authLdap doesn't work with other auth plugins

  • Resolved litinoveweedle

    (@litinoveweedle)


    9 years, 1 month ago

    Hello,

    when using ‘HTTP authentication’ together with ‘authLdap’ I did discovered probably more general problem in how many auth plugins works with:

    add_filter(‘authenticate’…..

    I did describe whole problem in this post:
    https://www.ads-software.com/support/topic/http-authentication-doesnt-work-with-othe-auth-plugins?replies=1#post-7546969

    It is valid as well for authLdap – it doesn’t care, if the $user was already authenticated by previously hooked plugin. To correct this behavior proposed patch should be applied:

    function authLdap_login($user, $username, $password, $already_md5 = false)
{
    if (! empty($user) && ! is_wp_error($user)) {
        return $user;
    }

    // don't do anything when authLDAP is disabled
    if (! authLdap_get_option('Enabled')) {
        authLdap_debug('LDAP disabled in AuthLDAP plugin options (use the first option in the AuthLDAP options to enable it)');
        return $user;
    }

    Kind regards
    Litin

    https://www.ads-software.com/plugins/authldap/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author heiglandreas

    (@heiglandreas)

    Hi Litin.

    Great work! Thanks for bringing that to my attention!

    I only see one little catch. As each plugin-developer defines the priority for her or his plugin to be used within the authenticate-Filter you as an administrator are not capable of specifying a list of plugins to be checked one after the other.

    So you can (currently) only say “I want to use HTTP and LDAP-Authentication and whichever authenticates a user first, wins”. But it would be much better to say something like “I want a user to authenticate via LDAP and if that fails I want to try HTTP and if that also fails ….” That way you can set a ranking of what to try after one another.

    Also your attached code currently also fails if the first plugin fails. As an authentication-plugin has to return either a WP_User or a WP_Error. It can not return NULL as the authentication was either successfull or not.

    Or am I missing something?

    I’ve opened a corresponding issue in the issue-tracker on github and will report back here!

    Thread Starter litinoveweedle

    (@litinoveweedle)

    Hello heiglandreas,

    sorry my mistake, I am new to php and WP, so steep learning curve for me.

    You have comment on the gitlab. ??

    BR
    Litin

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘authLdap doesn't work with other auth plugins’ is closed to new replies.