those plug-ins.

    Also, in my particular installation, the styling for the options page for this plug-in doesn't seem to be quite right (the links to the different "tabs" within the options page still work, but they're just a vertical list of links rather than looking like tabs).

    I've only just begun testing on this, but it seems to be working properly for me. In my case, I deactivated the plug-in entirely on my network (you'll obviously have to make sure you have a non-AD Super Admin in order to move forward this way), I backed up my AD_Integration settings from each of my sites' "options" tables, then deleted them. I then uploaded the file to mu-plugins, logged back in using my non-AD Super Admin account and Network Activated the AD plug-in. I then re-configured all of the settings for the plug-in, logged out and logged in to one of the sub-sites using my AD credentials. It worked.

  14. Aren Cambre
    Posted 5 years ago #

    Note that you have to create this mu-plugins folder at wp-content/mu-plugins.

    See http://wpmututorials.com/plugins/basics/what-is-the-mu-plugins-folder/ for details.

  15. Aren Cambre
    Posted 5 years ago #

    Just spotted two minor issues:

    1. When adding this mu-plugins thingie, you will have to redo all your ADI settings. The ADI module moves from Settings > Active Directory Integration to Super Admin > Active Directory Integration
    2. When under Super Admin, the tabs don't appear correctly. Instead, the tabs show just as vertically-stacked links at top left of the module settings.
  16. Aren Cambre
    Posted 5 years ago #

    My ADI plugin loses all its settings every time I network activate a module. Could it be related to the mini-module that Curtiss Grymala above recommended for the mu-plugins folder?

  17. kwgagel
    Posted 5 years ago #

    I attempted Curtiss Grymala's hack and got locked out wordpress alltogether. I had to undo the change...

  18. Aren Cambre
    Posted 5 years ago #

    I think you got locked out because the Active Directory Integration module lost all its settings. See what I'm reporting in prior posts here.

    Try this--log in and be sure to select Remember Me. Now add Curtiss's plugin. Now navigate back to the Active Directory Settings module's settings. Did all your settings disappear? If so, fill them back in.

  19. kwgagel
    Posted 5 years ago #

    OK, followed again with your added suggestion.
    Filled in all the ADI info again and when I tested an account I got this:
    404 - File or directory not found.
    The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
    I just can't do it this way it seems...

  20. kwgagel
    Posted 5 years ago #

    Actually, it does work...

  21. jeeverett
    Posted 4 years ago #

    This thread has been quiet for a while, but I thought I'd post some tweaks to the AD Integration plugin that get multisite working (semi) properly. Taking a cue from Curtiss, I went in and actually changed every call in the plugin that was looking for a deprecated variable or using a deprecated function, as well as fixed a few bugs with the coding of the plugin itself. For anyone trying to use this plugin with a multisite WordPress install, here are the necessary changes:

    In file /active-directory-integration/ad-integration.php:

    In public function _construct():

    • Remove globals $wpmu_version and $wpmuBaseTablePrefix - both are deprecated.
    • Remove first check for if IS_WPMU defined entirely.
    • Replace the add_action('admin_menu'... line with the following statement:
      if (function_exists('is_network_admin')) {
      add_action('network_admin_menu', array(&$this, 'add_options_page'));
      } else {
      add_action('admin_menu', array(&$this, 'add_options_page'));

    In public function initialize_options():

    • Replace if (IS_WPMU) { with if (is_multisite()) {
    • Replace if (is_site_admin()) { with if (is_super_admin()) {

    In public function add_options_page():

    • Replace if (IS_WPMU && is_site_admin()) { with if (is_multisite() && is_super_admin()) {
    • Replace the add_submenu_page(... line with add_submenu_page('settings.php', __('Active Directory Integration'), __('Active Directory Integration'), 'manage_options', __FILE__, array(&$this, '_display_options_page'));
    • Replace the final if (!IS_WPMU) { with if (!is_multisite()) {

    In public function authenticate($arg1 = NULL, $arg2 = NULL, $arg3 = NULL):

    • Remove global $wpmu_version and the check for IS_WPMU directly below it.
    • Replace all instances of $version with $wp_version.

    In public function sanitize_syncback_global_user_pwd($pwd):

    • Replace if (IS_WPMU) { with if (is_multisite()) {

    In public function sanitize_bulkimport_user_pwd($pwd):

    • Replace if (IS_WPMU) { with if (is_multisite()) {

    In public static function global_db_prefix():

    • Remove globals $wpmu_version and $wpmuBaseTablePrefix
    • Replace if ($wpmu_version != '') { with if (is_multisite()) {
    • Replace return $wpmuBaseTablePrefix; with return $wpdb->base_prefix;

    In public static function activate()

    • Remove global $wpmu_version
    • Replace all four instances of if (isset($wpmu_version) && $wpmu_version != '') { with if (is_multisite()) {

    In public static function deactivate():

    • Replace if (isset($wpmu_version) && $wpmu_version != '') { with if (is_multisite()) {

    In protected function _save_wpmu_options($arrPost):

    • Replace if (IS_WPMU) { with if (is_multisite()) {
    • Below the two lines mentioning 'AD_Integration_use_tls', add the following two lines: if ( !empty( $arrPost['AD_Integration_network_timeout'] ) )
      update_site_option('AD_Integration_network_timeout', (int)$arrPost['AD_Integration_network_timeout']);

    In protected function _generate_authcode():

    • Replace if (IS_WPMU) { with if (is_multisite()) {

    In file /active-directory-integration/admin.php:

    In php tag:

    • Replace if (IS_WPMU) { with if (is_multisite()) {
    • Replace if (!is_site_admin()) { with if (!is_super_admin()) {
    • Replace if (IS_WPMU && $_POST['action'] == 'update') { with if (is_multisite() && $_POST['action'] == 'update') {
    • Replace the final instance of if (IS_WPMU) { with if (is_multisite()) {

    Further down in the same file, look for many instances of (!IS_WPMU)echo, replacing each with (!is_multisite())echo.

    Some important notes:

    1. The plugin folder itself needs to be placed in your mu-plugins directory within wp-content. If this folder does not currently exist, create it. Within the active-directory-integration folder, look for a folder named 'mu'. Inside is a little file labeled 'ad-integration-loader.php'. This file needs to be moved to the mu-plugins directory.
    2. The above code tweaks move the settings menu from the Site Admin settings menu over to the Network Admin settings menu. Unlike other tweaks mentioned here, the various settings tabs will display properly, however the 'Test Tool' button will be gone, and that feature will be at the bottom of all of the tab pages.
    3. You'll need to re-add the AD settings after making the above changes.. the new data is stored in an entirely different database table.
    4. When you save settings, it will jump you back to the first settings page, and you won't get any notice that the settings were saved. They should save properly, however.
    5. Two features of the plugin are entirely broken in multisite: the Test Tool and the Bulk User Import. These are not due to the tweaks made above, but seem to be unfinished parts of the plugin coding itself. There are a few places in the .php files related to those two features that contain deprecated calls as well that can be fixed, however the features will not work regardless. I'd love to see those fixed, however..
    6. Finally, while the above changes worked for my Multi-subdirectory WordPress install, I don't guarantee it will work for anyone else. I'm not a WordPress programmer, although I know HTML and PHP reasonably well. I'd love to see this plugin get an official update, too!
  22. jeeverett
    Posted 4 years ago #

    Just a quick addition to the previous post about modifying the Active Directory Integration plugin for multisite use.. there is one other critical change that must be made along with the above:

    Look for this section in the ad-integration.php file:

    if (function_exists('register_uninstall_hook')) {
    register_uninstall_hook(__FILE__, 'ADIntegrationPlugin::uninstall');

    Comment that out. I don't understand why a plugin installed in the mu-plugins folder should ever be receiving an uninstall hook, but with that code enabled every few hours the plugin will lose all of its settings, locking everyone except the ID 1 user out. I've also on one occasion had the plugin somehow change the ID 1 (administrator) account password, something it should not be able to do. If anyone happens to have this happen, you don't have to delete the whole plugin in order to get back in.. just comment out the following three lines in your ad-integration.php:

    add_action('lost_password', array(&$this, 'disable_function'));
    add_action('retrieve_password', array(&$this, 'disable_function'));
    add_action('password_reset', array(&$this, 'disable_function'));

    That will let you request a new password for your administrator account.

  23. mrjarbenne
    Posted 4 years ago #

    I was hoping that would work for me, but the site wouldn't load once I made all these changes (just a blank screen).

    I was thinking of attempting a bit of a hybrid of two methods mentioned here: the mu-plugin php script the confirms WPMU suggested by Curtiss, but I assume it being posted 8 months ago it's probably not compatible with the 3.1 Network Admin menu. I'm wondering if I change the first admin_menu mentioned in In file /active-directory-integration/ad-integration.php:

    In public function _construct(): to network_admin_menu if that would be enough to fix it.

    I hate screwing around with this as the site is live and AD users are currently content to return to the main domain to login when faced with a subdomain login fail (although it is clunky and confusing).

    Would the redirect in wp-login.php suggested by kristianjohansen:

    if ($_SERVER['REQUEST_URI'] != "/wp-login.php") {

    need to be changed at all to work on a subdomain setup?

  24. jeeverett
    Posted 4 years ago #


    Hmm.. that sounds like you have a PHP bug somewhere. If PHP decides that it can't process the code of a file, it still sends a blank file. It's usually a parentheses out of place or a missing semicolon. :P

    The method you propose will probably work, with one modification that I can think of.. the $wpmuBaseTablePrefix variable. That one doesn't get assigned in Curtiss' modification, and it's deprecated with no automatic redirect to a new variable. Just look through the code above for where to switch that with $wpdb->base_prefix;

  25. jeeverett
    Posted 4 years ago #

    Oh.. you'll also need to add the network_timeout section from the protected function _save_wpmu_options($arrPost). Otherwise, the database won't store the setting for AD Network Timeout, and it will always reset to zero (which the plugin can't handle).

Topic Closed

This topic has been closed to new replies.

About this Topic