Support » Networking WordPress » Users can log on withtout a password!! LDAP Plugin used

  • We installed the LDAP plugin and use Windows Authentication. So far so good but we discovered by accident if you use a valid Windows Ad username you can logon forthe first time without a password and a blog is created for you. What is more worrying is anyone can log on as another user and have access to that users blog and admin console.

Viewing 5 replies - 1 through 5 (of 5 total)
  • What is more worrying is anyone can log on as another user and have access to that users blog and admin console.

    Which LDAP plugin are you using? Suggest you mention it here and also contact plugin dev and find a resolution for unsecured access.

    We downloaded version 2.8.2 from WordPress.org. wpmu-ldap_2.8.2.tar.gz.

    We set the default of ‘No’ for the ‘single sign-on’ option when configuring this plugin.

    Check out WPMU LDAP plugin version 3.0 at http://sourceforge.net/projects/wpmu-ldap/

    Many, many thanks Mercime. The first thing I should have checked was if there was a newer version available which had this fixed. We have installed it and it works fine. An error message appears that the password field is blank and so it prevents a user logging on until that is done. If the user uses a wrong password it will only allow 2 more attempts to login.

    You’re welcome pknox. Glad it’s working out for you.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Users can log on withtout a password!! LDAP Plugin used’ is closed to new replies.