Support » Plugin: Active Directory Integration » RealDolmen IIS Authentication and ADI

Viewing 10 replies - 1 through 10 (of 10 total)
  • I’ve been using these two plugins also, but I setup a scheduled task on the server to run the ADI import once daily, so i’m not too concerned if the ADI update is taking place during login or not. It seems to work great in my environment, but maybe not yours.

    I think I’m real close on this.

    I discovered an issue whereby bulk import did not work unless the local user account had adi_samaccountname present in the user meta. Creating this value programmatically via the RealDolmen plugin solved the issue (had to rewrite the iisauth_create_wp_user function to do so).

    Problem now is ADI does not automatically fetch the user details during the login process. I suspect this is related to the fact that authentication is using an auth token instead of a password, therefore ADI does not understand what to do with the auth token perhaps?

    Trying to use a bind user didn’t fix the issue either.

    What’s your system?

    I can’t get realdolmen and this plugin to work together.

    I have a win 2012 server, and I’m running the WP 3.8.

    Lee Hord


    I’m running a Windows 2008 R2 server with IIS7.5 and WP 3.8, works fine.

    What problems are you getting?

    Users are not automatically logged in.

    My server is Win 2012 running IIS 8 and WP 3.8.

    Any thoughts?

    I should post some more details… 🙂

    This plugin (ADI IIS Auth) works fine. If a user goes to the login page and puts in their credentials, it will connect and assign the proper role to them.

    The RealDolmen plugin (from what I understand) should automatically sign them in with their computer login (same as the AD info), presuming they’re using IE. So if I’m correct, when someone goes to the wordpress install and then to a post, it should automatically have them logged in to post a comment. Correct? If so, that’s no happening for me.

    Lee Hord


    It does indeed sign users in automatically. Have you enabled Windows Authentication in the Authentication settings for your site in IIS?

    I did have Win Auth enabled.

    After some messing around with the plugin, I realized it was an issue with the IP range it was programmed to look for.

    I have ADI enabled as well.

    So, users will be auto logged in with their windows account details. ADI does not do a lookup on the LDAP for their account, so the username, first name and last name are entered as the computer login name.

    Lee, have you found a fix?

    After playing around with the code for the 1.1 Realdolmen plugin, I realized the issue was with the IP range it was looking for. I changed that, and presto, it’s authenticating users and creating WP accounts with their windows login.

    The issue is that their name isn’t being populated.

    Lee, have you found a fix for this to have ADI pull in the details?

    Lee Hord


    The only solution I have at the moment is not perfect. Basically what happens is the RealDolmen plugin authenticates the user and if they don’t exist in the WordPress database it will create a new user. This in itself seems to interrupt ADI and therefore does not automatically lookup the user in AD, simply unhooking the create user function doesn’t make it work either.

    So I had to find another way. One thing I noticed when users are created using the RealDolmen plugin, the user account in the WordPress dashboard is not flagged as an ADI user, therefore when performing a bulk import using ADI it would not fetch the details back. Next I added a new line to the end of the RealDolmen plugin under the last function iisauth_create_wp_user(), here’s my code:

    function iisauth_create_wp_user($username)
    	$userData = array(
    		'user_pass'		=> microtime(),
    		'user_login'	=> $username,
    		'user_nicename'	=> $username,
    		'user_email'	=> $username . '@localhost',
    		'display_name'	=> $username,
    		'first_name'	=> $username,
    		'last_name'		=> $username,
    		'role'			=> 'subscriber'
    	) ;
    	$id = wp_insert_user($userData);
    	update_user_meta($id, 'adi_samaccountname', $username);

    This will save an additional piece of user meta when the account is created by the RealDolmen plugin. What you can then do is have a cron job run periodically to bulk import users, the ADI plugin will then fetch attributes for your users from AD.

    Like I said, it’s not ideal but it does work, but note there will be a period of time when a new user won’t have any attributes in your WordPress database.

    Hope this helps you out.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘RealDolmen IIS Authentication and ADI’ is closed to new replies.