Plugin Name: Simple LDAP Login
Description: Integrating WordPress with LDAP shouldn’t be difficult. Now it isn’t. Simple LDAP Login provides all of the features, none of the hassles.
URL: http://wordpress.org/plugins/simple-ldap-login/
Features
- Supports Active Directory and OpenLDAP (and other directory systems which comply to the LDAP standard, such as OpenDS)
- Supports TLS
- Uses up-to-date methods for WordPress authentication routines.
- Authenticates existing WordPress usernames against LDAP.
- Can be configured to automatically create WordPress users for valid LDAP logins.
- You can restrict logins based on one or more LDAP groups.
- Intuitive control panel.
Architecture
Simple LDAP Login adds an authentication filter to WordPress that authentication requests must pass. In doing so, it makes several decisions.
- Can the provided credentials be authenticated against LDAP?
-
- If so, is the LDAP user a member of the required LDAP groups (if any)?
-
-
- Does a matching WordPress user exist?
-
-
-
-
- If so, log the user in.
-
-
-
-
-
- If not, is user creation enabled?
-
-
-
-
-
-
- Create the user and log them in.
-
-
-
This is high level overview. This should answer the philosophical questions about how the plugin works. If the plugin is unable to authenticate the user, it should pass it down the chain to WordPress. (Unless LDAP Exclusive is turned on, in which case it won’t.)
The comments below are the quickest way to get my attention for bug fixes. I do try to check the support forums occasionally, but my response times there are much slower.
Fatal error: Call to undefined function ldap_connect() in C:wampwwwwordpresswp-contentpluginssimple-ldap-loginadLDAP.php on line 157
Im getting this error, Im 99% sure all my settings are correct, but when i test settings, it returns to a page with settings saved, and the above message. any ideas?
It sounds like your installation of PHP does not have LDAP compiled. It may be a simple config file change. See this document for more information: http://us.php.net/manual/en/ldap.installation.php
Let me know if this takes care of the issue.
I had this issue too on an Ubuntu Server.
Installing php5-ldap worked for me:
sudo apt-get install php5-ldap
sudo /etc/init.d/apache2 restart
This is great, it was just what I needed. Thanks!
I had this issue too.. If you are using Apache, for example, you must active the ldap extension in php.ini
;extension=php_ldap.dll >> extension=php_ldap.dll
Hi Clifton.
Great plugin! I’ve been looking for something that integrates with AD and doesn’t break XML-RPC. Thanks!
I have a small problem. AD isn’t username case-sentitive but it seems that your plugin is. Any chance of making it case insensitive?
Hi Fredrik,
I’m glad the plugin works well for you. The case sensitive username issue is not actually an issue with my plugin in this instance. WordPress itself seems to enforce this case sensitivity.
There are plugins that override this functionality but unfortunately they conflict with my plugin. I will consider adding that as an advanced option, but I’m leary of adding even more features to my “Simple” plugin. 🙂
Hi, and thanks for a great plugin.
I’ve added a small feature to adLDAP to support TLS so that passwords are not sent in the clear; I’ll send the patch upstream and you’re welcome to it too if you like, it’s very simple.
One thing I’ve hit a problem with. I’m using the feature to create users in a certain group. It works fine except that I’ve asked for new users to be made Authors, but they are being created as Subscribers. A log of what’s going into the userData array supplied to wp_insert_user() shows that ‘role’ is set to ‘Author’ so I’m mystified as to why it’s not working. Any ideas?
Cheers!
Small addition to the above; the new user gets created with whatever the default is in the blog’s settings. So I can work around the problem by changing the default to Author, which is fine because this is an intranet blog so everyone can be an author. Still perplexed why your option isn’t working though!
Thanks for all of the feedback. I’m perplexed as well. I never tested that option thoroughly because it seemed so obvious and I knew the array I was sending was complete.
I wonder if there is a case sensitivity problem here or something. I guess I’ll have to look at what is actually going on in the database…what role is being recorded and what it looks like once it is changed.
TLS support is a good idea. Send me the patch and I’ll include it in future versions. 🙂
This seems to be a bug, or incorrect documentation of the API, in WordPress. wp_insert_user() ignores ‘role’ if it’s creating a new account!
I’ve raised a ticket at http://core.trac.wordpress.org/ticket/9891
My TLS patch is at https://sourceforge.net/tracker/?func=detail&aid=2794301&group_id=104193&atid=637242
I’m releasing a small update to fix the role problem as well as disallow LDAP users from logging in if they are removed from the specified group.
I decided to not incorporate the TLS patch into this as I’m afraid it could create problems for those who do not have their LDAP installations sufficiently configured.
I did have one question though: you patched adLDAP but in your patch description you talk about modifying your openldap configs…this makes me think you are using the plugin with OpenLDAP but have the plugin set to Active Directory. Is this true?
I ask because I was under the impression that adLDAP doesn’t work with OpenLDAP at all. If it does, I’m wondering if I wasted my time creating two binding methods. 🙂
Part of the problem is that I don’t have a fully functional OpenLDAP installation to test with. I have thought about setting one up but haven’t followed through yet.
Any feedback you can give me on this would be great.
You can download version 1.3.0.1 here. Warning: it has the original version of adLDAP.
http://downloads.wordpress.org/plugin/simple-ldap-login.zip
All you’d need to do is change the initialisation of $_use_tls to false instead of true and it would have no effect unless specifically enabled. TBH I should have set it that way in the patch, I just didn’t spot that I’d left it true until too late!
Not quite. I’m using the plugin on Linux, which uses openldap (lowercase) as the client library, configured in /etc/openldap/ldap.conf. But I am authenticating against a Windows Active Directory server, not an OpenLDAP (mixed case) one. Make sense? 🙂
I think you are correct that adLDAP is only for talking to AD servers, not OpenLDAP ones, so you do still need your two binding methods.
I just installed Simple LDAP Plugin, and it’s working, to a point. I have it set to automatically create a wordpress account upon successful LDAP authentication, but when I try to login as a valid LDAP user that doesn’t have a wordpress account, I get:
ERROR: Invalid username.
However, if I login using a valid LDAP user who DOES have a wordpress account, I get logged in.
Any ideas?
Thanks,
Kurt
Are you using OpenLDAP or Active Directory?
We’re currently using openLDAP.
One more thought: Have you tried the dev version linked to at the end of this article? I don’t think it will fix any of your problems but the error message might be more useful. (Possibly…if you’re just getting “Invalid username” with no details, it’s hard to say)
It’s worth a shot though.
I may give that a shot when I get back in the office on Tuesday. It’s certainly worth a shot, if it’ll potentially give a better error message.
I am using openLDAP and I got the first option to work, that is the default option where the I log into with existing usernames for both wordpress and LDAP.
However, I am trying to get the second option to work but it keeps throwing me the error message: Invalid username. Simple LDAP Login mode allows account creation but the LDAP credentials provided are incorrect.
So I am assuming it is the code somewhere between line 108 and 134 for the simple-ldap-login file.
Any suggestions? I am trying to debug it at the moment, I will let you know if I find something useful.
Actually, the default option doesn’t seem to be working too great anymore, it seems to only work for one of our accounts “pc01” but not “pc02”, “pc03″… etc. It just so happened that pc01 worked and I thought it was working.
I can’t imagine it working for one account and not another under the first option. I’ve had several reports that the OpenLDAP login code is working well for a few people.
Can you try downloading the dev version linked to above? It’s version 1.3.0.1 and it’s error messages are a little more instructive. I preemptively added a “location” suffix to them to help with debugging in the future.
Thanks Clifton, I am pretty sure it was a problem on our end, the openLDAP creating new users also works now that I have upgraded WordPress to the latest version.
Just wondering if you are considering the option of creating new blogs for the users that authenticate for the first time.
Also, it seems that the role option doesn’t seem to be working using 1.3.0.1 for our us, everyone created is still a subscriber.
Hi there,
Thanks for the plugin, it seems to work as intended, except for one little thing.
I’ve got it set to create a user in WP upon successful authentication against AD, but when I try to log in with a valid AD user, I get the following:
Array ( [user_pass] => [user_login] => Michiel [user_nicename] => Michiel [user_email] => michiel@domain.com [display_name] => Michiel [first_name] => Michiel [last_name] => [role] => Contributor )
Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 649
Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 650
Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 651
Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 850
This is using version 1.3 of the plugin, with a completely fresh install WP 2.7.1.
The odd thing is, after I see the above error messages, when I try to log in with the new user by going back to the login page, it works. The user is actually successfully created it seems.
Any ideas where these errors come from and how I could fix this?
Thanks
This a weird error message that I have seen randomly with every plugin I’ve written. One of my plugins had this problem because there was a single blank line at the end of the main plugin file. Strange…I know.
Is this happening every time? Perhaps reinstalling the plugin? (Just replacing the files will work…settings will be saved.)
You might also try the dev version linked to above, though it’s in a transition stage to implement new features. (Should work though)
Yeah, this happens every single time I try to log in with a user who does not exist in the WP user system, but is valid in AD.
I tried reinstalling it as per your suggestion, but I keep getting the same error. I tried installing it via the new plugin auto-install system, and tried it manually; same result.
I’ll do some more testing, see if I can find out what the issue is. Thing is, tbh I know jack all about code, I just know what buttosn to press to make stuff happen every now and then 🙂
Thanks for checking back. I’ll take a look at the code and see if I can imagine why this would happen.
What version of PHP are you using?
PHP 5.2, with a pretty vanilla Apache.
Anything else you might want to know?
Also, thanks for taking the time to look into this. Much appreciated.
Excellent plugin that works as advertized!
I have worked on this all day with other plugins and was never able to get them to work. Installed this and was connected to AD within 5 minutes. The only reason I didn’t go with yours to begin with is that I need to be able to have users, when created, put into a specific WP role depending on their AD group. Is this a feature that may come in the future?
Either way, the plugin is excellent!
I’m glad it works for you! I had the same experience which is why I wrote it. It seemed like it didn’t have to be so hard.
I hadn’t considered that possibility but I’ll think about it for future releases.
Btw, the role setting doesn’t work at all in version 1.3. Download 1.3.0.1 to fix this. (Though it may have other bugs…haven’t gotten the chance to test it fully)
I’m currently getting an Incorrect Password error when trying to login with a network account. The plugin is currently set for Normal Mode.
First I entered all the settings that are required.
I then used the Test Setting box to verify that a username and password in AD can successfully authenticate. I receive the “Congratulations!” message and move forward.
Using the same name i verified with the test tool, I then created that account WordPress.
After logging out of my admin user, at the main page I am unable to login using the newly created account.
I’m not really sure where I went wrong. Any suggestions would be greatly appreciated.
Thanks!
Justin
That’s strange. Which version are you using?
Im using the 1.3 Version in WordPress 2.7.1.
Today is my first time trying to use this Plugin, so I’m not sure if its caused by the way I have things installed.
I figured if the test tool said that it can authenticate, it should work though. I have tried several accounts in the test tool that are only in AD, and all have authenticated successfully.
I turned on the Account Creation mode too, and tested an account and got the incorrect password as well.
Well i tested a few more things tonight.
First I upgraded XAMPP and created a new dev WordPress directory. The plugin worked correctly in the dev wordpress. Funny thing though is I got the same error message as Michiel above when i created a new user.
I went back to my other install of WordPress that i was still having problems and removed the plugin, re downloaded it and installed it. I noticed it retained all of the domain information that i entered before. Where is this information being held? Is there anyway i can reset this saved information? Maybe when i entered it in the very first time, i entered something incorrectly and its retaining that incorrect information.
I forgot to mention, even after the error it successfully created the user and i was able to login with it. It just gave that nasty error at user creation.
The theme our Graphic Designer chose for the site is whats causing the issues. I applied the theme to my dev site and the login stopped working. I was still able to use the test tool to authenticate under the admin panel while the theme was active though. Bummer…
I know its something outside of the plugin causing problems, but at least it might be a reason others are having problems.
Here is the theme we are using if your curious: http://wordpress.org/extend/themes/atahualpa
I am having this same problem with the theme I developed. I was wondering if anyone knew of what could be causing themes to break the authentication? The two just seem unrelated.
I found the issue. The plugin uses the variable $options and it conflicts with a variable used in my custom theme options. Thanks for this awesome plugin!
Odd thing is, I’m still using the default theme while trying to implement some of the (to us) more important plugins like this one. I would assume that the default is what it was developed against, or tested on.
Anyways, I figured the error messages problem out. I had a look at the code for the plugin, and started looking for the line numbers referenced in the error itself. Turns out, the Simple-LDAP-Login.php file on line 99 says the following:
print_r($userData);
I found out that the main error itself (Cannot modify header information – Headers already sent by) means that the code for some reason is trying to send data while being told afterwards to redirect you to another page by using a header command. Which makes sense, the plugin tells WP to create a user and log in with it, and then sends that users on his/her way to the dashboard. Long story short, all you have to do is comment out that print_r($userData); line and that should be it. Fixed it for me in any case. Commenting that line out is done by inserting two slashes before the line of code in the Simple-LDAP-Login.php file so it looks like:
// print_r($userData);
That’s all folks.
Oh, and damn you Clif, you made me try and learn to at least understand code now 😉
Justin,
I noticed that when I was working on 1.3.0.1…not sure how that slipped by.
I’m sorry that caused you so many issues! I’m going to do some testing with 1.3.0.1 today and tomorrow and try to fix some of these issues and release the version.
Thanks for your help!
No worries, the new features of the plugin are sweet. Thanks for your help and dedication on looking into the issues. = )
I still haven’t gotten a chance to do a proper review of the code for the next release. I expect to be able to do this either this weekend or sometime next week. Thanks for your patience.
Hi Clifton,
I am using “Simple LDAP Login” for my application which is using wordpress 2.8 , after setting the credentials in the settings tab when i use your testing option at the bottom of the page then it gives me the congratulation message.
But when i try to login from the frontend after signout from the admin section with valid username/password that exists in LDAP it gives me the error message
“ERROR: Invalid username. Simple LDAP Login mode allows account creation but the LDAP credentials provided are incorrect.”
And when i do testing with same username/password it shows congratulation message.
Please suggest for the same , where i am doing wrong.
Gaurav
Hi,
I have the same situation.
From the control panel it works, but not from the login screen.
Also with version 1.3.01.
I have a same problem too.
Is there any solutions about that?
I haven’t seen this issue before.
Unfortunately, I don’t have an installation to test with at the moment. (I no longer manage the installation I originally developed this for.)
I will say that I know a lot of users who are not having this issue.
Are you guys using the OpenLDAP option or AD?
I am getting an error like “Invalid username”. But in the test-panel it is working properly. Not on the Login screen. I am on wordpress 2.8
I’ve upgraded to version 1.3.0.1 and still can’t get the roles to work correctly. I have it set to create them as Editors but its not settings roles at all. I’m using option 3 to just allow a certain group to log in. Could this be causing something?
solved my own problem by changing
‘role’ => get_option(‘simpleldap_account_type’)
to
‘role’ => strtolower(get_option(‘simpleldap_account_type’))
It does appear that the role name needs to be lowercase in order for accounts to be created correctly. When the wp_options simpleldap_account_type value was set to ‘Author’ my users were being created with no role. When I changed it to ‘author’ it appears to work fine.
This plugin works for me with OpenLDAP& wordpress 2.8.1. I also would like to use the group feature but it currently works for AD but not OpenLDAP. Hope it can be used via OpenLDAP as well soon.
I am trying to use this plugin for wordpress. I am confident about the configuration settings, but for some reason it is not passing. Can I get some help here ?
Test Results:
Failure. Your settings do not seem to work yet.
Forgot to mention: I am using wordpress 2.8.1
I have the beta dev version installed on a wordpress 2.8.2 installation and am attempting to auth user’s against apple’s version of the openldap directory. In my server logs, I was seeing invalid passwords entries even though I knew I was typing the password correctly. It turns out that in the password I was using to test with, there was an apostrophe (‘). So at some point in the login process, the password was being corrupted because it was not sanitized for special PHP characters. I don’t know what the solution to this problem is, but I wanted to throw it out there because maybe there is an easy fix.
Oh, and once I replaced the apostrophe with an underscore, the authentication worked just fine.
We’ve run into the same issue here… We have had a couple of complaints now with people using apostrophe in their password. This could potentially open the door to some sort of injection attack, if the password is not being properly escaped.
I don’t think an injection vulnerability is likely unless one exists in adLDAP itself.
I’m not really sure what the root cause is here. I’ll see if I can report an issue with adLDAP.
———————————-this is my root openLDAP——————————-
# root, People, politel.edu
dn: uid=root,ou=People,dc=politel,dc=edu
uid: root
cn: root
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJFliTTVrcmxhJE1GRXd2emVvN2FpU3V1MjdiNzFrdy8=
shadowLastChange: 15046
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root
————————–this is my drupal config———————-
account suffix : @politel.edu
LDAP login attribute : uid
base DN : dc=politel,dc=edu
Domanin Controller : ldap.politel.edu
when i try to connect with admin ldap. it’s return:
Test Results:
Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.
OMG, this error message make me crazy.
We’ve run into the same issue here… We have had a couple of complaints now with people using apostrophe in their password. This could potentially open the door to some sort of injection attack, if the password is not being properly escaped.
I don’t think an injection vulnerability is likely unless one exists in adLDAP itself.
I’m not really sure what the root cause is here. I’ll see if I can report an issue with adLDAP.
I implemented the ldap 1.3.0.2 on our system and chose to “Create WordPress account for anyone who successfully authenticates against LDAP.”. Evrytime someone login it creates a username on wordpress. So now I have lots of user with the same username. It is so wierd.
I am also getting this error on the Admin screen
“Oddly, your version of PHP doesn’t allow file_get_contents to use URLs. But even more oddly, your browser doesn’t allow frames! I think it’s time for you to consider leaving 1998 in the past.
“; ?> ”
I am running windows 2003 with PHP 5.2.6
Fixed in 1.3.0.2.1. This is seemingly the day of updates!
This plugin seems awesome but i’m using simple LDAP Login 1.4.0.5.1 and i get this error with file_get_contents. WTF ?!
What error are you getting?
—
Clifton Griffin
Wordpress Consultant | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
Hi,
My error is:
Oddly, your version of PHP doesn’t allow file_get_contents to use URLs. But even more oddly, your browser doesn’t allow frames! I think it’s time for you to consider leaving 1998 in the past.(Great joke ;p)
“; ?> in the frame of the annoucements. But i have the version 1.4.0.1 of your plugin, PHP 5.3.13, i use this in local with wamp2.2 64 bits. I try on a different computer and i have the same error and the connect to the ldap fails… I don’t see anything in the apache log….I’m doing a study about wp-plugin and multisites… and with two others plugins it’s work… I really want to authenticate with your plugin, do you have any ideas?Thanks in advance.
i tested it in crome and set plugin mode = HIGH.
same error :
Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.
This plugin seems awesome but i’m using simple LDAP Login 1.4.0.5.1 and i get this error with file_get_contents. WTF ?!
What error are you getting?
—
Clifton Griffin
Wordpress Consultant | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
nevermind I fixed…. It was the case sensisitivity. I converted them to lower….
Hello! We’re using your plugin for our school district’s upcoming transition to a WordPress-Mu based web site, and it’s working very well so far. LDAP authenticates successfully against our AD server, and everything is going well there.
The only odd thing is that it only works properly when users log in to the main district blog (i.e., our home page, /) and not when they try to log into their own blog or school blog (e.g. /ccarman or /rhs). When I go to those blogs’ dashboards, I see the default bogus settings for the plugin, which points to mydomain.com etc., so obviously that’s not going to work. Do you know of any way to either:
A: grab the LDAP settings from the main blog for all other blogs (ideal), or
B: redirect any requests from /blog/wp-login.php to /wp-login.php, so they don’t get confused.
I think we can accomplish “B” with themes, but I’d like to do a redirect if possible. Thanks!
I believe this is because of how WordPress-MU operates. I will investigate the feasibility of having global settings for all blogs and get back with you.
Any news on using global settings for MU. This would come in handy for me right now….
Try putting the plugin in the mu-plugins folder. I think this will enable it globally for all blogs.
I was encountering an issue where authentication would fail if the password contained a backslash (or other character that is escaped by whatever is doing the escaping). I had to add the following line to the
authenticatemethod defined at line 197:$password = stripslashes($password);I imagine this is the same issue described in comment #52 above.
QUOTE:
If you are using Active Directory, you will probably need PHP 5. This is because I’m using adLDAP 3.0 to do my Active Directory integration. As far as I know, the rest of the code should work with PHP 4. It is also possible that the functionality I’m using with adLDAP 3.0 does not depend directly on PHP 5. Your mileage may vary.
QUESTION:
I get an error activating the plugin, I only have PHP4. Do I have to do something to turn off the adLDAP stuff? I’m not using it, but apparently it’s trying to load it.
There may be other portions that only work in PHP5. What is the error message you get when activating?
Is there a reason you haven’t gone to 5? Most hosts make it extremely simple to switch between versions.
It’s an old host that we don’t want to break anything on. 🙂 Not sure what else on there may be affected. Anyway, it is dying on trying to load the adLDAP module. I just was curious if there was a way to turn it off so that it didn’t even try. I’ll poke at it here. The funny thing is that I saw the upgrade come along, and I thought we were using the previous version just fine, but the plugin wouldn’t re-activate. So it seems like something in the most recent update. I’ll post back when i find more.
What version were you on before?
You can always try replacing the adLDAP.php file with an older, PHP4 compatible version from the adLDAP site if you believe that’s the issue.
Thanks, rolling adLDAP back to v2.1 which supports PHP4 works fine. Since that is only required for those using Active Directory, I wonder if you could change your plugin code to only require it if it was being used. Probably not worth the effort, though. Eventually all these old boxes running PHP4 will die. 🙂
Version 1.3.0.2.1 works perfectly with my Active Directory, but version 1.3.0.3 fails with the following error (when testing settings):
“Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.”
Any ideas on why the latest version has broken AD authentication?
Please ignore. I don’t know what happened but after going back and forth between the two versions, it now works?? I will make another note if this occurs again or open a ticket.
I see now. If the user does not exist in the wordpress database, the authentication TEST fails. This was not the case in 1.3.0.2.1.
Did you ever get this plugin to work, with the 1.3.0.3 version, or does the authentication still fail ?
I could use some help. I am using wp 3.4.1 and ldap login 1.4.0.1. Using OpenLDAP.
I have the correct settings, as far as I can tell but it does not auth.
Firstly, what is the account suffix option? is that just an AD thing?
I need the login attribute to be uid, but as far as I can tell with my bad php it does not search for uid?
$result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(‘cn’)); $ldapgroups = ldap_get_entries($ldap, $result);
What is the ldapgroups? I do not want it to check any groups. Just search the base dn for the uid, if it is successful, it logs in.
Thanks
re reading this, you say
//Ok, we should have the user, all the info, including which groups he is a member of. //Now let’s make sure he’s in the right group before proceeding.
but what group are you looking for?
alright, I have it working. I worked it out.. I assumed you “searched” for the bind dn, but then you would need an admin.
With the Base DN you have in options, you want the full user DN.I have multiple companies over different DN’s, so I can only let one DN to login.a little bit limited, but I get it. 😉
features requests:
allow a user which has unlimited read so you can use a search to find the user.
Hi, firstly, great plugin, thanks.
I’m wanting to use the
‘Create WordPress account for users in specified AD group:’
Is it possible to check more than one AD user group?
Thanks, Chris I’m glad you like it. There is currently no way to do this. . I plan to support this type of functionality in the future but have yet to implement it.
I want to be able to let users link groups to account types and so on, but it will take a bit of work to get there. What I did in my organization was create a group to add all the other groups to. This should get around the problem.
Hi, tanks for a great plugin! But I have a problem with openldap where I use memberUid instead of memberof. Got this message:
Warning: Invalid argument supplied for foreach() in simple-ldap-login/Simple-LDAP-Login.php on line 205.
Do you have any tips?
There appears to be two problems that I can immediately find which prevents my use of this plugin, unfortunately.
One, the LOGIN varaible appears to be preset to “uid” and I don’t see anywhere to change that other than editing the code. However, we don’t use “uid,” we use something else.
Second, it doesn’t look like you are connecting to the server via TLS. This is required by our LDAP server.
However, I’m still not totally sure if these are the only things that need fixing for it to work for us, because even after I changed uid to what we needed and threw in ldap_start_tls($ldap); into simple-LDAP-login.php, it still doesn’t work, so….
Hi Josh,
You are not the first to suggest TLS. I briefly investigated adding it in the past, but without a way to test it and only one user requesting it, I abandoned it.
For the second, I will have to investigate that as well. I have no encountered a situation like yours.
I can’t make any promises on when these things will be addressed. At the moment I have no installation (test or otherwise) to test against.
Your plug in is exactly as advertised: simple and gets the job done. Thanks!
Lately, I’ve been running it in a WordPress MU installation and that seems to work without issue as well. Only problem is at my end: I have to configure settings for each new blog a user creates. What I’d like to do is configure the settings within the plugin file itself, without any calls or writing to the database. Can you help point me in the right direction?
Thanks,
Stace
Hi Stace,
If you look in the code for function simpleldap_activation_hook() you’ll see that all of the default settings are declared there.
If you change these to what you like (should be *fairly* straightforward), any new blogs that activate the plugin should pickup the new settings.
Because I use add_option, blogs that have already had the plugin activated before will not benefit from this change.
And, remember, if you do an upgrade in the future, those defaults will be reverted to my defaults (though your settings for existing blogs will be fine).
I hope this makes sense.
Clif
Hi Clif,
Thanks for the reply! Swapping out the defaults as you mentioned does, indeed, work. But this is all for a K-8 elementary school where everything needs to be locked down. In other words, they will still be able to access the admin panel and mess with settings.
I think what I’d like to have is no admin panel and nothing writing to the db. I know this is totally NOT what your great piece of code is all about but any chance you could help me get there?
Thanks,
Stace
I’m not sure I understand. The users who need to login shouldn’t have access to the admin panel in any capacity? That seems to defeat the purpose.
If you don’t want them changing settings you could always set the default role to Subscriber or something incapable of making changes. (But, depending your setup, it is questionable they would even need to login at all if there role would be subscriber)
Maybe some more information would be helpful.
this plugin allows subscribers to view the LDAP settings !!!!!
ridiculous low level of security.
Elvina,
This is the first I’ve heard of this. The call to add the options page requires a level 10 user. This is a deprecated way of adding an options page, but it still works.
You sure this this happening? How are you accessing the page from the subscriber role?
Clif
Hi all,
I used the plugin today for my wordpress blog against OpenLDAP. I want to contribute as I solved some problems for my installation.first: in openLDAP setups, usually, BASE_DN looks like: ou=users,dc=example,dc=com, so if someone miss ou part, it will not work.second: once you add ou=users, then the group authentication will fail. then you have to tweak the code in the main php file as: //$result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(‘cn’));
$result = ldap_search($ldap, “ou=groups,dc=example,dc=com”, “memberuid=$username”, array(‘cn’));please note another change as “memberuid=$username”.I am not an expert, but these changes may hopefully help someone to make the setup work. And Clif may find these suggestions helpful to update the plugin.
Thanks to Clif for this handy plugin.
This worked for me, thank you msuzer.
Clif, I noticed that in some of the older versions in svn… it looked like you were working on adding the group suffix and group member attribute as settings that can be changed. Is that on the road map at all?
Thanks for making this great plugin available!
Hi Cliff,
I had it set up so that everyone needed to login to view our site, LDAP users were made subscribers. When they logged in, the wordpress dashboard shows them their profile and your plugin settings page. (using wordpress 3.2)
i changed this line
function simpleldap_admin_actions()
{
add_options_page(“Simple LDAP Login”, “Simple LDAP Login”, 10, “simple-ldap-login”, “simpleldap_menu”);
}
to:
function simpleldap_admin_actions()
{
add_options_page(“Simple LDAP Login”, “Simple LDAP Login”, ‘install_plugins’, “simple-ldap-login”, “simpleldap_menu”);
}
and now it doesn’t show.
cheers
Sorry to be confusing. The application is this: setting up WPMU for a specific class project in which each student will create their own website. When a student creates their blog(site), they are, of course, admin. Which is fine, up to a point.
We want them to have control over most aspects of their site but there are several backend areas I’d like them to stay out of and authentication is one of them. Because we’re a school, we require users to authenticate against our LDAP to get access – using your simple plugin. If the kids can modify it, they will, just to see what happens. So I would like to take out the settings page for the plugin and just configure within the plugin file.
Does that make sense? I want admins to have some access but not to this.
Thanks,
Stace
I understand now.
Unless you make them full admins, they won’t see the settings page. Make them Contributor or a more minor role like that.
The plugin is designed to only let administrators use the admin page.
OK – thanks!
Can this plugin be configured for SSO with active directory?
We’re using an instance of WordPress MU and havent had any luck with any of the other LDAP plugins with passing in the currently logged in users credentials. Can this one auto log-in users?
Thanks,
Dez
I love your plugin! it is simple and straight to the point.
I do have an issue though and not sure how to resolve it.
I have setup an internal blog site on our intranet. The thing is is that our intranet is on a wan where we have people on different domains that want to login.
Your plugin states that it can have mulitple domains but I can’t seem to get this working.
each of our domains requires a different Base DN
and after some testing i have discovered the suffix also plays a part.
Could this be a new feature request or am I missing something?
Thanks,
Caleb
This plugin is really great, but I’m having one problem implementing it.
When I navigate to the login page of my blog, an error message appears just above the normal WordPress login box saying, “Error: The username field is empty.” If I then enter my domain credentials in the login box, it will accept them and log me in.
I’ve traced the error to line 72 of the Simple-LDAP-Login.php file. I can even hard-code a $username and $password value from AD into the file, and it will log me in.
Any ideas of how I can resolve this?
Thanks!
Hi Phillip,
This is a known issue. (http://traq.clifgriffin.com/simpleldap/ticket/7/) As it does not impede the functionality of the plugin in anyway, I have not spent a lot of time researching/fixing this.
It will be fixed in the next version though!
Clif
Nice plugin! I’ve gotten it to work with AD (Win2003 R2 SP2) and Linux (Debian) apache2 and php5-ldap, etc. However, I’ve noticed accounts authenticate ONLY IF the Display Name = User Logon Name in the AD. Typically the Display Name is the user’s full name and not the Logon Name. Changing an AD db of users with accounts like this would be a major workaround.
I noticed this is the case for both login modes “Authenticate WordPress users against LDAP” and “Create WordPress account for anyone who successfully authenticates against LDAP”.
Any suggestions? Thanks.
I am using Version 1.3.0.3, and have a problem when new blogs get created, the LDAP configuration is empty, and it has to be manually configured. The problem arises when the user needs to login from the blog’s own login page, it does not recognize the LDAP credentials, and gives me an “Incorrect password error”.
The plugin is activated site-wide, and still does not work
Maybe useful for others (1.3.0.3): If you use OpenLDAP and created your entries with DN “cn=…,ou=…,o=…” be sure to change following line in Simple-LDAP-Login.php:
define (‘LOGIN’, ‘uid’);
to
define (‘LOGIN’, ‘cn’);
Maybe this should be a configuration option?
I was able to patch this plugin to make it work with my company’s Domino server. Basically, use the OpenLDAP mode and make the following code changes:
In Simple-LDAP-Login.php, find every
$ldapbind = @ldap_bind($ldap, LOGIN .’=’ . $username . ‘,’ . BASE_DN, $password);
and change it to
$ldapbind = @ldap_bind($ldap, $username, $password);
And in Simple-LDAP-Login.php find every
$result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’ […]
and change it to
$result = ldap_search($ldap, $ldapconfig[‘basedn’], ‘uid=’ . $username);
YMMV.
If enough people badger me, maybe I’ll fork the plugin, strip out the Active Directory stuff and just call it “Domino LDAP login” or something like that, and publish the fork.
Is is possible to change the LDAP password from within WordPress? If I use the profile page it seems to only change the local user password.
Should this work if I install php and then install php-ldap.i686 instead of compiling php with ldap support? According to the package descriptions, the php-ldap packages are supposed to add ldap support to php. I ask because I am unfamiliar with compiling.
Yes.
Installing php-ldap would be preferable.
I have configured the plug-in (v1.3.0.3) to work with our Active Directory, however some accounts are able to login and others are not. In testing the accounts that do not work using the Test Settings, I get the message “Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership”. Is there anyway to debug why one account would work and another won’t? I’m assuming it’s a permissions setting within AD, but not sure what it would be. My Sys Admin says there should be no difference between accounts, is there a way to debug the call to get additional details on what the issue is?
Oh, I forgot to mention. I am not limiting access to any specifc AD group. If you can authenticate to AD, it should create the account in WordPress and allow the person in.
Are all of the users in basically the same Forest/Tree/OU structure?
Or do you have users that are located at the same level in the directory that one works and the other doesn’t?
This wouldn’t work for our Active Directory because it does not use a Bind User for authenticating to AD. If this does not work for you you should try the Active Directory plugin, I did get it to work.
A bind user wouldn’t matter for simple authentication. If you’re using group membership, it will try to bind with the user that’s logging in (I think).
Is your directory configured to prevent this? (I can’t imagine why this would be true…just asking)
I think it is default behavior in a Windows domain. I first thought it would bind using the user login also, but that wasn’t the case. At least I couldn’t get it to work. I got a clue when a vendor setting up a different Linux application needed a bind login for there app to do the same. Thx.
It seems to me that even if an installation is configured so it doesn’t need to bind to read group information, you would still be able to bind to read group information.
I am using Version 1.3.0.3, and have a problem when new blogs get created, the LDAP configuration is empty, and it has to be manually configured. The problem arises when the user needs to login from the blog’s own login page, it does not recognize the LDAP credentials, and gives me an “Incorrect password error”.
The plugin is activated site-wide, and still does not work
You placed it in the mu-plugins folder?
Hi,
Does this work with wordpress version 3.4?
It should!
—
Clifton H. Griffin
me@clifgriffin.com | 434.229.2474 | @clifgriffin
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes Sent with Sparrow (http://www.sparrowmailapp.com/?sig)
From where should I add ldap group and ldap group members through simple ldap login page?
Hi! I’m tryin to authenticate via LDAP and got some troubles with my LDAP-tree with many ou-containers.
In example, i have containers ou=dev,ou=users,dc=examble and dc=com, ou=test,ou=users,dc=examble,dc=com
BASE_DN ou=users,dc=examble,dc=com
And authentication fails…
Here is small patch:
case “directory_ol”:
//OpenLDAP create all
$ldap = ldap_connect(LDAP_HOST, LDAP_PORT)
or die(“Can’t connect to LDAP server.”);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION);
$ureturn=@ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ‘sn’, ‘givenname’, ‘mail’));
$uent=@ldap_first_entry($ldap, $ureturn);
$bn=@ldap_get_dn($ldap, $uent);
$ldapbind = @ldap_bind($ldap, $bn, $password);
if ($ldapbind == true)
case “directory_ol”:
//OpenLDAP create based on group
$ldap = ldap_connect(LDAP_HOST, LDAP_PORT)
or die(“Can’t connect to LDAP server.”);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION);
$ureturn=@ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ‘sn’, ‘givenname’, ‘mail’));
$uent=@ldap_first_entry($ldap, $ureturn);
$bn=@ldap_get_dn($ldap, $uent);
$ldapbind = @ldap_bind($ldap, $bn, $password);
//$ldapbind = @ldap_bind($ldap, LOGIN .’=’ . $username . ‘,’ . BASE_DN, $password);
if ($ldapbind == true)
Hi, i have a big problem, when i Active the plugin i can’t see my CSS and Images.
so my login has a nasty look.
any ideas?
Hi Clifton, Using the plugin with OpenLDAP, its working fine, WordPress is authenticating against our directory. I have a question about adding some extra functionality to the plugin though, maybe you’ve taken a look at this already. We’re setting up single sign on for a number of things, but initial registration of a user will happen in WordPress. I’d like for WordPress to add an entry to the LDAP directory when a new user is created rather than the other way around. Any ideas? Cheers
Hi Tony,
Unfortunately, creating LDAP object is a different ballgame and not something I intend to include.
If you are familiar with PHP, I encourage you to take a swing at it yourself. The WordPress plugin model is very simple and I think you could make a lot of progress quickly.
If you have any questions, I’ll do my best to answer them.
Clif
Cheers Clif, I’ll give that a go, took a brief look and it should be do-able
Great plugin! I get an error each time I (or user) tries to get into the dashboard even though they are logged in. “ERROR: The username field is empty.” Any help would be much appreciated. Cheers, Dan
Still get this error and I have raised a ticket but get an error when I try to view that too! Any help on this would be great as its causing some fuss with our users. Cheers, Dan
I am getting this same error. I can not even get to my dashboard. Can anyone help?
James, Daniel…sorry I missed these comments.
I’ll send you guys an e-mail shortly requesting more information.
Hi Clif,
Why is it that the settings don’t ask for the ldap server? Is it assuming localhost? Is it guessing it based on the Base DN and/or Domain Controller?
Thanks,
Amir
Nevermind – Controller=Server – I misunderstoond the Domain Contoller settings that someone had put in place earlier. Still, I can’t log in because my manager username is a different DN than the Base DN…
Hi Clifton,
I’ve been using your plug-in and it has been working great except for the last 3 months.
It seems I’m having the same issue as James and Daniel so I’m interested in reading what you shared with them to resolve their issues.
Sent you an e-mail. (For others, I don’t remember specifically what was done for this problem.)
Hi Clif,
Looks like you’ve been getting a few spams lately. If you’re not already using it I recommend WP-HashCash – this is completely invisible to anyone using a normal browser to add a comment as long as they have javascript enabled, but prevents bots (which generally don’t have js) from adding comments. You can configure it to just put failures in the Moderation queue in case of false positives – I don’t know what the false pos rate is because I don’t get many genuine comments on my sites *sniff* but it has successfully stopped every single spam attempt.
Hi clif,
The users created by ldap plugin doesn´t sync with buddypress. How can I do this?
At this moment all my users doesn´t have an entry in the wp_bp_xprofile_data table.
I believe the problem is with user_nicename. The buddypress and this plugin have differing views on what that field should be.
I change this plugin to set the user_nicename to be the same as username and buddypress sprang back to life.
Hey there, I just installed Version 1.5.5and it the “Required Groups” still does not work? Any idea what I am doing wrong, how to troubleshoot this. I would like to implement this feature, but each time I enter an exiting LDAP Group in the “Required Groups” fields my my login fails (yes, I am part of the necessary group and yes, I tried the Long name, the short name as well as the group ID – same result with all three…
Hi Clifton, I´m using Simple LDAP with BuddyPress. The authentication goes fine, but the new user created by the plugin doesn´t get an entry in the xprofile’s tables. How can I managed that, since without this, the activity replies doesn´t show properly?
Thank´s in advance.
I’ve made additions to plugin which allow for connecting through an LDAP proxy with an intermediate user name (required in some environments). Is there a way to get this code to you for possible inclusion in the next version of Simple LDAP?
Hi Benjamin,
Thanks for your contribution.
At this point I’m not spending any development time on this plugin. I have too many other profitable projects I’m managing.
I do plan to eventually make changes to this plugin, but I think that will mostly be a setup where users can contribute their own various versions of the plugin for others to use.
Feel free to e-mail me a copy of your changes and I’ll attempt to include them when I make these changes. (Hopefully in the next month or two)
Clif
Will do. Can you pull the email address from my post and send me your address?
Hi Clifton,
Does the plugin work on WP 3.0? For the account suffix, if i dunt have suffix, would the plugin still work? Thank you!
james
I’m not sure on either of those. I haven’t had a chance to test it.
Is there a possibility to bind non anonymously to the ldap server in simpleldap?
It is common with Active Directory to deny anonymous bind if security is an issue.
Thanks. B.
Do you have time to look this over and tell me if you think Simple LDAP Login for WordPress will accomplish my goals? I am a complete amateur and not at all skilled in this sort of thing, but if I use your product I will donate. After reviewing what follows please tell me whether you think Simple LDAP will do the trick and also give me an opinion on whether you think a complete amateur will be able to administer it.
What I’m trying to accomplish is this:
There are a number of sites to consider – all on the same server.
The MAIN SITE and all the WordPress SUB-SITES will be WordPress 3.0.
All registered users will be members of the MAIN SITE.
Some users will be members of one or more of the WordPress SUB-SITES.
All registered users of the MAIN SITE will have access to a forum hosted on the PhpBB3 site. PhpBB3 uses MySQL.
All registered users of the MAIN SITE will have access to the eFront Learning site. eFront uses MySQL. http://www.efrontlearning.net/
Membership only on the MAIN SITE will give users access to the MAIN SITE, the eFront site and the PhpBB3 site only.
Membership in any of the SUB-SITES will give users access to that particular SUB-SITE and the MAIN SITE, the eFront Site and the PhpBB3 site.
I hope I’ve given you everything necessary to advise me, but if you have any questions please do not hesitate to ask and I will get back to you as soon as I can.
Hi Chuck,
Sorry for my belated response.
This plugin can only help you with logging users in. I’m not sure what the plugin schema is for subsites in WP3.0, but I think you can enable the plugin with a different set of settings. So, for instance, you could have it enabled for the main site with a different role and group requirement than for subsites.
As for providing access to all of the other things, the plugin can’t help there out of the box.
I’m available for hire if you need a developer to provide some of these changes, so feel free to e-mail me.
And, let me know if you have any questions.
Clif
Is it possible to authenticate and create WordPress accounts for users in several groups? For example, I have three groups: Students, Faculty, and Staff. I would like to give Faculty and Staff the ability to login, but not Students. I tried separating groups with commas, but it doesn’t seem to be working.
*starts looking through the code*
Not as configured, but I think you should be able to figure out how to make that happen. Especially in version 1.4…should be easy to loop through.
But, that being said, you still would need to come up with a way to make the permissions different which would be a whole different animal.
Ok, I will probably be adding this feature. I’ll post it here when I’m done.
I have downloaded the Simple LDAP login 1.3 plug-in and uploaded into wordpress plug-in directory, then activate this plug in.
I have specified the host name of the LDAP server (i.e. IP addrees of the server)
After doing this when I test the settings, it will show me the following error.
Fatal error: Call to undefined function ldap_connect() in C:xampphtdocswordpresswp-contentpluginssimple-ldap-loginadLDAP.php on line 157
Is any body can suggest? I have Domino directory and I want to authenticate user form the Domino directory using LDAP.
Are the settings specified above mandatory? because
I have tried it with and with out specifying setting, in both the cases I got the same error.
Please help.
Thank you
Ashish
You need to have php_ldap installed. It is not installed by default. See here: http://www.php.net/manual/en/ldap.installation.php
Hi Clif,
I’ve finally made it to set up all the options correctly. I’m using the Advanced Option ” Create WordPress account for anyone who successfully authenticates against LDAP. ” and when I try to log in an error comes up saying ” Catchable fatal error: Object of class WP_Error could not be converted to string in /var/www/sevencs-intranet-wordpress/wp-includes/formatting.php on line 2772 ”
When I set up the user name manually before I log in everything works as it should.
Any idea?
Thank you.
I’ am using WP3
I’ll investigate and get back with you. Thanks.
Hi again,
I investigated a bit by myself and found out that the error occurred because *sigh* I had the email address already registered. But, anyway, in this the return value of sll_authenticate() is of type object WP_Error and this raises the fatal error.
The function wp_insert_user() returns an array containing a useful error message and I think you should pass this message to the frontend.
So, I got it working for me now and I must say it’s an awesome plugin. Great work.
Hi Clif,
First, great plugin. Exactly what I need, and it’s going to be a lifesaver.
I wanted to say that I’m running into the same problem as Oliver, though I’m not sure why. I’m a newbie to LDAP, and I don’t even have the email schema installed — but it still appears to pop up. I’m going to investigate as well, but displaying the error messages as Oliver says below would be great. Thanks a ton for everything so far!
Tim,
I’m still working on a solution to this problem.
It’s due to a change in the way WordPress’s user creation functions work in WP3.0. I have successfully increased the level of error reporting, but without a firm solution to this problem I am reluctant to release a new version.
Thanks for your patience,
Clif
Thanks, Oliver, for pointing me in the right direction!
Since, when creating users in my LDAP server, I do not assign any emails to them, I was getting this exact same error after creating the first user, as all the following users were trying to be created with the same email (blank). The solution was to create a string-randomizing function in Simple-LDAP-Login.php, and use it to replace both instances of:
'user_email' => $userinfo[0][mail][0],with:
'user_email' => genRandomEmail(),The wordpress admin can then change the email address if they want to.
The randomizing string function:
function genRandomEmail() {
$length = 10;
$characters = ’0123456789abcdefghijklmnopqrstuvwxyz’;
$string = '';
for ($p = 0; $p < $length; $p++) {
$string .= $characters[mt_rand(0, strlen($characters))];
}
$string = $string."@ChangeMe.com";
return $string;
}
Got this function from:
http://www.lost-in-code.com/programming/php-code/php-random-string-with-numbers-and-letters/
All seems to work great now. Would still be helpful if the plugin could display the WP_Error, though.
Hi there! I’m running into an error right on activation:
“Plugin could not be activated because it triggered a fatal error.
Fatal error: Uncaught exception ‘adLDAPException’ with message ‘No LDAP support for PHP. See: http://www.php.net/ldap‘ in /home/MYDIR/public_html/wp-content/plugins/simple-ldap-login/adLDAP.php:338 Stack trace: #0 /home/MYDIR/public_html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php(60): adLDAP->__construct(Array) #1 /home/MYDIR/public_html/wp-admin/plugins.php(158): include(‘/home/MYDIR/pub…’) #2 /home/MYDIR/public_html/wp-admin/plugins.php(160): plugin_sandbox_scrape(‘simple-ldap-log…’) #3 {main} thrown in /home/MYDIR/public_html/wp-content/plugins/simple-ldap-login/adLDAP.php on line 338″
Any thoughts?
That means your PHP install does not support LDAP.
You have to install and activate the PHP ldap module what is only possible if you have root access to the server.
Warning: ldap_search() [function.ldap-search]: Search: No such object in C:inetpubwwwrootwordpresswp-contentpluginssimple-ldap-loginadLDAP.php on line 970
Warning: ldap_get_entries() expects parameter 2 to be resource, boolean given in C:inetpubwwwrootwordpresswp-contentpluginssimple-ldap-loginadLDAP.php on line 971
Catchable fatal error: Object of class WP_Error could not be converted to string in C:inetpubwwwrootwordpresswp-includesformatting.php on line 2772
This seems to indicate the presence of enabled LDAP module — but I still get above errors
LDAP Support enabled
RCS Version $Id: ldap.c 293036 2010-01-03 09:23:27Z sebastian $
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version 20319
Hello,
I installed and used your plugin with ease.
I only encountered a single problem which seems strange to me since the documentation says explicitly the opposite.
When I enable the plugin, I cannot log with the local ‘admin’ user anymore. I got the message saying the LDAP plugin is enabled.
Any reason for this ? Anybody experienced the same behavior ?
Thanks in advance !
Olivier,
That is my fault completely. I removed this function because I felt that most people weren’t naming their admin accounts admin and that it probably wasn’t helping anyone.
Do you need this feature?
Clif
Clif,
I see your point.
Still, I think it is a nice feature since not everybody can/want to have a admin user in LDAP for that.
What would be great would be to have an option to enable this behavior and, eventually, being able to select the user(s) it applies to in the settings. In my case I only need it for ‘admin’.
Olivier
Hey Clifton!
Nice work with the plugin, sounds awesome, but I can’t make it work.
It’s all installed and configured fine, but the users never logon. I enabled Kerberos logging on my Windows 2008 R2 server, and for every request I receive a KDC_ERR_ETYPE_NOTSUPP.
Microsoft documentation says that it means the client doesn’t have the appropriate Crypthography type and/or key. I already authenticate some sites within this same server, using apache’s mod_auth_kerb.
I don’t know what else should I check, any help would be much appreciated!
And keep up the really good work!
Hello there!
Everything beautiful, just a question. Every time I set up a new blog, I have to re-configure the plugin in that blog backend.
Is there any way to propagate the main blog settings, to all newly created ones?
Regards,
Francesco
Hello, I got the answer to my question (see above). It’s a plugin called YD-Network-Wide-Options.
Now I’m trying to let the users login with their email address (not only username). Any idea about how to do it!?!
I know i have LDAP configured correctly.
I feel confident I have PHP setup right for LDAP.
I turned on debug, and got this during my test auth against AD (along with my failure):
Notice: Undefined property: WP_Error::$ID in C:wampwwwwp-contentpluginssimple-ldap-loginSimple-LDAP-Login-Admin.php on line 119
Pretty new to WP. I have a multi-site setup with WP 3.0.1. I do not get the “settings” option on my plugin page. I do get an edit option but some pages (e.g. Simple-LDAP-Login-Admin.php) are “inactive”. Any idea what I’m doing wrong?
Is Open LDAP the same as Open Directory? I teach at a high school and have two Xserves that have learned to setup them up over the last couple of years. One is open directory master so the students can authenticate to the network. The other is the Web server for the class page and school newspaper. The sites are running on WP3.0. I want to give the students WP blogs and just base it off their lab logins through open directory. However, it isn’t working, so I wasn’t sure if openLDAP is different from Open Directory. I don’t want to hand create 200 accounts every year. 🙁
Hello. Great plugin! But fyi, the space you add to user_nicename breaks the author page links. So I flipped
‘user_nicename’ => $userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0]
to
‘user_nicename’ => $userinfo[0][givenname][0] . $userinfo[0][sn][0]
and then the links worked fine.
thanks again.
Thanks, Will!
I’ll make sure this is fixed in the next update. 🙂
How do i set up the TLS. My Site works fine but we are in the mist of eliminating onon-secure LDAP authentication. I have to use TLS. I checked the TLS option but our told me the following one to indicate the attempt to start TLS, one to indicate whether the attempt was successful, and one to indicate which cipher was negotiated.
Please advice.
How do I set up the TLS setting? My Site works fine currently however my company is in the mist of eliminating unsecure LDAP authentication. I have to use TLS. I checked the TLS option but it does not work as our Admin told me the following: It didn’t work. If it it was secure, you should see the following lines in the transaction, one to indicate the attempt to start TLS, one to indicate whether the attempt was successful, and one to indicate which cipher was negotiated. Is there any other setting that I need to do. Open LDAP has been configured on the server correctly with the security certificate.
Please Help and advice.
Kindest Regards
Bejal
Are you receiving any error messages?
TLS is a beta feature…I have no way of testing it myself.
No I am not getting an error and funny enough the authentication works however according to our LDAP administrators, the connection is not secured even though TLS is checked in the plug-in setup. He stated that is the TLS was successful he would be able to see if it started, if it was successful and if the cipher was negotiated. So my question to you is apart from checking the TLS checkmark do we have to configure something else on the server etc. We have Open ldap configured 100% with the security certificate.
Please advice.
The auto-creation of accounts does not seem to work… If I prebuild the user in WP it works great for authentication. Otherwise the user is just displayed the following error:
Notice: Use of undefined constant givenname – assumed ‘givenname’ in
/var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
line 353
Notice: Use of undefined constant sn – assumed ‘sn’ in
/var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
line 353
Notice: Use of undefined constant mail – assumed ‘mail’ in
/var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
line 354
Notice: Use of undefined constant givenname – assumed ‘givenname’ in
/var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
line 356
Notice: Use of undefined constant sn – assumed ‘sn’ in
/var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
line 357
Am I missing something?
Just installed this module & having troubles getting it to work. In drupal i just specify o=xxx for the base dn and the uid for the UserName attribute and it works. Can i do something similar with this module?
Hi,
I am trying to use the TLS feature of the simple LDAP plugin and getting the following error.
Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Connect error in /opt/fedex/webapps/data/dev/wp-content/plugins/simple-ldap-login/adLDAP.php on line 372
Please help.
Thanks
Hi Bob,
TLS is a beta feature so I’m not 100% sure how to fix this. Were you able to find any solution?
Hi Clifton,
We installed this plugin, but some users in our environment are members of lots of groups – when unpacked, one of our users is a member of 722 groups.
This causes issues with one of your functions running into the PHP memory allocation limit (set at 128mb, though we’ve now lifted it to 256mb).
Function definition: public function recursive_groups(group) at line 756 of includesadLDAP.php
I didn’t want to mess with the plugin’s code myself, but have you considered using the LDAP recursive filter? This should be faster than recursing inside PHP, and saves execution time on the webserver.
We use this elsewhere;
$filter = ‘(memberof:1.2.840.113556.1.4.1941:=’.$groupToFind.’)’;
$search = ldap_search($this->connection, $userDN, $filter, array(‘dn’), 1);
$items = ldap_get_entries($this->connection, $search);
Just a suggestion – thanks for the great plugin.
Oh wow, the current code certainly didn’t anticipate 700+ groups.
Feel free to submit a pull request to the project on github: http://wordpress.org/plugins/simple-ldap-login/
I’m a bit busy at the moment, so it may be awhile till I can address this personally. 🙂
Hi Clifton,
Good morning. I am new to use ldap. Could I ask you a question on ldap plugin please?
Basically what I need to do is to use ldap plugin to authenticate a user that is belong to a group called Group1 and pass the credential of Group1 to WordPress for authentication. Is this possible to do in ldap plugin?
E.g.
User1 ID login to system. He/she belongs to Group1 group. ldap then pass Group1/password (Not User1) to WordPress to login.
Your help is greatly appreciated.
That isn’t possible with my plugin. It would take a large amount of changes to get there…if it is even possible!
Great plugin, compliments!
I configured it, and users can login with their LDAP-account.
One question: do users need to login manually (type their username and password)? Because in my situation they do. I can’t find out if this plugin can/should login users automatically.
Unfortunately, SSO isn’t something I have the ability to support so users will have to enter their username/password.
Hi,
I love the Simple LDAP login plugin. It’s been immensely helpful.
I’m in a situation, though, where I need to authenticate users that may be in one of several DNs. Is there any way to do this, currently, or am I going to have to modify the plugin?
I have a Dual LDAP Login plugin that can bridge between 2 domains. Would this be sufficient?
It isn’t published in the plugin directory, so let me know if you need it. You can e-mail me if you like. clifgriffin[at]gmail.
For the good of the order I thought I share my success with using Simple LDAP Login with my Mac OS X Server 10.6 OpenDirectory setup. All that was needed in addition to the documented information on the plugin’s setup page was to prepend the Base DN with CN=users
Thanks for the plugin, Clifton!
I should add that users log in with their shortname, not their Full Name. The user is defined as “Clifton Griffin” with a shortname of “cliftongriffin” — so logging in at the WordPress login page will not work as “Clifton Griffin” but will work as “cliftongriffin”
The code would have to consult the LDAP database to find the shortname associated with that full name… at present it doesn’t do that.
Yes, that is by design 🙂
Glad you got it working!
Hi, Great plugin, works really well against our Novell edirectory.
Slight problem for us though is that we have users in several containers at the same level eg. ou=IT and ou=TREAS. Users who do not exist in the IT container have an alias object in the IT container.
If we set the base dn to point to the IT container, users with an alias in that container don’t get an error message when logging in but are left at the login screen as if login has failed (ie they do not get the invalid username or password error).
If we set the base dn to the parent container of the IT and TREAS containers, then nobody can login. Users from the IT container who have previously logged in, get an “incorrect password” error. Users who exist in the IT or TREAS subcontainers who have not previously logged in to WordPress get an “invalid username” message.
It seems like the ldap is not searching subcontainers???
Would you also be expecting it to work with aliases?
Thanks
Hi Kaz,
I’ve seen this issue a couple of times before but haven’t found a solid reason/solution.
Have you tried pointing to just the parent OU that contains both of these child OUs? (if one exists)
Hi Cliff, Yes if I point the base dn to the parent container, nobody can login. I think the ldap is not searching subcontainers. Thanks
I would like to figure this issue out eventually, but I don’t have much of a way to test (and very little time for personal development these days).
Let me know if you found a solution.
I would like to figure this issue out eventually, but I don’t have much of a way to test (and very little time for personal development these days).
Let me know if you found a solution.
I’m thinking that maybe you have the wrong version of PHP installed or something (PHP 5 is required). In any rate, you can rename the folder to “deactivate” the plugin. Once it is deactivated, you can rename it back to the original name.
Let me know if you find any specific errors in the logs and I’ll see if I can help you.
Politics is of course very annoying, politicians do annoy me because of their bad performance `*’
what matters most is the good deeds that we do on our fellow men, it does not matter what religion you have as long as you do good stuffs ;..
I was able to get the plug in working well with an active directory and am trying to change it over to a corporate Tivoli directory server. Since it isn’t working, I’d like to see the commands that are being sent. Is there a log? I haven’t found a way to turn one on for PHP LDAP, and don’t see anything in the apache logs.
I don’t know how to do that either. I developed the non-AD LDAP code pretty much blind as I don’t have a test server.
I would suggest using WireShark or something similar.
I don’t know how to do that either. I developed the non-AD LDAP code pretty much blind as I don’t have a test server.
I would suggest using WireShark or something similar.
I’m not extremely familiar with LDAP filters, sorry. If you look at the code, it’s pretty simple so I think if you know what you want to do you can figure it out. Good luck!
I was wondering if it is possible to use ldap filters. For example I have a filter something like (&(|(urpsaffiliation=FAC)(urpsaffiliation=STF))(|(urpsemployeestatus=A) (urpsemployeestatus=L) WHRE CAN I PLACE THIS?
I installed Simple LDAP Authentication and configured it properly. Now I cannot log into my site. When I go to the wp-login.php page all I get is a white screen.
I’m thinking that maybe you have the wrong version of PHP installed or something (PHP 5 is required). In any rate, you can rename the folder to “deactivate” the plugin. Once it is deactivated, you can rename it back to the original name.
Let me know if you find any specific errors in the logs and I’ll see if I can help you.
I’m not extremely familiar with LDAP filters, sorry. If you look at the code, it’s pretty simple so I think if you know what you want to do you can figure it out. Good luck!
This is great, it was just what I needed. Thanks!
I love the plug-in! Thanks!
I’m using P2 theme and when I click an author to view their posts it gives me a 404 page. The url has the persons full name in it so I even tried modifying it to first initial last name and that failed too. Should an author page get created when someone logs in the first time? How can I fix this? Thank you!
I’m not sure, Matthew. I can’t really think of anyway this would break because of something the plugin does…unless it sets one of the profile values in such a way that breaks it?
Have you been able to find anything?
I’m not sure, Matthew. I can’t really think of anyway this would break because of something the plugin does…unless it sets one of the profile values in such a way that breaks it?
Have you been able to find anything?
Great plug-in. I have it running on my website currently. One question though. I used to be able to change the author of a page or post, but now only I show up in the available authors list. Any ideas on how to get that functionality back?
THANKS!
I can’t think of anything that would affect this functionality. My hooks begin and end with the login process.
Sorry! 🙂
the sharing of your very good, very useful for me. thank you.
Great plug-in. I have it running on my website currently. One question though. I used to be able to change the author of a page or post, but now only I show up in the available authors list. Any ideas on how to get that functionality back?
THANKS!
I can’t think of anything that would affect this functionality. My hooks begin and end with the login process.
Sorry! 🙂
If I understand the process correctly, the plugin uses an unauthenticated bind to search for the user and then tries to authenticate using the user record it found with the password that was provided by the user.
Would it not be better to have an option to provide the DN structure? This way you could authenticate the user directly without having to do a search first. I would spare you the time for one bind+search and would make the plugin work with setups that do not allow unauthenticated searches.
Hi,
I love this plugin. But i have a little big problem. User can enter any password to login. When i did test setting, it also succeed even my password was different in ldap server.
How to fix this.
Craptacular.
I patched some things based on user contribution, but didn’t have a great way to test. I’ll roll back some of yesterday’s changes.
This came from a user contribution. I pushed the updates in kind of a rush…your logic makes perfect sense and I should have used more critical thinking.
I’m going to rollback that portion.
If I understand the process correctly, the plugin uses an unauthenticated bind to search for the user and then tries to authenticate using the user record it found with the password that was provided by the user.
Would it not be better to have an option to provide the DN structure? This way you could authenticate the user directly without having to do a search first. I would spare you the time for one bind+search and would make the plugin work with setups that do not allow unauthenticated searches.
Hi,
I love this plugin. But i have a little big problem. User can enter any password to login. When i did test setting, it also succeed even my password was different in ldap server.
How to fix this.
Craptacular.
I patched some things based on user contribution, but didn’t have a great way to test. I’ll roll back some of yesterday’s changes.
I’ve been running this plugin for some time and it’s amazing. We just figured out that single quotes and double quotes in PW’s are causing failed logins but it appears that the problem exists in adLDAP.php. Has anybody else run into this problem and come up with a fix?
Great plugin very easy to use and setup. do you know of anyway to add integrated/NTLM authentication to this plugin in addition to forms auth?
So what do you do if you lock yourself out? 😛
Rename the plugin folder. Refresh. This will deactivate the plugin.
Rename it back.
Rename the plugin folder. Refresh. This will deactivate the plugin.
Rename it back.
———————————-this is my root openLDAP——————————-
# root, People, politel.edu
dn: uid=root,ou=People,dc=politel,dc=edu
uid: root
cn: root
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJFliTTVrcmxhJE1GRXd2emVvN2FpU3V1MjdiNzFrdy8=
shadowLastChange: 15046
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root
————————–this is my drupal config———————-
account suffix : @politel.edu
LDAP login attribute : uid
base DN : dc=politel,dc=edu
Domanin Controller : ldap.politel.edu
when i try to connect with admin ldap. it’s return:
Test Results:
Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.
OMG, this error message make me crazy.
Is there a way to use this plugin with a Multisite? I’d like to configure it once for all users and not allow them the option of even seeing the settings.
I’m confused as to how ‘Create WordPress account for users in specified AD group:’ works.
I’ve entered ‘Intranet_User’ in the field (which has an analogous security group in AD populated with a few users for testing) but users cannot log in with their AD credentials unless I use the ‘auth against AD’ catch-all option.
Is it something obvious, like I need to put the link to the group as a DN? Other Ideas?
You should be able to use just the name of the group. It is supposed to check group membership with no more information. I would make sure it is spelled exactly the same, including case.
Other than that, I’m not sure. Is there anything different about the group?
It is like for like. I’ve even tried trimming its name (both the Group Name & Pre-Win2000 Name) down to just ‘Intranet’ in case the underscore was introducing an issue – no dice. It’s a global security group in a OU higher up the tree than the actual users, so inheritance shouldn’t be an issue.
It’s not a problem – the ‘Auth against AD’ option works and suits our purpose, as ‘Auth against Group’ would only of really been any use if you could control multiple roles against multiple groups (possible future development? :))
I had Simple LDAP 1.4.0.1 working fine on WP 3.1.1, I upgraded Simple LDAP to version 1.4.0.4 and it worked fine. I then upgrade WP to 3.1.2 and now Simple LDAP is broken. I get an error when testing Simple LDAP with settings that worked before the upgrade. The error is:
Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership
I haven’t changed my credentials and they are correct. I have verified that the combination of WP 3.1.2 and Simple LDAP 1.4.0.4 don’t seem to work for my configuration. I can downgrade my Simple LDAP from 1.4.04 to 1.4.01 and it works fine with WP 3.1.2.
Robert,
Thanks for reporting this.
Do you use AD or some other LDAP install?
I made a very small change in 1.4.0.4 that only effects account creation so
I would suspect the error crept in between 1.4.0.1 and 1.4.0.3. I’ll do a
diff and see if I can find likely suspects. In the meantime, I’d suggest
using the older version.
I apologize for the inconvenience!
Clif
Hi, I’m trying to create WordPress Account for users in Specified AD Group and allways give the following message:
Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.
Anybody knows how to do it? Is needed to insert an specific reference or only the name of the AD Group?
Thanks!
Just the name should work.
Do you get that message when actually trying to login? (The test settings
panel isn’t bullet proof)
That message is from the test settings panel… but it works fine if I select “Create WordPress account for anyone who successfully authenticates against LDAP” option…
So do you get the same error when you try logging in with group setting on?
The best way to do this is to try it in a separate browser. That way you
don’t accidentally lock yourself out. Let me know what you find.
That message is from the test settings panel… but it works fine if I select “Create WordPress account for anyone who successfully authenticates against LDAP” option…
So do you get the same error when you try logging in with group setting on?
The best way to do this is to try it in a separate browser. That way you
don’t accidentally lock yourself out. Let me know what you find.
Hi
Are there any known issues with the plugin and WP 3.2 as i would like to upgrade my site to WP 3.2 and use your ldap login plugin a lot
Thanks
I have not tested it. I will say WordPress is very good at maintaining
compatibility across versions so I would be pretty surprise of there were
issues.
I have seen no compatibility issues with other plugins as of yet.
I welcome feedback as I don’t have a great way to test.
I have just installed a new version of WP and upgraded it to latest version. Installed Simple LDAP login 1.4.0.01. I am using AD to authenicate and create WP users. I have set my base DN to be DC=bhs,DC=local and can log in with my account which is in this context. I have users who are in other contexts coming off this base DN, like ou=staff,DC=bhs,DC=local. These users are not able to log in either through the test panel or on the site itself. Will this plugin search subcontexts? If not, how do I specify multiple contexts? Separating with ; does not seem to work.
I am surprised that I do not need to specify a username and password for authentication with this as I do with other LDAP authentication systems.
Hi Clif,
Plugin is login fine but i have the following problem, when i set in the Advanced settings to search for a specific group (in this case SYSADMIN) i get this error:
Warning
: ldap_search() [
function.ldap-search
]: Search: Bad search filter in
/mnt/opt/apache-2.2.14/htdocs/wp.www.site.com/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line
226
Warning
: ldap_get_entries() expects parameter 2 to be resource, boolean given in
/mnt/opt/apache-2.2.14/htdocs/wp.www.site.com/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line
227
But the real problem is when i look into openldap logs and i get this:
May 12 17:10:22 ldap slapd[12539]: conn=2889 fd=74 ACCEPT from IP=10.193.102.66:47644 (IP=0.0.0.0:389)
May 12 17:10:22 ldap slapd[12539]: connection_get(74)
May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 BIND dn=”uid=user,ou=People,dc=site,dc=com” method=128
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “uid=lfontenla,ou=people,dc=site,dc=com”
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “uid=lfontenla,ou=people,dc=site,dc=com”
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “cn=sysadmin,ou=policies,dc=site,dc=com”
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “cn=sysadmin,ou=policies,dc=site,dc=com”
May 12 17:10:22 ldap slapd[12539]: ==> bdb_bind: dn: uid=lfontenla,ou=People,dc=site,dc=com
May 12 17:10:22 ldap slapd[12539]: => access_allowed: result not in cache (userPassword)
May 12 17:10:22 ldap slapd[12539]: => access_allowed: auth access to “uid=lfontenla,ou=People,dc=site,dc=com” “userPassword” requested
May 12 17:10:22 ldap slapd[12539]: => acl_get: [1] attr userPassword
May 12 17:10:22 ldap slapd[12539]: => acl_mask: access to entry “uid=lfontenla,ou=People,dc=site,dc=com”, attr “userPassword” requested
May 12 17:10:22 ldap slapd[12539]: => acl_mask: to value by “”, (=0)
May 12 17:10:22 ldap slapd[12539]: <= check a_dn_pat: self
May 12 17:10:22 ldap slapd[12539]: <= check a_dn_pat: anonymous
May 12 17:10:22 ldap slapd[12539]: <= acl_mask: [2] applying auth(=xd) (stop)
May 12 17:10:22 ldap slapd[12539]: slap_access_allowed: auth access granted by auth(=xd)
May 12 17:10:22 ldap slapd[12539]: => access_allowed: auth access granted by auth(=xd)
May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 BIND dn=”uid=lfontenla,ou=People,dc=site,dc=com” mech=SIMPLE ssf=0
May 12 17:10:22 ldap slapd[12539]: send_ldap_result: err=0 matched=”” text=””
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “uid=lfontenla,ou=people,dc=site,dc=com”
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “uid=lfontenla,ou=people,dc=site,dc=com”
May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 RESULT tag=97 err=0 text=
May 12 17:10:22 ldap slapd[12539]: connection_get(74)
May 12 17:10:22 ldap slapd[12539]: conn=2889 op=1 UNBIND
May 12 17:10:22 ldap slapd[12539]: conn=2889 fd=74 closed
Looking closer the plugin is searching in “cn=sysadmin,ou=policies,dc=site,dc=com”.
Do you know how to force the plugin search to a specific search ???
Thanks in advance,
I’m confused as to how ‘Create WordPress account for users in specified AD group:’ works.
I’ve entered ‘Intranet_User’ in the field (which has an analogous security group in AD populated with a few users for testing) but users cannot log in with their AD credentials unless I use the ‘auth against AD’ catch-all option.
Is it something obvious, like I need to put the link to the group as a DN? Other Ideas?
You should be able to use just the name of the group. It is supposed to check group membership with no more information. I would make sure it is spelled exactly the same, including case.
Other than that, I’m not sure. Is there anything different about the group?
It is like for like. I’ve even tried trimming its name (both the Group Name & Pre-Win2000 Name) down to just ‘Intranet’ in case the underscore was introducing an issue – no dice. It’s a global security group in a OU higher up the tree than the actual users, so inheritance shouldn’t be an issue.
It’s not a problem – the ‘Auth against AD’ option works and suits our purpose, as ‘Auth against Group’ would only of really been any use if you could control multiple roles against multiple groups (possible future development? :))
Fatal error: Uncaught exception ‘adLDAPException’ with message ‘No LDAP support for PHP. See: http://www.php.net/ldap‘ in C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginadLDAP.php:338 Stack trace: #0 C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginSimple-LDAP-Login.php(60): adLDAP->__construct(Array) #1 C:xampphtdocscosmicblogwp-adminplugins.php(108): include(‘C:xampphtdocs…’) #2 {main} thrown in C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginadLDAP.php on line 338
Your PHP installation does not have LDAP enabled/installed. You will need to enable this before proceeding.
Fatal error: Uncaught exception ‘adLDAPException’ with message ‘No LDAP support for PHP. See: http://www.php.net/ldap‘ in C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginadLDAP.php:338 Stack trace: #0 C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginSimple-LDAP-Login.php(60): adLDAP->__construct(Array) #1 C:xampphtdocscosmicblogwp-adminplugins.php(108): include(‘C:xampphtdocs…’) #2 {main} thrown in C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginadLDAP.php on line 338
Your PHP installation does not have LDAP enabled/installed. You will need to enable this before proceeding.
I had Simple LDAP 1.4.0.1 working fine on WP 3.1.1, I upgraded Simple LDAP to version 1.4.0.4 and it worked fine. I then upgrade WP to 3.1.2 and now Simple LDAP is broken. I get an error when testing Simple LDAP with settings that worked before the upgrade. The error is:
Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership
I haven’t changed my credentials and they are correct. I have verified that the combination of WP 3.1.2 and Simple LDAP 1.4.0.4 don’t seem to work for my configuration. I can downgrade my Simple LDAP from 1.4.04 to 1.4.01 and it works fine with WP 3.1.2.
Robert,
Thanks for reporting this.
Do you use AD or some other LDAP install?
I made a very small change in 1.4.0.4 that only effects account creation so
I would suspect the error crept in between 1.4.0.1 and 1.4.0.3. I’ll do a
diff and see if I can find likely suspects. In the meantime, I’d suggest
using the older version.
I apologize for the inconvenience!
Clif
Hi Clif,
Plugin is login fine but i have the following problem, when i set in the Advanced settings to search for a specific group (in this case SYSADMIN) i get this error:
Warning
: ldap_search() [
function.ldap-search
]: Search: Bad search filter in
/mnt/opt/apache-2.2.14/htdocs/wp.www.site.com/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line
226
Warning
: ldap_get_entries() expects parameter 2 to be resource, boolean given in
/mnt/opt/apache-2.2.14/htdocs/wp.www.site.com/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line
227
But the real problem is when i look into openldap logs and i get this:
May 12 17:10:22 ldap slapd[12539]: conn=2889 fd=74 ACCEPT from IP=10.193.102.66:47644 (IP=0.0.0.0:389)
May 12 17:10:22 ldap slapd[12539]: connection_get(74)
May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 BIND dn=”uid=user,ou=People,dc=site,dc=com” method=128
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “uid=lfontenla,ou=people,dc=site,dc=com”
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “uid=lfontenla,ou=people,dc=site,dc=com”
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “cn=sysadmin,ou=policies,dc=site,dc=com”
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “cn=sysadmin,ou=policies,dc=site,dc=com”
May 12 17:10:22 ldap slapd[12539]: ==> bdb_bind: dn: uid=lfontenla,ou=People,dc=site,dc=com
May 12 17:10:22 ldap slapd[12539]: => access_allowed: result not in cache (userPassword)
May 12 17:10:22 ldap slapd[12539]: => access_allowed: auth access to “uid=lfontenla,ou=People,dc=site,dc=com” “userPassword” requested
May 12 17:10:22 ldap slapd[12539]: => acl_get: [1] attr userPassword
May 12 17:10:22 ldap slapd[12539]: => acl_mask: access to entry “uid=lfontenla,ou=People,dc=site,dc=com”, attr “userPassword” requested
May 12 17:10:22 ldap slapd[12539]: => acl_mask: to value by “”, (=0)
May 12 17:10:22 ldap slapd[12539]: <= check a_dn_pat: self
May 12 17:10:22 ldap slapd[12539]: <= check a_dn_pat: anonymous
May 12 17:10:22 ldap slapd[12539]: <= acl_mask: [2] applying auth(=xd) (stop)
May 12 17:10:22 ldap slapd[12539]: slap_access_allowed: auth access granted by auth(=xd)
May 12 17:10:22 ldap slapd[12539]: => access_allowed: auth access granted by auth(=xd)
May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 BIND dn=”uid=lfontenla,ou=People,dc=site,dc=com” mech=SIMPLE ssf=0
May 12 17:10:22 ldap slapd[12539]: send_ldap_result: err=0 matched=”” text=””
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “uid=lfontenla,ou=people,dc=site,dc=com”
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”
May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “uid=lfontenla,ou=people,dc=site,dc=com”
May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 RESULT tag=97 err=0 text=
May 12 17:10:22 ldap slapd[12539]: connection_get(74)
May 12 17:10:22 ldap slapd[12539]: conn=2889 op=1 UNBIND
May 12 17:10:22 ldap slapd[12539]: conn=2889 fd=74 closed
Looking closer the plugin is searching in “cn=sysadmin,ou=policies,dc=site,dc=com”.
Do you know how to force the plugin search to a specific search ???
Thanks in advance,
Hi, I’m trying to create WordPress Account for users in Specified AD Group and allways give the following message:
Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.
Anybody knows how to do it? Is needed to insert an specific reference or only the name of the AD Group?
Thanks!
Hi
Are there any known issues with the plugin and WP 3.2 as i would like to upgrade my site to WP 3.2 and use your ldap login plugin a lot
Thanks
I have not tested it. I will say WordPress is very good at maintaining
compatibility across versions so I would be pretty surprise of there were
issues.
I have seen no compatibility issues with other plugins as of yet.
I welcome feedback as I don’t have a great way to test.
I have just installed a new version of WP and upgraded it to latest version. Installed Simple LDAP login 1.4.0.01. I am using AD to authenicate and create WP users. I have set my base DN to be DC=bhs,DC=local and can log in with my account which is in this context. I have users who are in other contexts coming off this base DN, like ou=staff,DC=bhs,DC=local. These users are not able to log in either through the test panel or on the site itself. Will this plugin search subcontexts? If not, how do I specify multiple contexts? Separating with ; does not seem to work.
I am surprised that I do not need to specify a username and password for authentication with this as I do with other LDAP authentication systems.
Really like your plugin.
I’m developing a plugin that with use wordpress with single sign on behind microsoft isa server. This will use your plugin for authentication, and an this new plugin to get every user logged in.
More on this soon….
Dear Clif: I communicate from Tierra del Fuego, Ushuaia, Argentina, use your plugin for the intranet of the Government of the province is working great and we are grateful. my question would be:
how to make once logged rather than redirect you to the back end will be redirected to the front end.
thank you very much for your time.
Dear Clif: I communicate from Tierra del Fuego, Ushuaia, Argentina, use your plugin for the intranet of the Government of the province is working great and we are grateful. my question would be:
how to make once logged rather than redirect you to the back end will be redirected to the front end.
thank you very much for your time.
Really like your plugin.
I’m developing a plugin that with use wordpress with single sign on behind microsoft isa server. This will use your plugin for authentication, and an this new plugin to get every user logged in.
More on this soon….
Dear Clif: I communicate from Tierra del Fuego, Ushuaia, Argentina, use your plugin for the intranet of the Government of the province is working great and we are grateful. my question would be:
how to make once logged rather than redirect you to the back end will be redirected to the front end.
thank you very much for your time.
Is it possible to have the LDAP department field come into a custom field I created in the wordpress user table?
I have added the user_market into the wp_insert_user statement, but it doesn’t seem to be filling out the field in the table, you got any thoughts?
function sll_create_wp_user($username)
{
global $ldap, $adldap;
$result = 0;
switch(get_option(‘simpleldap_directory_type’))
{
case “directory_ad”:
$userinfo = $adldap->user_info($username, array(“samaccountname”,”givenname”,”sn”,”mail”,”department”));
//Create WP account
$userData = array(
‘user_pass’ => microtime(),
‘user_login’ => $userinfo[0][samaccountname][0],
‘user_nicename’ => sanitize_title($userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0]),
‘user_email’ => $userinfo[0][mail][0],
‘user_market’ => $userinfo[0][department][0],
‘display_name’ => $userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0],
‘first_name’ => $userinfo[0][givenname][0],
‘last_name’ => $userinfo[0][sn][0],
‘role’ => strtolower(get_option(‘simpleldap_account_type’))
);
$result = wp_insert_user($userData);
break;
case “directory_ol”:
if($ldap == null) {return false;}
$result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ‘sn’, ‘givenname’, ‘mail’, ‘department’));
$ldapuser = ldap_get_entries($ldap, $result);
if ($ldapuser[‘count’] == 1) {
//Create user using wp standard include
$userData = array(
‘user_pass’ => microtime(),
‘user_login’ => $ldapuser[0][LOGIN][0],
‘user_nicename’ => sanitize_title($ldapuser[0][‘givenname’][0].’ ‘.$ldapuser[0][‘sn’][0]),
‘user_email’ => $ldapuser[0][‘mail’][0],
‘user_market’ => $ldapuser[0][‘department’][0],
‘display_name’ => $ldapuser[0][‘givenname’][0].’ ‘.$ldapuser[0][‘sn’][0],
‘first_name’ => $ldapuser[0][‘givenname’][0],
‘last_name’ => $ldapuser[0][‘sn’][0],
‘role’ => strtolower(get_option(‘simpleldap_account_type’))
);
//Get ID of new user
$result = wp_insert_user($userData);
}
break;
}
return $result;
}
Do you mean you added a column to the wp_users table?
Yep
I have never heard of such a technique…and I’m nearly positive it isn’t designed to work that way.
I know there are ways to add information to a user’s profile but I’m not personally familiar with them. From your modification, it looks like you have the right idea though and it shouldn’t be too hard to do once you find the correct method.
and im just trying to bounce ideas off you, but how would you have gone about it? if you needed to capture the department of a new user…would you try and store it in the wp_usermeta table instead?
Hi,
I found a little bit of a bug with OpenLDAP. In file Simple-LDAP-Login.php if the LDAP search returns more than 1 item in the sll_create_wp_user method ADD USER fails.
To fix this change:
if ($ldapuser[‘count’] == 1) {
TO
if ($ldapuser[‘count’] > 0) {
I have never heard of such a technique…and I’m nearly positive it isn’t designed to work that way.
I know there are ways to add information to a user’s profile but I’m not personally familiar with them. From your modification, it looks like you have the right idea though and it shouldn’t be too hard to do once you find the correct method.
and im just trying to bounce ideas off you, but how would you have gone about it? if you needed to capture the department of a new user…would you try and store it in the wp_usermeta table instead?
Is it possible to have the LDAP department field come into a custom field I created in the wordpress user table?
I have added the user_market into the wp_insert_user statement, but it doesn’t seem to be filling out the field in the table, you got any thoughts?
function sll_create_wp_user($username)
{
global $ldap, $adldap;
$result = 0;
switch(get_option(‘simpleldap_directory_type’))
{
case “directory_ad”:
$userinfo = $adldap->user_info($username, array(“samaccountname”,”givenname”,”sn”,”mail”,”department”));
//Create WP account
$userData = array(
‘user_pass’ => microtime(),
‘user_login’ => $userinfo[0][samaccountname][0],
‘user_nicename’ => sanitize_title($userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0]),
‘user_email’ => $userinfo[0][mail][0],
‘user_market’ => $userinfo[0][department][0],
‘display_name’ => $userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0],
‘first_name’ => $userinfo[0][givenname][0],
‘last_name’ => $userinfo[0][sn][0],
‘role’ => strtolower(get_option(‘simpleldap_account_type’))
);
$result = wp_insert_user($userData);
break;
case “directory_ol”:
if($ldap == null) {return false;}
$result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ‘sn’, ‘givenname’, ‘mail’, ‘department’));
$ldapuser = ldap_get_entries($ldap, $result);
if ($ldapuser[‘count’] == 1) {
//Create user using wp standard include
$userData = array(
‘user_pass’ => microtime(),
‘user_login’ => $ldapuser[0][LOGIN][0],
‘user_nicename’ => sanitize_title($ldapuser[0][‘givenname’][0].’ ‘.$ldapuser[0][‘sn’][0]),
‘user_email’ => $ldapuser[0][‘mail’][0],
‘user_market’ => $ldapuser[0][‘department’][0],
‘display_name’ => $ldapuser[0][‘givenname’][0].’ ‘.$ldapuser[0][‘sn’][0],
‘first_name’ => $ldapuser[0][‘givenname’][0],
‘last_name’ => $ldapuser[0][‘sn’][0],
‘role’ => strtolower(get_option(‘simpleldap_account_type’))
);
//Get ID of new user
$result = wp_insert_user($userData);
}
break;
}
return $result;
}
Do you mean you added a column to the wp_users table?
Hi,
I found a little bit of a bug with OpenLDAP. In file Simple-LDAP-Login.php if the LDAP search returns more than 1 item in the sll_create_wp_user method ADD USER fails.
To fix this change:
if ($ldapuser[‘count’] == 1) {
TO
if ($ldapuser[‘count’] > 0) {
I use your plugin. Is great but i have the following urgent questions:
* I want to connect ala SSO against MS AD with my PC (Windows 7 Login) without the need to login in word press too. this is a overhead which my userns in the intranet not want. Option 1:
Authenticate WordPress users against LDAP. I will create the accounts in
wordpress myself. (default)
does not provide this functionality SSO. how is this possibly?
* how can i make user ldap login happend automatically without
the need to login in wordpress twice. windows login account name should be used and connect automaticall.
* Can i connect automatically to LDAP without the neccisarity to create a wordpress account too. is connecting againt LDAP and only using the account data from MS AD not enough . or is it neccessary to create a wordpress account too?
* do you know an other plugin solution which solves my SSO problems?
thx for your answer
Chris
from Austria, Linz
I have this problem too. Do you have the answers for this question?
Thanks!
Monica
from Brasil
Hi, I’m having trouble getting the plugin to activate. I get the error: “Fatal error: Cannot redeclare class adLDAPException in
C:inetpubwwwrootmysitewp-contentpluginssimple-ldap-loginadLDAP.php
on line 2411”
If I comment out that line, then I get the same error, but on a different line. If I comment out that line, then the error changes completely, it seems I’m just digging deeper. Would appreciate any suggestions. Thanks.
Hi, I’m having trouble getting the plugin to activate. I get the error: “Fatal error: Cannot redeclare class adLDAPException in
C:inetpubwwwrootmysitewp-contentpluginssimple-ldap-loginadLDAP.php
on line 2411”
If I comment out that line, then I get the same error, but on a different line. If I comment out that line, then the error changes completely, it seems I’m just digging deeper. Would appreciate any suggestions. Thanks.
Hey Clif,
Your plugins works really well with WP3.2.1 with just one exception.
Once the plugin is activated it gets the users from AD just fine. But, then, none of the original wp users are able to log in.
Keep getting this error:
Simple LDAP Login Error: adLDAP may have errored. Message: Invalid credentials
No shake either, like that for invalid credentials.
Help is deeply appreciated.
Ich bin am 28.11.2011 wieder im Office erreichbar.
Mfg EDV AK OÖ, Mag. Christian Hois
If you turn security mode to low, wp users can login. Otherwise LDAP is enforced.
Ich bin am 28.11.2011 wieder im Office erreichbar.
Mfg EDV AK OÖ, Mag. Christian Hois
Wow ! That was quick.
I just tried it and it worked. I don’t know why id did not work earlier.
Thanks a ton.
Ich bin am 28.11.2011 wieder im Office erreichbar.
Mfg EDV AK OÖ, Mag. Christian Hois
i installed the plugin and when i wanted to login i got the error:
Test Results:
Failure. Your settings do not seem to work yet or the
credentials are either wrong or have insufficient group membership.
i marked: LOW Mode as mentioned in other comments but it doesnt work.
BUT: i have an simple LDAP_TEST.php script which works fine . there LDAP PHO Module works fine.
why not your plugin.
please help
Christian
Hi Christian,
Open another browser and try logging in. Set it to high security mode first. You should get a better error message.
Clif
I use IE9.
Set it to high security mode first. where to do it?
which other browser? where to confugure high security mode ?
thx
In the plugin settings, set it to use High Security mode.
Then, open a different browser. If you usually use IE9, open Chrome or Firefox. Then try logging in. See if it gives you a different error.
The test form in the settings doesn’t always give great errors.
I use IE9.
Set it to high security mode first. where to do it?
which other browser? where to confugure high security mode ?
thx
In the plugin settings, set it to use High Security mode.
Then, open a different browser. If you usually use IE9, open Chrome or Firefox. Then try logging in. See if it gives you a different error.
The test form in the settings doesn’t always give great errors.
Wow ! That was quick.
I just tried it and it worked. I don’t know why id did not work earlier.
Thanks a ton.
Ich bin am 28.11.2011 wieder im Office erreichbar.
Mfg EDV AK OÖ, Mag. Christian Hois
Hey Clif,
Your plugins works really well with WP3.2.1 with just one exception.
Once the plugin is activated it gets the users from AD just fine. But, then, none of the original wp users are able to log in.
Keep getting this error:
Simple LDAP Login Error: adLDAP may have errored. Message: Invalid credentials
No shake either, like that for invalid credentials.
Help is deeply appreciated.
Ich bin am 28.11.2011 wieder im Office erreichbar.
Mfg EDV AK OÖ, Mag. Christian Hois
i installed the plugin and when i wanted to login i got the error:
Test Results:
Failure. Your settings do not seem to work yet or the
credentials are either wrong or have insufficient group membership.
i marked: LOW Mode as mentioned in other comments but it doesnt work.
BUT: i have an simple LDAP_TEST.php script which works fine . there LDAP PHO Module works fine.
why not your plugin.
please help
Christian
i tested it in crome and set plugin mode = HIGH.
same error :
Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.
Hi
Thx for your Tipp . now it works fine.
One Question: I want that all automatically created User accounts do not have the option “show admin menu” under the personal settings enabled. how can i control this? can you give me a tipp how WordPress control this and where you rely on this settings and how can i overrule the default role settings of an user profile settings?
thx su much for your tips and comments.
Nice greatings from Austria
Chris
Hi guys,
Does anyone know if this plugin work with AD LDS?
I encountered failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership when I tried to test out.
Please help.
Latest update causing weird issues where admin logins using IE and Safari show blank white screens or Error 500. Chrome seems to work fine.
This is actually happening for the original ADMIN account only. All my LDAP users are logging just fine.
Hi Kevin,
The admin account only has problems in Chrome?
Also, did you upgrade from 1.4.0.4?
Sorry you’re having problems!
Clif
I thought it was just the admin account but I have staff now reporting issues on my sub blogs. They are using IE. When the issues started, last night after I updated to the latest version, IE and safari would not login using the local admin account. Chrome would work. I disabled the plugin and everything started working.
I reloaded the plugin from scratch and that did not solve the issue. I thought I was fine though because Chrome worked. Now even Chrome doesn’t work. Not sure what I’m going to do now.
Hi Kevin,
I highly suggest you roll back to 1.4.0.4 until I figure this out. Sorry for screwing up your site. :-/
Clif
Couldn’t find that version but installed 1.4.0.1 and things are back to normal now. Thanks.
You can use this link: http://downloads.wordpress.org/plugin/simple-ldap-login.1.4.0.4.zip
Thanks for all your work on this. It’s a great plugin. 🙂
Hi Kevin, I just uploaded 1.4.0.5.1 that I think fixes the problem. My mistake was updating adLDAP and assuming it was backwards compatible as previous versions have been. My apologies. Let me know if this version has issues.
So far so good! 🙂
We were having problems with users who had a password that included a single quote. It seems there is a need for:
$password = stripslashes($password); in the authenticate function.
I came here to make the same comment… single quote, double quote, and backslash all cause trouble.
I was able to get your plugin without much effort, thanks! I had one quick question: If I change the password for an AD user that already exists in wordpress, is there a way to automatically update the wordpress password on a new login? thanks!
Hi Phil,
Simple LDAP will use whatever the LDAP password is. The WordPress password isn’t modified.
Clif
Ich bin am 4.1.2012 wieder im Office erreichbar.
Mfg EDV AK OÖ, Mag. Christian Hois
Is there a way to ask two different ldap-servers in chain, if the first is out of order?
I have the same question. Any thoughts?
Hi Joe,
It isn’t possible at the moment. I believe it selects the Domain Controller randomly.
I think it could probably be accomplished without a ton of effort, but it would definitely take a lot of testing. Unfortunately, I’m not setup to implement such a change at the moment.
Clif
I am getting an error.
Simple LDAP Login Error: LDAP credentials
are correct and user creation is allowed but an error occurred creating the user
in WordPress. Actual WordPress error: Cannot create a user with an empty login
name.Everything works ok if I manually add the network id to the users id. What is causing it not to pass the username? I suspect it’s a setting on the AD server
this plugin allows subscribers to view the LDAP settings !!!!!
ridiculous low level of security.
Elvina,
This is the first I’ve heard of this. The call to add the options page requires a level 10 user. This is a deprecated way of adding an options page, but it still works.
You sure this this happening? How are you accessing the page from the subscriber role?
Clif
Hi Cliff,
I had it set up so that everyone needed to login to view our site, LDAP users were made subscribers. When they logged in, the wordpress dashboard shows them their profile and your plugin settings page. (using wordpress 3.2)
i changed this line
function simpleldap_admin_actions()
{
add_options_page(“Simple LDAP Login”, “Simple LDAP Login”, 10, “simple-ldap-login”, “simpleldap_menu”);
}
to:
function simpleldap_admin_actions()
{
add_options_page(“Simple LDAP Login”, “Simple LDAP Login”, ‘install_plugins’, “simple-ldap-login”, “simpleldap_menu”);
}
and now it doesn’t show.
cheers
Hi all,
I used the plugin today for my wordpress blog against OpenLDAP. I want to contribute as I solved some problems for my installation.first: in openLDAP setups, usually, BASE_DN looks like: ou=users,dc=example,dc=com, so if someone miss ou part, it will not work.second: once you add ou=users, then the group authentication will fail. then you have to tweak the code in the main php file as: //$result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(‘cn’));
$result = ldap_search($ldap, “ou=groups,dc=example,dc=com”, “memberuid=$username”, array(‘cn’));please note another change as “memberuid=$username”.I am not an expert, but these changes may hopefully help someone to make the setup work. And Clif may find these suggestions helpful to update the plugin.
Thanks to Clif for this handy plugin.
Saludos, este pluing funciona como SSO, es decir que al registrarme en mi pagina me registre también en otro servidor? hay alguna documentación al respecto? gracias.
Is there any way to automatically create all LDAP users in wordpress without them having to log in first? Maybe a script that would add users who aren’t already added and remove users who are no longer in LDAP?
There is no way to do that and I can’t think of an easy way to add it.
—
Clifton H. Griffin
me@clifgriffin.com | 434.229.2474 | @clifgriffin
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes Sent with Sparrow (http://www.sparrowmailapp.com/?sig)
Is there any way to automatically create all LDAP users in wordpress without them having to log in first? Maybe a script that would add users who aren’t already added and remove users who are no longer in LDAP?
Help! I updated to 1.4.0.5.1 and the AD stuff works fine but I can’t log in as a local admin. I need to log in as a local wordpress admin so I can access more options within wordpress for administration. All the AD authenticated users can only write posts and read their drafts.
Luckily I ran this on my wptest directory and database. Its not affecting production, but I need a plan for when I do decide to upgrade production.
The username should be admin and I put in the proper password and get:
Simple LDAP Login Error: adLDAP may have errored. Message: Invalid credentials
I e-mailed you.
For others: The simplest way to disable a plugin when you can’t get into WordPress Admin is to rename the plugin directory in wp-content/plugins/.
Simple LDAP Login allows the user account with user ID 0 to login without going through LDAP. That account should always be the original admin account setup (though admin may not be the username obviously).
I e-mailed you.
For others: The simplest way to disable a plugin when you can’t get into WordPress Admin is to rename the plugin directory in wp-content/plugins/.
Simple LDAP Login allows the user account with user ID 0 to login without going through LDAP. That account should always be the original admin account setup (though admin may not be the username obviously).
Great plugin, 1.4.0.5.1 even works with the latest 3.4.1 WordPress. That said, login is still manual, even if authenticated against AD. About a year ago Maartin Balliauw used your code to come up with a limited way to do single sign-on based on your code (only works if using IE), and posted his code on his blog at http://blog.maartenballiauw.be/post/2011/05/04/Wordpress-auto-sign-on-with-IIS7-and-a-plugin.aspx.
Don’t know the social protocols to this, but would it be possible to integrate his code into yours? His code works great, but when it creates a new user it simply fills in all the user fields with $username, as opposed to your code which goes to more trouble to fill in first and last name and such. It would be great to see the functionality of both in the same plugin, especially since one is based on the other.
Great plugin, 1.4.0.5.1 even works with the latest 3.4.1 WordPress. That said, login is still manual, even if authenticated against AD. About a year ago Maartin Balliauw used your code to come up with a limited way to do single sign-on based on your code (only works if using IE), and posted his code on his blog at http://blog.maartenballiauw.be/post/2011/05/04/Wordpress-auto-sign-on-with-IIS7-and-a-plugin.aspx.
Don’t know the social protocols to this, but would it be possible to integrate his code into yours? His code works great, but when it creates a new user it simply fills in all the user fields with $username, as opposed to your code which goes to more trouble to fill in first and last name and such. It would be great to see the functionality of both in the same plugin, especially since one is based on the other.
I could use some help. I am using wp 3.4.1 and ldap login 1.4.0.1. Using OpenLDAP.
I have the correct settings, as far as I can tell but it does not auth.
Firstly, what is the account suffix option? is that just an AD thing?
I need the login attribute to be uid, but as far as I can tell with my bad php it does not search for uid?
$result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(‘cn’)); $ldapgroups = ldap_get_entries($ldap, $result);
What is the ldapgroups? I do not want it to check any groups. Just search the base dn for the uid, if it is successful, it logs in.
Thanks
Hello I tried to add your plugin to my WordPress site by it does not work? I am hosting my site on bluehost.com, but not on a dedicated server or IP address. Does your plugin need to be able to use the hosting companies port 389. Is there a command I can use to test if it is my hosting company. LDAP is working for all our other services.
Here is the error:
Fatal error: Uncaught exception ‘adLDAPException’ with message
‘No LDAP support for PHP. See: http://www.php.net/ldap‘ in
/homepages/42/d404026612/htdocs/staging/wp-content/plugins/simple-ldap-login/adLDAP.php:338
Stack
trace:
#0
/homepages/42/d404026612/htdocs/staging/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php(60):
adLDAP->__construct(Array)
#1 /homepages/42/d404026612/htdocs/staging/wp-admin/plugins.php(142):
include(‘/homepages/42/d…’)
#2 /homepages/42/d404026612/htdocs/staging/wp-admin/plugins.php(144):
plugin_sandbox_scrape(‘simple-ldap-log…’)
#3
/homepages/42/d404026612/htdocs/staging/wp-admin/network/plugins.php(16):
require(‘/homepages/42/d…’)
#4 {main}
thrown in /homepages/42/d404026612/htdocs/staging/wp-content/plugins/simple-ldap-login/adLDAP.php on line 338
As your error message says, LDAP support is not enabled in your particular version of PHP, and it must be in order for this to work. If this is a windows server you can have your hosting company enable it by adding “extension=php_ldap.dll” to the bottom of the php.ini file. If it is a linux distro, PHP must be compiled with LDAP enabled.
The hosting environment is a LAMP. How do I compile PHP with LDAP enabled? Is this something I would do or the hosting company would have to?
Here is the error:
Fatal error: Uncaught exception ‘adLDAPException’ with message
‘No LDAP support for PHP. See: http://www.php.net/ldap‘ in
/homepages/42/d404026612/htdocs/staging/wp-content/plugins/simple-ldap-login/adLDAP.php:338
Stack
trace:
#0
/homepages/42/d404026612/htdocs/staging/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php(60):
adLDAP->__construct(Array)
#1 /homepages/42/d404026612/htdocs/staging/wp-admin/plugins.php(142):
include(‘/homepages/42/d…’)
#2 /homepages/42/d404026612/htdocs/staging/wp-admin/plugins.php(144):
plugin_sandbox_scrape(‘simple-ldap-log…’)
#3
/homepages/42/d404026612/htdocs/staging/wp-admin/network/plugins.php(16):
require(‘/homepages/42/d…’)
#4 {main}
thrown in /homepages/42/d404026612/htdocs/staging/wp-content/plugins/simple-ldap-login/adLDAP.php on line 338
When you are on the “Users” page of a single site or in the multisite network admin (where you can browse through all of your users) and you click the “Add New” button at the top of this page, it redirects you to user-new.php which is the standard wordpress ‘add new user’ page.
I feel that button should send you to the Simple LDAP plugin page instead so that site admins don’t accidentally add local WP users to their site. Any way to change where that “Add New” button directs you?
The rest of the “Add User” buttons on the menu bar send you to the correct Simple LDAP add user page so I think this may be a bug/oversight.
Thanks for the great plugin!
I am looking to buy a plugin that would allow me to authenticate and auto-login users into word press by passing the login credentials. Does your plugin do that?
I have one ladp server configured ans i have added 10 users. I am using sample ldap login plugin for logging in to wordpress. What i am trying to do is, i need only 5 out of 10 users to login to the wordpress. Other 5 won’t be having access to wordpress. How can i achieve this?
thanks in advance….
You can limit by group membership. I’d put them in a separate group.
—
Clifton H. Griffin
me@clifgriffin.com | 434.229.2474 | @clifgriffin
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes Sent with Sparrow (http://www.sparrowmailapp.com/?sig)
You can limit by group membership. I’d put them in a separate group.
—
Clifton H. Griffin
me@clifgriffin.com | 434.229.2474 | @clifgriffin
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes Sent with Sparrow (http://www.sparrowmailapp.com/?sig)
Hi,
Does this work with wordpress version 3.4?
It should!
—
Clifton H. Griffin
me@clifgriffin.com | 434.229.2474 | @clifgriffin
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes Sent with Sparrow (http://www.sparrowmailapp.com/?sig)
From where should I add ldap group and ldap group members through simple ldap login page?
I want to now get this to work with secure ldap. We moved domain controllers to 2008 R2 and now through group policy want to enforce secure ldap binds first (refuse cleartext). Clear text ldap binds are a security concern because they are susceptible to replay attacks. We want to go ldaps (secured). Domain trust certificate is installed via domain autoenrollment and I think I need to install a certificate on the wordpress box as part of this. I tried simply using the Use TLS checkbox in this plugin but it just hangs. I was reading here how to get Apache to work with ldap and further down is Configuring secure LDAP : LDAPS http://www.frank4dd.com/howto/apache/apache-ldap-active-directory.htm I did verify secure LDAP is working on our servers through a Microsoft resource utility ldp.exe. Secure LDAP uses port 636 or 3269.
Thanks for any input you may have!
I want to now get this to work with secure ldap. We moved domain controllers to 2008 R2 and now through group policy want to enforce secure ldap binds first (refuse cleartext). Clear text ldap binds are a security concern because they are susceptible to replay attacks. We want to go ldaps (secured). Domain trust certificate is installed via domain autoenrollment and I think I need to install a certificate on the wordpress box as part of this. I tried simply using the Use TLS checkbox in this plugin but it just hangs. I was reading here how to get Apache to work with ldap and further down is Configuring secure LDAP : LDAPS http://www.frank4dd.com/howto/apache/apache-ldap-active-directory.htm I did verify secure LDAP is working on our servers through a Microsoft resource utility ldp.exe. Secure LDAP uses port 636 or 3269.
Thanks for any input you may have!
I’m using version (1.4.0.5.1) but it didn’t work although OpenLDAP works fine!
I tried a lot but I gave up so I need your help.
Here you can Simple LDAP Login configurations:
http://i.imgur.com/efsuGzN.png
And OpenLDAP configurations:
http://i.imgur.com/oixeFqA.png
/etc/ldap.conf
http://pastebin.com/WtMqayYD
/etc/hosts
http://pastebin.com/21NC0xG2
OS: ubuntu 12.10 64 bit
WP: 3.5.0
Hi,
The most important thing to test is that your WordPress site can reach your LDAP domain controller on the correct port (389 I believe).
Clif
—
Clifton Griffin
Wordpress Consultant | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
how can I be sure that my wordpress site reaches my LDAP domain?
PS
Don’t forget that phpLDAPAdmin can controls my LDAP server perfectly (as mentioned in this pic. http://i.imgur.com/oixeFqA.png )
how can I be sure that my wordpress site reaches my LDAP domain?
PS
Don’t forget that phpLDAPAdmin can controls my LDAP server perfectly (as mentioned in this pic. http://i.imgur.com/oixeFqA.png )
Any help guys 🙁
I’ve just installed php 5.3.24 with ldap enabled (this is confirmed through phpinfo and I’ve checked in php.ini). I’ve then installed wordpress 3.5.1 (windows 2008). Both fresh installations.
The issue is when trying to activate simple ldap login I’m still getting the ‘no ldap support for php’ error.
After seeing a post about IIS being funny I have copied libeay32.dll and ssleay32.dll from c:/php into windows/system32 and restarted IIS. I’ve also checked PHPRC is in the environmental variables and pointing to the right place.
Any ideas why it wont recognise that ldap is enabled? Have I missed something?
Thanks in advance for any help and advice!
I’m not sure. It’s possible that adLDAP needs to be updated to work with PHP 5.3, though I’d assume I’d have heard more issues if this were the case. Please let me know if you find a solution.
I’m not sure. It’s possible that adLDAP needs to be updated to work with PHP 5.3, though I’d assume I’d have heard more issues if this were the case. Please let me know if you find a solution.
Hi all,
i’ve fixed problem with authentication.
the problem is solved with change authentication level from 2 to 3 in the files.
maybe it’s best pratice have this possibility setting in the admin interface in next release.
Can you show me your code change? I’ll consider it.
—
Clifton Griffin
WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
it’s simple, i’ve changed in all files where’re present from: define (‘LDAP_VERSION’, 2); to define (‘LDAP_VERSION’, 3);
But it’s more simple for non-coders people have this params in configuration options where you’ve a test form.
it’s simple, i’ve changed in all files where’re present from: define (‘LDAP_VERSION’, 2); to define (‘LDAP_VERSION’, 3);
But it’s more simple for non-coders people have this params in configuration options where you’ve a test form.
Hi all,
i’ve fixed problem with authentication.
the problem is solved with change authentication level from 2 to 3 in the files.
maybe it’s best pratice have this possibility setting in the admin interface in next release.
ADLPS authentication problem with AD in the cloud through Federation Services.
I am facing the problem when I try to authenticate againts AD on the cloud. We have a federation services company in the middle, they sent me all the parameter but still is not working. Any idea if this plugin works with federation services?
Hi Pesinet,
I really have no idea. If those services operate as LDAP servers and follow the protocol, it should in theory work. But I have no direct experience with them.
—
Clifton Griffin
WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
thx anyway.
thx anyway.
ADLPS authentication problem with AD in the cloud through Federation Services.
I am facing the problem when I try to authenticate againts AD on the cloud. We have a federation services company in the middle, they sent me all the parameter but still is not working. Any idea if this plugin works with federation services?
Nice Sharing There must be a groundswell for this. Thank
Thank you very much for this plugin! I had to update it to make it work well with WP version 3.5. The updated version of the plugin is available for download here: http://thedesignspace.net/MT2archives/001035.html
Thanks for the updates, ellenm1. I really need to rewrite this plugin from the groundup. This is one of the first plugins I wrote, and it shows!
The upgrade from 1.4 to 1.5 broke the plugin for me. I had to roll it back. This is what my php log shows…
PHP Warning: array_rand() expects parameter 1 to be array, string given in C:inetpubblogwp-contentpluginssimple-ldap-loginincludesadLDAP.php on line 2294
Thanks for letting me know. Can you tell me the error message you received? —
Sent from Mailbox for iPhone
I updated my original post, but this is what my php log says…
PHP Warning: array_rand() expects parameter 1 to be array, string given in C:inetpubblogwp-contentpluginssimple-ldap-loginincludesadLDAP.php on line 2294
Very odd. It’s using the same version of adLDAP. I’ll investigate in the morning! —
Sent from Mailbox for iPhone
Uploaded 1.5.1. I think that will fix the problem. Sorry about that!
So I updated today from version 1.4.0.5.1 to your latest version 1.5.1 and it broke my login:( Even restoring the older plugin made no difference after the upgrade – somehow the only thing that brought me “back to live” was a drop DB and restore DB:( You mentioned to “test before upgrade – how could I do that? I am more then happy to help out fixing this but I am not sure how since all I have is my production environment. I am using WordPress 3.5.2 on a Mac (Lion) server. My PHP version is 5.3.15 and no, there was nothing written to the Apache error log:(
Cheers,
– Uwe Willenbacher
Hi Uwe,
Really sorry it broke your site. This comment made me realize it wasn’t very wise to clean up the old settings on activation of the new version since that makes rollbacks harder.
I’m working on a couple of bug fixes now…I’ll release a 1.5.2 that won’t blow away the 1.4.0.5.1 settings so it should be much easier to test.
Kind regards,
Clif
—
Clifton Griffin
WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
I just uploaded version 1.5.2 with several bug fixes. Please let me know if it works for you if you have a chance to test it. And please relay all error messages if it does not work.
Thanks!
—
Clifton Griffin
WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
So I just updated and I seem to be able to log in:) I have to say that I do miss the little test box (username/password) with “instant” result… Anyhow, I did find one, visual, bug: I have a completely “locked down” site and when the user hits the login page the (reddish) LDAP error page immediately shows: “Simple LDAP Login could not authenticate your credential…” Yes, I have the “High security mode” enabled…
Hi Uwe,
I’ve heard one other complaint on that. Very odd!
I’ll take a look and see what I can figure out. Thanks for getting back with me.
Kind regards,
Clif
—
Clifton Griffin
WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
version 1.4 works -> 1.5.x does not. Again, this is using openLDAP running on Mac OS not Directory Service
Hi Uwe,
I’ve heard one other complaint on that. Very odd!
I’ll take a look and see what I can figure out. Thanks for getting back with me.
Kind regards,
Clif
—
Clifton Griffin
WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
1.52 is not working for me: in all settings fields I get “Notice: Undefined variable: thix in E:wpwpwp-contentpluginssimple-ldap-loginSimple-LDAP-Login.php, repeated many times, followed by the old, stored settings follow. I can still login as an existing LDAP user, but I’m going to roll this back.
Hi, i’ve updated your plugin via worpress update and the users can’t login into the blog (1.5.2 plugin version).
When i reinstall version 1.4.0.1 the users can login.
the error message is: invalid password
Yup, definitely a problem with SImple LDAP – just used the old and it worked…
New version, you mean?
—
Clifton Griffin
WordPress Consultant | Shopp Core Contributor | https://objectiv.co | @clifgriffin (http://twitter.com/clifgriffin)
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
Thank you very much for this plugin! I had to update it to make it work well with WP version 3.5. The updated version of the plugin is available for download here: http://thedesignspace.net/MT2archives/001035.html
Thanks for the updates, ellenm1. I really need to rewrite this plugin from the groundup. This is one of the first plugins I wrote, and it shows!
I want to integrate AD to our wordpress site using this simple ldap login plugin. However, our wordpress site is located at hostgator and not at our physical site. Will we be able to use this plugin? Or does the wordpress site and LDAP server need to be located on the same physical network?
Your web server must be able to talk directly to your LDAP server on the appropriate ports. It doesn’t matter if they are on the same physical network.
However, I’d hazard a guess that your network security team will not be in favor of opening up your LDAP servers to Hostgator.
—
Clifton Griffin
WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
Your web server must be able to talk directly to your LDAP server on the appropriate ports. It doesn’t matter if they are on the same physical network.
However, I’d hazard a guess that your network security team will not be in favor of opening up your LDAP servers to Hostgator.
—
Clifton Griffin
WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
Im getting this error when activating plugin. I’m almost 99% sure everything is enabled and ready to go. Any thoughts?
Warning:
require_once(C:inetpubwwwroot/wp-content/pluginspluginssimpleLDAPupdate_for_WP3.5simple-ldap-loginadLDAP.php):
failed to open stream: No such file or directory in
C:inetpubwwwrootwp-contentpluginssimpleLDAPupdate_for_WP3.5Simple-LDAP-Login.php
on line 10
Fatal error: require_once(): Failed opening required
‘C:inetpubwwwroot/wp-content/pluginspluginssimpleLDAPupdate_for_WP3.5simple-ldap-loginadLDAP.php’
(include_path=’.;C:phppear’) in
C:inetpubwwwrootwp-contentpluginssimpleLDAPupdate_for_WP3.5Simple-LDAP-Login.php
on line 10
Hi Matt,
I recommend you try Simple LDAP Login 1.5 Beta. I uploaded it yesterday: http://downloads.wordpress.org/plugin/simple-ldap-login.zip
It uses a better method to include adLDAP. Please let me know if you have any problems with it…I don’t have the environment to do testing at the moment so I’m relying on other people to fill in the gaps. 🙂
Im getting this error when activating plugin. I’m almost 99% sure everything is enabled and ready to go. Any thoughts?
Warning:
require_once(C:inetpubwwwroot/wp-content/pluginspluginssimpleLDAPupdate_for_WP3.5simple-ldap-loginadLDAP.php):
failed to open stream: No such file or directory in
C:inetpubwwwrootwp-contentpluginssimpleLDAPupdate_for_WP3.5Simple-LDAP-Login.php
on line 10
Fatal error: require_once(): Failed opening required
‘C:inetpubwwwroot/wp-content/pluginspluginssimpleLDAPupdate_for_WP3.5simple-ldap-loginadLDAP.php’
(include_path=’.;C:phppear’) in
C:inetpubwwwrootwp-contentpluginssimpleLDAPupdate_for_WP3.5Simple-LDAP-Login.php
on line 10
Hi Matt,
I recommend you try Simple LDAP Login 1.5 Beta. I uploaded it yesterday: http://downloads.wordpress.org/plugin/simple-ldap-login.zip
It uses a better method to include adLDAP. Please let me know if you have any problems with it…I don’t have the environment to do testing at the moment so I’m relying on other people to fill in the gaps. 🙂
The upgrade from 1.4 to 1.5 broke the plugin for me. I had to roll it back. This is what my php log shows…
PHP Warning: array_rand() expects parameter 1 to be array, string given in C:inetpubblogwp-contentpluginssimple-ldap-loginincludesadLDAP.php on line 2294
Thanks for letting me know. Can you tell me the error message you received? —
Sent from Mailbox for iPhone
I updated my original post, but this is what my php log says…
PHP Warning: array_rand() expects parameter 1 to be array, string given in C:inetpubblogwp-contentpluginssimple-ldap-loginincludesadLDAP.php on line 2294
Very odd. It’s using the same version of adLDAP. I’ll investigate in the morning! —
Sent from Mailbox for iPhone
Uploaded 1.5.1. I think that will fix the problem. Sorry about that!
So I updated today from version 1.4.0.5.1 to your latest version 1.5.1 and it broke my login:( Even restoring the older plugin made no difference after the upgrade – somehow the only thing that brought me “back to live” was a drop DB and restore DB:( You mentioned to “test before upgrade – how could I do that? I am more then happy to help out fixing this but I am not sure how since all I have is my production environment. I am using WordPress 3.5.2 on a Mac (Lion) server. My PHP version is 5.3.15 and no, there was nothing written to the Apache error log:(
Cheers,
– Uwe Willenbacher
Hi Uwe,
Really sorry it broke your site. This comment made me realize it wasn’t very wise to clean up the old settings on activation of the new version since that makes rollbacks harder.
I’m working on a couple of bug fixes now…I’ll release a 1.5.2 that won’t blow away the 1.4.0.5.1 settings so it should be much easier to test.
Kind regards,
Clif
—
Clifton Griffin
WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
Hi, i’ve updated your plugin via worpress update and the users can’t login into the blog (1.5.2 plugin version).
When i reinstall version 1.4.0.1 the users can login.
the error message is: invalid password
1.52 is not working for me: in all settings fields I get “Notice: Undefined variable: thix in E:wpwpwp-contentpluginssimple-ldap-loginSimple-LDAP-Login.php, repeated many times, followed by the old, stored settings follow. I can still login as an existing LDAP user, but I’m going to roll this back.
i am new in LDAP. I installed. however, when i access to http://blog/wp-login.php, the screen is blank and the html has nothing there. did i do something wrong?
I turned on DEBUG and see:
Notice: Undefined variable: thix in
/var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line 156
Notice: Trying to get property of non-object in
/var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line 156
Notice: Undefined variable: thix in
/var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line 156
Notice: Trying to get property of non-object in
/var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line 156
Notice: Undefined variable: thix in
/var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line 156
Notice: Trying to get property of non-object in
/var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line 156
Notice: wp_enqueue_script was called incorrectly. Scripts and styles should not be registered or enqueued until the wp_enqueue_scripts, admin_enqueue_scripts, or login_enqueue_scripts hooks. Please see Debugging in WordPress for more information. (This message was added in version 3.3.) in /var/www/html/wp-includes/functions.php on line 3012
Good catch! Patching for the next version, thanks.
i am new in LDAP. I installed. however, when i access to http://blog/wp-login.php, the screen is blank and the html has nothing there. did i do something wrong?
I turned on DEBUG and see:
Notice: Undefined variable: thix in
/var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line 156
Notice: Trying to get property of non-object in
/var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line 156
Notice: Undefined variable: thix in
/var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line 156
Notice: Trying to get property of non-object in
/var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line 156
Notice: Undefined variable: thix in
/var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line 156
Notice: Trying to get property of non-object in
/var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
on line 156
Notice: wp_enqueue_script was called incorrectly. Scripts and styles should not be registered or enqueued until the wp_enqueue_scripts, admin_enqueue_scripts, or login_enqueue_scripts hooks. Please see Debugging in WordPress for more information. (This message was added in version 3.3.) in /var/www/html/wp-includes/functions.php on line 3012
I just created my first user with the simple LDAP plugin version 1.5.2 and realized that the LDAP information (Username, FName, LName and email address) does NOT get populated in the WordPress account….that could be a potentially big problem and I wonder how I can troubleshoot that? BTW: I just noticed you posted version 1.5.3 – might that fix the problem and is it compatible with openLDAP?
Yup, definitely a problem with SImple LDAP – just used the old and it worked…
New version, you mean?
—
Clifton Griffin
WordPress Consultant | Shopp Core Contributor | https://objectiv.co | @clifgriffin (http://twitter.com/clifgriffin)
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
version 1.4 works -> 1.5.x does not. Again, this is using openLDAP running on Mac OS not Directory Service
Hi – I just installed 1.53 and it connects to AD just fine. However when creating WP user accounts, only the username (sAMAccountname) is brought over. Is there simple fix to bring over the email, first and last as well? I have installed on a WP 3.6 installation that is running on an internal Windows/IIS server.
I am seeing the same behavior when a new user is added. Has there been a resolution to this?
I’m aware of this issue and will fix it as soon as I am able. I apologize for the disruption. :-/
—
Clifton Griffin
WordPress Developer • Shopp Contributor
Website: https://objectiv.co
Follow me on Twitter: @clifgriffin (https://twitter.com/clifgriffin) Shopp Plugins: https://objectiv.co/shopp
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
Just uploaded 1.5.4. This should be fixed!
Hi – I just installed 1.53 and it connects to AD just fine. However when creating WP user accounts, only the username (sAMAccountname) is brought over. Is there simple fix to bring over the email, first and last as well? I have installed on a WP 3.6 installation that is running on an internal Windows/IIS server.
I am seeing the same behavior when a new user is added. Has there been a resolution to this?
I’m aware of this issue and will fix it as soon as I am able. I apologize for the disruption. :-/
—
Clifton Griffin
WordPress Developer • Shopp Contributor
Website: https://objectiv.co
Follow me on Twitter: @clifgriffin (https://twitter.com/clifgriffin) Shopp Plugins: https://objectiv.co/shopp
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
Just uploaded 1.5.4. This should be fixed!
Hi. First of all, thanks for this nice plugin. I have just upgraded to 1.5.4 and wanted to turn group filtering on but it didn’t work. Checking the code quickly in Simple-LDAP-Login.php it seems that in the case of OpenLDAP group filtering is made on cn:
ldap_search($this->ldap, $this->get_setting(‘base_dn’), ‘(‘ . $this->get_setting(‘ol_login’) . ‘=’ . $username . ‘)’, array(‘cn’));
$user_groups[] .= $ldapgroups[$i][‘cn’][0];
This is rather strange since the common name should contain the user name, and actually if i put my complete name in the Required Groups config field I can authenticate, add a typo and it fails.
On a “standard” OpenLDAP I think group filtering should be made either à la Unix on the gidNumber or checking for the user’s dn being a member in a groupOfNames.
Cheers.
Hi Franck,
It seems the configuration varies here. I am working on a patch that will allow specifying the group search attribute and separate it from the login attribute.
Clif
—
Clifton Griffin
WordPress Developer • Shopp Contributor
Website: https://objectiv.co
Follow me on Twitter: @clifgriffin (https://twitter.com/clifgriffin) Shopp Plugins: https://objectiv.co/shopp
Blog: http://clifgriffin.com
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
Hi. First of all, thanks for this nice plugin. I have just upgraded to 1.5.4 and wanted to turn group filtering on but it didn’t work. Checking the code quickly in Simple-LDAP-Login.php it seems that in the case of OpenLDAP group filtering is made on cn:
ldap_search($this->ldap, $this->get_setting(‘base_dn’), ‘(‘ . $this->get_setting(‘ol_login’) . ‘=’ . $username . ‘)’, array(‘cn’));
$user_groups[] .= $ldapgroups[$i][‘cn’][0];
This is rather strange since the common name should contain the user name, and actually if i put my complete name in the Required Groups config field I can authenticate, add a typo and it fails.
On a “standard” OpenLDAP I think group filtering should be made either à la Unix on the gidNumber or checking for the user’s dn being a member in a groupOfNames.
Cheers.
Hi Franck,
It seems the configuration varies here. I am working on a patch that will allow specifying the group search attribute and separate it from the login attribute.
Clif
—
Clifton Griffin
WordPress Developer • Shopp Contributor
Website: https://objectiv.co
Follow me on Twitter: @clifgriffin (https://twitter.com/clifgriffin) Shopp Plugins: https://objectiv.co/shopp
Blog: http://clifgriffin.com
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
Hey there,
I just upgraded to the latest version 1.5.4 and indeed, my earlier problems seem fixed – Thank you! However, I think I found another problem to the plugin: I am about to add the requirement to belong to a specific LDAP group for a login to work, however, that does not seem to function. Any idea why that might be?
Do I need to add any specific syntax to the “Required Groups” field or am I just to add the name or the shortname for that group?
Thanks in advance,
– Uwe
P.S.: I agree with the previous post: Nice plugin – Thanks a bunch for all your hard work…
P.P.S.: I amy be the only one on this, but I do miss the simple username password LDAP query/verification to check if the configuration is correct and a given user actually exists…maybe that could be a feature to be added back by “choice”, i.e. a hidden div if you want to hide it?
Thanks for developing this plugin. I’d like to get it to work on my site.
I installed the plugin and set the Base DN to dc=mycompany,dc=com, which matches the base setting in ldap.conf. But when I try to log in to WordPress using credentials that are stored in LDAP, the login is rejected. Here is the connection in my LDAP logs:
Oct 16 10:28:23 myserver slapd[16063]: conn=310610 fd=42 ACCEPT from IP=127.0.0.1:60487 (IP=0.0.0.0:389)
Oct 16 10:28:23 myserver slapd[16063]: conn=310610 op=0 do_bind: invalid dn (=john.lastname,dc=mycompany,dc=com)
Oct 16 10:28:23 myserver slapd[16063]: conn=310610 op=0 RESULT tag=97 err=34 text=invalid DN
Oct 16 10:28:23 myserver slapd[16063]: conn=310610 op=1 UNBIND
Oct 16 10:28:23 myserver slapd[16063]: conn=310610 fd=42 closed
When I use an LDAP browser I can verify that the user does exist at cn=john.lastname,ou=people,dc=mycompany,dc=com
Can you tell me what I’m doing wrong? Thanks in advance.
Hi John,
Unfortunately I’ve never added a debug log, though I can see how useful that would be.
One of the most common things that causes failures is using an OU in your base DN. For whatever reason, this often causes issues.
You should also double check that LDAP Login Attribute is correct for your install. This setting is in “Advanced”.
Hope this helps!
Clif
Hi, Thanks for the plugin, but I noticed that the user information like name and email are not populating when the account is automatically created. I have version 1.5.4.
The auto-creation of accounts does not seem to work… If I prebuild the user in WP it works great for authentication. Otherwise the user is just displayed the following error:
Notice: Use of undefined constant givenname – assumed ‘givenname’ in
/var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
line 353
Notice: Use of undefined constant sn – assumed ‘sn’ in
/var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
line 353
Notice: Use of undefined constant mail – assumed ‘mail’ in
/var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
line 354
Notice: Use of undefined constant givenname – assumed ‘givenname’ in
/var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
line 356
Notice: Use of undefined constant sn – assumed ‘sn’ in
/var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
line 357
Am I missing something?
Just installed this module & having troubles getting it to work. In drupal i just specify o=xxx for the base dn and the uid for the UserName attribute and it works. Can i do something similar with this module?
Thanks for developing this plugin. I’d like to get it to work on my site.
I installed the plugin and set the Base DN to dc=mycompany,dc=com, which matches the base setting in ldap.conf. But when I try to log in to WordPress using credentials that are stored in LDAP, the login is rejected. Here is the connection in my LDAP logs:
Oct 16 10:28:23 myserver slapd[16063]: conn=310610 fd=42 ACCEPT from IP=127.0.0.1:60487 (IP=0.0.0.0:389)
Oct 16 10:28:23 myserver slapd[16063]: conn=310610 op=0 do_bind: invalid dn (=john.lastname,dc=mycompany,dc=com)
Oct 16 10:28:23 myserver slapd[16063]: conn=310610 op=0 RESULT tag=97 err=34 text=invalid DN
Oct 16 10:28:23 myserver slapd[16063]: conn=310610 op=1 UNBIND
Oct 16 10:28:23 myserver slapd[16063]: conn=310610 fd=42 closed
When I use an LDAP browser I can verify that the user does exist at cn=john.lastname,ou=people,dc=mycompany,dc=com
Can you tell me what I’m doing wrong? Thanks in advance.
Hey there, I just installed Version 1.5.5and it the “Required Groups” still does not work? Any idea what I am doing wrong, how to troubleshoot this. I would like to implement this feature, but each time I enter an exiting LDAP Group in the “Required Groups” fields my my login fails (yes, I am part of the necessary group and yes, I tried the Long name, the short name as well as the group ID – same result with all three…
Hi, got a question.. in plugin configuration there is a notice : Do not specify an OU here. …. Question: where should i specify OU and other stuff? Thanks
I find this usually causes problems and doesn’t contribute much.
YMMV…if you find it works for you, let me know!
—
Clifton Griffin
WordPress Developer • Shopp Contributor
Website: https://objectiv.co
Follow me on Twitter: @clifgriffin (https://twitter.com/clifgriffin) Shopp Plugins: https://objectiv.co/shopp
Blog: http://clifgriffin.com
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes
I assume it only works with anonymous binds? Because I’ve disabled them, and thus nothing seems quite to work. How to debug the authentication process?
Any actions it take that require authentication use the user info at the time they are logging in. So, if it can’t bind, it will fail. If it can bind, it will check their group membership and other requirements to determine if login proceeds.
This model leverages the fact that all users in an LDAP system should be able to access these basic things and prevents us from having to do independent authentication.
The best way to debug is to use two browsers. You should get helpful error messages that will point you in the right direction.
I assume it only works with anonymous binds? Because I’ve disabled them, and thus nothing seems quite to work. How to debug the authentication process?
Any actions it take that require authentication use the user info at the time they are logging in. So, if it can’t bind, it will fail. If it can bind, it will check their group membership and other requirements to determine if login proceeds.
This model leverages the fact that all users in an LDAP system should be able to access these basic things and prevents us from having to do independent authentication.
The best way to debug is to use two browsers. You should get helpful error messages that will point you in the right direction.
Hi Clifton,
We installed this plugin, but some users in our environment are members of lots of groups – when unpacked, one of our users is a member of 722 groups.
This causes issues with one of your functions running into the PHP memory allocation limit (set at 128mb, though we’ve now lifted it to 256mb).
Function definition: public function recursive_groups(group) at line 756 of includesadLDAP.php
I didn’t want to mess with the plugin’s code myself, but have you considered using the LDAP recursive filter? This should be faster than recursing inside PHP, and saves execution time on the webserver.
We use this elsewhere;
$filter = ‘(memberof:1.2.840.113556.1.4.1941:=’.$groupToFind.’)’;
$search = ldap_search($this->connection, $userDN, $filter, array(‘dn’), 1);
$items = ldap_get_entries($this->connection, $search);
Just a suggestion – thanks for the great plugin.
Oh wow, the current code certainly didn’t anticipate 700+ groups.
Feel free to submit a pull request to the project on github: http://wordpress.org/plugins/simple-ldap-login/
I’m a bit busy at the moment, so it may be awhile till I can address this personally. 🙂
Hi Clifton,
Good morning. I am new to use ldap. Could I ask you a question on ldap plugin please?
Basically what I need to do is to use ldap plugin to authenticate a user that is belong to a group called Group1 and pass the credential of Group1 to WordPress for authentication. Is this possible to do in ldap plugin?
E.g.
User1 ID login to system. He/she belongs to Group1 group. ldap then pass Group1/password (Not User1) to WordPress to login.
Your help is greatly appreciated.
Hey Clifton
We are using a wordpress site with your LDAP plugin for our company’s intranet site. At the moment we are faceing problems with users that have special chracters in their passwords – they can’t login to the wordpress site. Is there any possibilty to fix that issue?
Thanks a lot!
Can you give me an example of the special characters that aren’t working? Thanks!
Hey!
For sure: In this case it’s “(
Not sure if more characters are’nt working, but if you like I can test it for you?
Hey Clifton
We are using a wordpress site with your LDAP plugin for our company’s intranet site. At the moment we are faceing problems with users that have special chracters in their passwords – they can’t login to the wordpress site. Is there any possibilty to fix that issue?
Thanks a lot!
Can you give me an example of the special characters that aren’t working? Thanks!
Hey!
For sure: In this case it’s “(
Not sure if more characters are’nt working, but if you like I can test it for you?
Hi Clifton,
Great, simple, plugin! The only problem that I’ve had with it is that users generated with the Simple LDAP Login plugin have user_nicename values with a space, which breaks the WordPress author link. Changing the space to a hyphen or changing the user_nicename value to match the user_login fixes this problem. It would be great if this could be looked at for a next release.
Thanks!
… I have the same problem …
Hi Clifton,
I just downloaded the plugin and uploaded it to my WordPress site but after activation, I couldn’t see the setting link. Your help will be much appreciated. Thanks
Hi again,
The settings is not provided on activation, but I just realized I can use the setting on WordPress L.H.S menu to navigate there.
Thank you.
Hi,
first i must say that i am new to ldap “things” and i came around to your plugin.
we want to connect wordpress with our ldap server.
if i understand correctly we are using special user for binding. Here are some details.
server = “192.168.11.1”
identity = “cn=root,dc=mailusers,dc=com”
password = test
basedn = “dc=mailusers,dc=com”
filter = “(&(title=wp)(uid=%{User-Name}))”
So i am asking you if it’s possible to connect wp with your plugin to openldap with above settings?
Thank you very much.
Can this plugin also pull other attr. like Phone number?
Not currently, sorry.
Hi,
I’m trying to set up SLL but am having issues getting it to work, which is obvious since I’m writing here :D. But I can’t seem to find any documentation on how to enable debug logging. I simply can’t find a way to make the plugin log which requests it’s sending where.
Thank you and have a great day!
This plugin works great for users that have already been created in my WordPress site – once enabled, they can log in with either their original WP password or their LDAP password.
However, users who are in LDAP but have not already been created in WP are not able to log in unless I select the “Create WordPress user for authenticated LDAP login with appropriate roles” option. With this option enabled, the new user is created in WP and they can log in, but I would much rather NOT have it create a new user for everyone (this would result in many outdated users in WP over time, unless the plugin has some method of automatically removing users from WP once they have been removed from LDAP).
Thank you so much in advance for any advice you can offer. I’m so excited to get this up and running! It will be a huge help to our organization.
Hi Kathleen,
Unfortunately there’s no way to login a user without an account, so the create user option is basically a requirement. Your best bet would be to develop a procedure in house to delete customers after a certain amount of time has past.
I believe WordPress stores last logged in information.
Good luck!
Clif
Hi there. We just installed your Simple LDAP Login and it was working great! Thank you for the great work!
However, our LDAP requires us to change our passwords every 90 days. So I just changed my LDAP password and tried to login. I can still login using my old password.
It looks like once an user is authenticated, the site creates a new user as a subscriber. It appears that point forward, it no longer reads the LDAP for authentication because it is an existing WP user (although we have checked the setting “Force all logins to authenticate against LDAP”.
How do we force the site to authenticate the user against our LDAP every time ?
I also tried to disable the “create user” setting. But it would not allow a new person from logging in:
“Simple LDAP Login Error: LDAP credentials are correct, but there is no matching WordPress user and user creation is not enabled.”
Thanks advance for your time and assistance.
Hi,
I’m getting the following error
do_bind: invalid dn (=user,ou=People,dc=sub,dc=mycompany,dc=com)
in ldap log file while trying to use the plugin where user is the username filled in the login screen.
So i guess i should had something to match ‘user’ with something correct.
Thanks for your help
Hi,
when i saved the settings it showed me blank screen, so i manually renamed the simple ldap plugin folder and my site was up, but when tried to reinstall simple ldap login plugin i am receiving Plugin could not be activated because it triggered a fatal error. please let me know how can we fix this.
Regards,
Syed Nasiruddin
This means your PHP install does not have mod_ldap enabled.
what is domain controller? how to set it up in order to use ldap
How can I use Simple LDAP Login to import in AD groups, so that I can assign them custom user roles within WordPress? Any help appreciated
Hello there… Just to let you know: I’d really like the TLS feature to be implemented. We have our open ldap servers set up to only accept encrypted connections.
Anyway, thanks for your hard work.
Hi
I have just installed word press 3 on Windows server 2008 32 bit Machine with My Sql ,IIS and PHP 5 with ldap and mysql.
I have done the procedure described by you for installing simple ldap login by placing it in wp-content and under settings i also done.
i have several queries,
does this work for windows server 2008 32 bit Active Directory
i need to enter domain details in adldap.php and simple-ldap-login.php.
once i successful the ldap users can post comment only if they login using their username and password.
I’m very helpful if u reply on my email id
I just created my first user with the simple LDAP plugin version 1.5.2 and realized that the LDAP information (Username, FName, LName and email address) does NOT get populated in the WordPress account….that could be a potentially big problem and I wonder how I can troubleshoot that? BTW: I just noticed you posted version 1.5.3 – might that fix the problem and is it compatible with openLDAP?
Hi Uwe,
I’ll see what I can find out. Thanks for your patience.
Clif
—
Clifton Griffin
WordPress Consultant | Shopp Core Contributor | https://objectiv.co | @clifgriffin (http://twitter.com/clifgriffin)
That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes