Hello,
I was trying to set up AuthLDAP to automatically assign the correct WordPress groups to certain LDAP groups. However, something must have gone wrong, as now everyone has been reduced to the role of Subscriber – even all admins. Admins are able to login to the wp-admin portal, but can only change basic settings such as the color appearance and their name. I am using Yunohost and wanted to assign some standard Yunohost groups such as admin to WordPress administrators, and some custom groups to Author or Editor.
Is there any way to get access back or to fix this? And in addition, how could one prevent this from happening again in the future? I am quite certain I wrote down the correct groups in the AuthLDAP setup, so I am not sure what went wrong, or what I did wrong. I otherwise love the idea of this plugin, so I would love to get it to work ??
I think this is related to this previous topic: LDAP Groups override role of existing users? | www.ads-software.com as I previously manually assigned roles to users made using LDAP.
Thank you in advance,
Sem
After updating php to latest version this is the error we receive when trying to login with the authldap plugin:
2024/04/01 13:41:51 [error] 1998184#1998184: *51 FastCGI sent in stderr: “PHP message: PHP Warning: Attempt to read property “ID” on null in /var/www/html/staging/wp-content/themes/ort/Inc/Base/OrtHelperFunctions.php on line 714; PHP message: PHP Warning: Attempt to read property “ID” on null in /var/www/html/staging/wp-content/themes/ort/Inc/Base/OrtHelperFunctions.php on line 714; PHP message: PHP Warning: Attempt to read property “ID” on null in /var/www/html/staging/wp-content/themes/ort/Inc/Base/OrtHelperFunctions.php on line 714; PHP message: PHP Warning: Attempt to read property “ID” on null in /var/www/html/staging/wp-content/themes/ort/Inc/Base/OrtHelperFunctions.php on line 714; PHP message: PHP Warning: Attempt to read property “ID” on null in /var/www/html/staging/wp-content/themes/ort/Inc/Base/OrtHelperFunctions.php on line 714; PHP message: PHP Warning: Attempt to read property “ID” on null in /var/www/html/staging/wp-content/themes/ort/Inc/Base/OrtHelperFunctions.php on line 714; PHP message: PHP Warning: Attempt to read property “ID” on null in /var/www/html/staging/wp-content/themes/ort/Inc/Base/OrtHelperFunctions.php on line 714; PHP message: PHP Warning: Attempt to read property “ID” on null in /var/www/html/staging/wp-content/themes/ort/Inc/Base/OrtHelperFunctions.php on line 714; PHP message: [AuthLDAP] User ‘testuser’ logging in; PHP message: [AuthLDAP] about to do LDAP authentication; PHP message: [AuthLDAP] connect to LDAP server; PHP message: PHP Fatal error: Uncaught Error: Call to undefined function ldap_connect() in /var/www/html/staging/wp-content/plugins/authldap/src/Wrapper/Ldap.php:29
]]>Hi,
On December 7, I updated my WordPress from 5.6.26 to 6.4.2, including plugins and themes. From that moment, correct users who authenticate with LDAP at other apps, stopped being able to log in our wordpress.
Errors with ok users are:
Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /opt/wordpress/htdocs/wordpress/wp-content/plugins/authldap/src/Wrapper/Ldap.php on line 36
Notice: No bind successfull. Exception thrown in line 75 in?/opt/wordpress/htdocs/wordpress/wp-content/plugins/authldap/authLdap.php?on line?522
However, we have verified that the LDAP is reached and the authentication is registered as correct in it, but apparently it stops collecting attributes
I have a multisite and our LDAP is Novell, if you could please help me.
Thanks a lot
]]>authLdap has an option called “LDAP Groups override role of existing users?”.
I think this is rather misleading, because no matter how this setting is set, UserRoleHandler.php will remove already assigned user roles, that are not mapped with LDAP.
<span style=”text-decoration: underline;”>So here’s my use case:</span>
I need to auth my users against an AD/LDAP i can’t admin myself. To gain some control on my side, i need to be able to assign WP user roles, separate from whats mapped with LDAP (again, because i can’t change LDAP). So if a mapping is there, the user should be assigned the mapped roles, but if the user already has roles that are not mapped, they should keep these as well.
The way authLdap is written, thats not possible straight away, because it will remove any user roles that are not mapped with LDAP.
<span style=”text-decoration: underline;”>Here’s my solution:</span>
Just comment the lines that remove user roles in UserRoleHandler.php.
It’s just weird, because i thought that’s what uncheckig “LDAP Groups override role of existing users?” was supposed to do.
Cheers
]]>Hi, I would like to know if this plugin allows:
Thank you
]]>Hello, strange things happening – plugin and website working with apache, but does not work with php-fpm/nginx. Does anyone have any suggestions or hints?
]]>Hi
All my 10 websites have updated AuthLDAP from 2.5.2 to 2.5.4.
using WordPress 6.1.3 and php 7.4.32
Now it is not possible to connect anymore with ldap user, wordpress displays
——
There has been a critical error on this website. Please check your site admin email inbox for instructions.
Learn more about troubleshooting WordPress.
——
The content of mail sent to admin is
—–
Error Details
=============
An error of type E_ERROR was caused in line 385 of the file /data/www/XXXX/wp-content/plugins/authldap/authLdap.php. Error message: Uncaught Error: [] operator not supported for strings in /data/www/XXXX/wp-content/plugins/authldap/authLdap.php:385
Stack trace:
#0 /data/www/XXXX/wp-includes/class-wp-hook.php(308): authLdap_login()
#1 /data/www/XXXX/wp-includes/plugin.php(205): WP_Hook->apply_filters()
#2 /data/www/XXXX/wp-includes/pluggable.php(614): apply_filters()
#3 /data/www/XXXX/wp-includes/user.php(95): wp_authenticate()
#4 /data/www/XXXX/wp-login.php(1231): wp_signon()
#5 {main}
thrown
—–
Apache. log after enabling debug option
—
[Wed Aug 30 13:47:23.789076 2023] [php7:notice] [pid 15404] [client 10.8.0.3:53171] [AuthLDAP] User ‘guillaume’ logging in, referer: https://www.mysite.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.mysite.com%2Fwp-admin%2F&reauth=1
[Wed Aug 30 13:47:23.789107 2023] [php7:notice] [pid 15404] [client 10.8.0.3:53171] [AuthLDAP] about to do LDAP authentication, referer: https://www.mysite.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.mysite.com%2Fwp-admin%2F&reauth=1
[Wed Aug 30 13:47:23.789115 2023] [php7:notice] [pid 15404] [client 10.8.0.3:53171] [AuthLDAP] connect to LDAP server, referer: https://www.mysite.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.mysite.com%2Fwp-admin%2F&reauth=1
[Wed Aug 30 13:47:23.791143 2023] [php7:notice] [pid 15404] [client 10.8.0.3:53171] [AuthLDAP] LDAP authentication successful, referer: https://www.mysite.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.mysite.com%2Fwp-admin%2F&reauth=1
[Wed Aug 30 13:47:23.791607 2023] [php7:notice] [pid 15404] [client 10.8.0.3:53171] [AuthLDAP] Existing user, uid = 2, referer: https://www.mysite.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.mysite.com%2Fwp-admin%2F&reauth=1
[Wed Aug 30 13:47:23.791678 2023] [php7:notice] [pid 15404] [client 10.8.0.3:53171] [AuthLDAP] Array\n(\n [administrator] => \n [editor] => \n [author] => \n [contributor] => \n [subscriber] => \n)\n, referer: https://www.mysite.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.mysite.com%2Fwp-admin%2F&reauth=1
[Wed Aug 30 13:47:23.791689 2023] [php7:notice] [pid 15404] [client 10.8.0.3:53171] [AuthLDAP] Array\n(\n [administrator] => \n [editor] => \n [author] => \n [contributor] => \n [subscriber] => \n)\n, referer: https://www.mysite.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.mysite.com%2Fwp-admin%2F&reauth=1
[Wed Aug 30 13:47:23.791697 2023] [php7:notice] [pid 15404] [client 10.8.0.3:53171] [AuthLDAP] No group names defined, referer: https://www.mysite.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.mysite.com%2Fwp-admin%2F&reauth=1
[Wed Aug 30 13:47:23.791702 2023] [php7:notice] [pid 15404] [client 10.8.0.3:53171] [AuthLDAP] role from group mapping: “”, referer: https://www.mysite.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.mysite.com%2Fwp-admin%2F&reauth=1
[Wed Aug 30 13:47:23.791706 2023] [php7:notice] [pid 15404] [client 10.8.0.3:53171] [AuthLDAP] no role yet, set default role, referer: https://www.mysite.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.mysite.com%2Fwp-admin%2F&reauth=1
[Wed Aug 30 13:47:23.791743 2023] [php7:error] [pid 15404] [client 10.8.0.3:53171] PHP Fatal error: Uncaught Error: [] operator not supported for strings in /data/www/XXX/wp-content/plugins/authldap/authLdap.php:385\nStack trace:\n#0 /data/www/XXX/wp-includes/class-wp-hook.php(308): authLdap_login()\n#1 /data/www/XXX/wp-includes/plugin.php(205): WP_Hook->apply_filters()\n#2 /data/www/XXX/wp-includes/pluggable.php(614): apply_filters()\n#3 /data/www/XXX/wp-includes/user.php(95): wp_authenticate()\n#4 /data/www/XXX/wp-login.php(1231): wp_signon()\n#5 {main}\n thrown in /data/www/XXX/wp-content/plugins/authldap/authLdap.php on line 385, referer: https://www.mysite.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.mysite.com%2Fwp-admin%2F&reauth=1
—
the configuration is here : https://dl.chercheur-de-lumieres.fr/authldap/
any help is welcomed
thanks
regards
]]>This is just perfect! Danke Andreas ??
I seriously had no clue about LDAP a couple of days ago (tbf i still don’t). After like an hour of trial and error i solved the LDAP url puzzle and this plugin just worked with my fresh wordpress 6.1.1 installation.
Some advice to get this going:
Last but not least: if you keep struggling – get in touch with Andreas. I didn’t, but i like to believe that he’s super cool and helpful. Cheers!
]]>Morning,
I’m trying to connect to a localhost ldap and using AuthLDAP for that connection and maintain the same group name that it is in LDAP.
I have selected Suscriber from Default Role combobox.
And LDAP Group override role of existing users is enabled.
When log on with a ldap user, the role is Suscriber.
Is there any way to create the user with the same group that has in LDAP?
Thank you,
]]>I have a minor modification to authLdap.php for supporting using ‘dn’ in authLDAPGroupAttr.
I don’t know how to submit this changes for merging into main stream. Here is the minor modification:
original:
for ($i = 0; $i < $groups [‘count’]; $i++) {
for ($k = 0; $k < $groups[$i][strtolower($authLDAPGroupAttr)][‘count’]; $k++) {
$grp[] = $groups[$i][strtolower($authLDAPGroupAttr)][$k];
}
}
modified:
// Modified to handle ‘dn’ in authLDAPGroupAttr
for ($i = 0; $i < $groups [‘count’]; $i++) {
if ($authLDAPGroupAttr == “dn”) {
$grp[] = $groups[$i][‘dn’];
} else {
for ($k = 0; $k < $groups[$i][strtolower($authLDAPGroupAttr)][‘count’]; $k++) {
$grp[] = $groups[$i][strtolower($authLDAPGroupAttr)][$k];
}
}
}
Hello Andi,
I observed that there were no commits to authLdap since a year on Github. Since I proposed a bugfix some weeks ago, I want to ask you if development is still active, or if maybe the repository on Github has been given up, and you moved the project to somewhere else?
Kind regards,
Robert
Hi, is it possible to have SSO with your plugin?
Thanks for your reply,
Dear Andreas,
When I try to activate plugin on my multisite web using network activate there are error.
“the LDAP-extension is not available on your Webserver. Therefore everything everything you can alter here does not make any sense”
“Caveat :the LDAP-extension is not loaded! Without that extension it is not possible to query an LDAP-server!”
I’m using local webserver.
]]>Hi,
I broke my blog after playing with the ldapauth plugin.
After a good try in login my blog with atribute “mail” of my ldap account, i change the “mail” mapping attribute to “uid“.
I disabled too the “Auto Registration…” and “…both WP and wordpress account“, and now, i can’t login to my blog, neither with the local account nor with my ldap account.
How can i change the plugin configuration in the mariadb base please ? what table ?
Please Help.
Best regards
Hi, I’m trying to configure the plugin to work with Windows Active Directory, but keep getting this error in /var/log/php-fpm/www-error.log
No bind successfull. Exception thrown in line 70
Although I can see there has been a successful bind when viewing the traffic with Wireshark.
Line 70 seems to relate to ‘NameAttr’. I’ve tried different name attribute values but always get the same response. The URI i’m trying is:
ldap://NOC%5cLDAP-WIKIAUTH:[email protected]/OU=Security%20Groups,dc=my,dc=net
Please advise. Many Thanks
]]>Hallo, nach der Umstellung von PHP 7.2 auf 7.3 arbeitet das Plugin leider nicht mehr, das sollte doch eigentlich laufen, oder?
`Stack trace:
#0 /kunden/557088_51467/web/bwh2020/wp-content/plugins/authldap/ldap.php(247): Org_Heigl\AuthLdap\LDAP->connect()
#1 /kunden/557088_51467/web/bwh2020/wp-content/plugins/authldap/src/LdapList.php(46): Org_Heigl\AuthLdap\LDAP->authenticate(‘xx’, ‘xx’, ‘mail=%s’)
#2 /kunden/557088_51467/web/bwh2020/wp-content/plugins/authldap/authLdap.php(278): Org_Heigl\AuthLdap\LdapList->authenticate(‘xx’, ‘xx’, ‘mail=%s’)
#3 /kunden/557088_51467/web/bwh2020/wp-includes/class-wp-hook.php(287): authLdap_login(NULL, ‘xx’, ‘xx’)
#4 /kunden/557088_51467/web/bwh2020/wp-includes/plugin.php(212): WP_Hook->apply_filters(NULL, Array)
#5 /kunden/557088_51467/web/bwh2020/wp-includes/pluggable.php(549): apply_filters(‘authenticate’, NULL, ‘xx’, ‘xx’)
#6 /kunden/557088_51467/web/bwh2020/wp-includes/user.p
Hello,
I’m using WP 5.7.2 and trying to setup the authLDAP plugin.
The WP server is running on WAMP under Windows Server.
The issue is: ldap authentication failed with exception bind was not successful – invalid credentials when i try to connect with an AD User.
here is my setup for the plugin :
ldap://user:password@server:389/dc=corp,dc=spiders-games,dc=com
]]>Hi Guys,
Am new at this and would like help in setting up this plugin on our site as soon as possible a remote session would be great with some one who has done the setup.
Regards,
]]>I am very happy with this plugin so far!!! I got it to work in a few minutes only. The only thing that puzzles me is why I cannot get the role to group mapping working.
First a question about two diffent settings I am not sure how to interpret them because they look similar (but they aren’t of course):
– Map LDAP Groups to wordpress Roles? Search LDAP for user’s groups and map to WordPress Roles.
– LDAP Groups override role of existing users? If role determined by LDAP Group differs from existing WordPress User’s role, use LDAP Group.
The first is if role group mapping should be executed in the first place. If so, I would suggest this option to present under the Groups for Roles section (lower on the settings page).
Enabling the second option is probably what caused my administrator account to be degraded to Contributer instead of having the administrator role? Am I correct?
I am using the plugin with an Active Directory. I figured out the settings to have it authenticate to my Active Directory. It wasn’t clear to me in the beginning that I needed to specify an account in the LDAP URI to be able to bind to the AD in the first place. Figured that out.
Now I want to match some WordPress roles to groups in Active Directory. I specified the following in the settings:
Group-Base: left empty
Group-Attribute: cn (because I expect cn values of groups to be specified further down)
Group-Separator: left empty, so it defaults to comma
Group-Filter: (&(objectClass=group)(member=%dn%))
In the list of roles I configured three groups that exist in the Active Directory:
Administrator: Portal administrators
Internal: Internal accounts
External: External accounts
When I login with a user who’s a member of the Active Directory group ‘Internal accounts’, the user is created in WordPress but it is only assigned the default role ‘Contributor’ and not the role ‘Internal’.
I also tried the Group-Filter with (&(objectClass=groupOfNames)(member=%dn%)) but that attribute does not exist in AD, so I expect that the above mentioned group filter is correct?
I also tried to find how the debug option works for this plugin but I did not find that so far. Any help is appreciated and I am confident it will work, just need to know what I am overlooking. I don’t know if no groups are retrieved from AD or if the groups are not correctly matched.
]]>I got the plugin working with my Active Directory. A user is created in WordPress once authenticated through Active Directory. The user is created with minimal attributes set and not how I expected it to be.
In WordPress the below attributes exist for a user:
Username
First Name
Last Name
Nickname
Displat name publicly as (select box)
Email
Website
Biographical Info
In the plugin I can only configure the below attributes to be mapped to a LDAP attribute and I am not sure how these are used in relation to the WordPress attributes:
Name-Attribute
Second Name Attribute
User-ID Attribute
Mail Attribute
Web-Attribute
Default Role
Currently a new user is created without first and lastname configured. The Nickname and Display name publicly are configure with the user ID.
How can I configure the plugin to create a userobject with all attributes configured correctly?
]]>Hi Andreas,
Thanks for great plugin.
I however struggle with its configuration for the windows Active Directory authentication. When I try to login with one of pre-created test AD account I receive following error message “Unknown username. Check again or try your email address”
I guess this means that plugin cannot connect to AD server to verify the existence of the test account. I conclude that the problem lies with the URI string which do be honest is not completely clear to me following the guidance provided on the configuration page.
According to it string should look as follows:
ldap://uid=adminuser,dc=example,c=com:[email protected]/dc=basePath,dc=example,c=com.
I’ve entered some test information just to present your with the string format I receive:
ldap://uid=MyYsername,DC=ABC,DC=ACD,DC=ADE:mypassword@abc.acd.ade/DC=abc,DC=acd,DC=ade
Would you be able to advise whether there is something explicitly wrong with my URI string and this is why I experience this problem?
Many thanks in advance!
]]>Hello,
for some time (unfortunately I cannot exactly determine the period of time) I cannot login with newly created users. “Old” users work continuously.
Log output:
[25-Jan-2021 20:58:38 UTC] [AuthLDAP] User 'newuser' logging in
[25-Jan-2021 20:58:38 UTC] [AuthLDAP] about to do LDAP authentication
[25-Jan-2021 20:58:38 UTC] [AuthLDAP] connect to LDAP server
[25-Jan-2021 20:58:38 UTC] [AuthLDAP] No bind successfull. Exception thrown in line 70
[25-Jan-2021 20:58:38 UTC] PHP Notice: No bind successfull. Exception thrown in line 70 in /var/www/clients/client1/web1/web/wp-content/plugins/authldap/authLdap.php on line 455
[25-Jan-2021 20:59:20 UTC] [AuthLDAP] User 'existinguser' logging in
[25-Jan-2021 20:59:20 UTC] [AuthLDAP] about to do LDAP authentication
[25-Jan-2021 20:59:20 UTC] [AuthLDAP] connect to LDAP server
[25-Jan-2021 20:59:20 UTC] [AuthLDAP] LDAP authentication successfull
[25-Jan-2021 20:59:20 UTC] [AuthLDAP] Existing user, uid = 1
[25-Jan-2021 20:59:20 UTC] [AuthLDAP] Array
(
[administrator] => 5078
[editor] => 5081
[author] => 5079
[contributor] => 5080
[subscriber] => 5083
)
[25-Jan-2021 20:59:20 UTC] [AuthLDAP] Array
(
[administrator] => 5078
[editor] => 5081
[author] => 5079
[contributor] => 5080
[subscriber] => 5083
)
...But the new user can login on some other webapps with LDAP support, so I think there is a problem with this plugin and not the user itself.
Can I supply you with some other helpful information?
Thanks in advance!
It appears usernames are not sanitized before sent to ldap search. To replicate, add \’ in front of the username before logging in. If PHP warnings are turned on, you should see this:
Warning: ldap_search(): Search: Bad search filter in /xxxxx/wp-content/plugins/authldap/ldap.php on line 204 Call Stack: 0.0005 406080 1. {main}() /xxxxx/wp-login.php:0 0.2600 3583480 2. wp_signon() /xxxxx/wp-login.php:1257 0.2601 3584720 3. wp_authenticate() /xxxxx/wp-includes/user.php:95 0.2601 3584760 4. apply_filters() /xxxxx/wp-includes/pluggable.php:549 0.2601 3585160 5. WP_Hook->apply_filters() /xxxxx/wp-includes/plugin.php:212 0.2601 3586640 6. authLdap_login() /xxxxx/wp-includes/class-wp-hook.php:287 0.2615 3591984 7. Org_Heigl\AuthLdap\LdapList->authenticate() /xxxxx/wp-content/plugins/authldap/authLdap.php:278 0.2615 3591984 8. Org_Heigl\AuthLdap\LDAP->authenticate() /xxxxx/wp-content/plugins/authldap/src/LdapList.php:46 0.2835 3592352 9. Org_Heigl\AuthLdap\LDAP->search() /xxxxx/wp-content/plugins/authldap/ldap.php:249 0.2835 3592352 10. ldap_search() /xxxxx/wp-content/plugins/authldap/ldap.php:204
This poses a problem for our security team, and we are unable to deploy our websites with your plugin active. We like using your plugin and would like to continue using it instead of finding an alternative.
]]>good day. I want to migrate from the Active Directory Integration for Intranet sites plugin.
I can’t figure out how to transfer login data
* LDAP Server: ldap: //?.?.?.?: 389
* Service Account Username: CN = ?, OU = ?, OU = ?, OU = ?, DC = ?, DC = ?, DC = kz
* Service Account Password:
* Search Base (s): DC = ?, DC = ?, DC = kz
* Username Attribute: userPrincipalName
? – my hidden data
Tell me how the data is correct in your plugin and additional data in the user registration for example “name”
]]>Hi,
first of all thanks for sharing this awesome plugin with the community!
We are using an outdated LDAP plugin for our wordpress multisite network and we would love to update to the Authldap plugin instead, since our current one has not been updated in many years. When trying on our Dev server the Authldap plugin, we miss a feature from our current old plugin that we would love to see if it’s possible to add to the Authldap. See the feature below:
———————–
Auto-Create WPMU Accounts? Yes No
If “Yes”, this will automatically create a WPMU account for any user that successfully authenticates against the LDAP server. The WPMU user account will be named the same as the LDAP username.
If “No”, then a Site Admin must create a WPMU user account for the user to be able to log in. The WPMU user account must be named the same as the LDAP username for LDAP authentication to function.
———————–
Our organization has a very large LDAP user database, and we don’t want to give access to the any site on the Multisite Installation to anyone on the LDAP system (even if it’s just as subscriber). Would be possible to add this option, so just current registered users can login via LDAP?
Thank you!
]]>Hi, I have WP behind a kubernetes infrastructure, I’m looking for use secrets to store the credentials.
Have a way to do this? Or need develop for it?
]]>My LDAP service account had a password with numbers, symbols, upper and lower case letters and was not working. Once I changed the password to a simpler password, it started to work.
For example, ldaps://cn=wpService,ou=sa,o=system:Bab3lF!$#@10.20.30.41:636/o=data failed. ldaps://cn=wpService,ou=sa,o=system:[email protected]:636/o=data worked.
The directory was eDirectory.
The user’s password was complex but that did work fine. Only the service account password was an issue.
]]>Hi,
i’m trying to mapping the LDAP groups into wordpress roles.
I’m able to access site via “ldap://ldap.forumsys.com:389”, but with the wrong role; always the default role.
I have created two roles “Mathematicians” & “Scientists” in wordpress and i remapped this two with the corresponding LDAP roles.
Can someone help me to understand how to set the parameters in the “Groups for Roles” and “Role – group mapping” sections for the “ldap://ldap.forumsys.com:389” sample LDAP?
Thanks in advance, Emiliano
]]>I got 403 error when enabling debug mode.
]]>Hi,
We have a site that has been running without issue for about 18 months. Recently we have experienced a problem that only effects two of our users. When they tried to log in their role is being read as ‘read_private_courses’ and the login is rejected as that is not a valid role.
‘read_private_courses’ is a permission associated with a role in the LifterLMS plugin.
Here is an anonymised version of the error log. Both of the rejected logins are the same person. Each time they try to login we see a similar error in the log.
[Thu Jun 20 01:54:39.276340 2019] [php7:notice] [pid 31274] [client 00.00.00.00:20112] [AuthLDAP] User '[email protected]' logging in, referer: https://example.net/
[Thu Jun 20 01:54:39.276369 2019] [php7:notice] [pid 31274] [client 00.00.00.00:20112] [AuthLDAP] about to do LDAP authentication, referer: https://example.net/
[Thu Jun 20 01:54:39.276379 2019] [php7:notice] [pid 31274] [client 00.00.00.00:20112] [AuthLDAP] connect to LDAP server, referer: https://example.net/
[Thu Jun 20 01:54:39.291486 2019] [php7:notice] [pid 31274] [client 00.00.00.00:20112] [AuthLDAP] LDAP authentication successfull, referer: https://example.net/
[Thu Jun 20 01:54:39.293448 2019] [php7:notice] [pid 31274] [client 00.00.00.00:20112] [AuthLDAP] Existing user, uid = 38, referer: https://example.net/
[Thu Jun 20 01:54:39.293860 2019] [php7:notice] [pid 31274] [client 00.00.00.00:20112] [AuthLDAP] Existing user's role: read_private_courses, referer: https://example.net/
[Thu Jun 20 01:54:39.294069 2019] [php7:notice] [pid 31274] [client 00.00.00.00:20112] [AuthLDAP] role is invalid, referer: https://example.net/
[Thu Jun 20 01:54:47.384191 2019] [php7:notice] [pid 30081] [client 00.00.00.00:8548] [AuthLDAP] User '[email protected]' logging in, referer: https://example.net/
[Thu Jun 20 01:54:47.384213 2019] [php7:notice] [pid 30081] [client 00.00.00.00:8548] [AuthLDAP] about to do LDAP authentication, referer: https://example.net/
[Thu Jun 20 01:54:47.384225 2019] [php7:notice] [pid 30081] [client 00.00.00.00:8548] [AuthLDAP] connect to LDAP server, referer: https://example.net/
[Thu Jun 20 01:54:47.399971 2019] [php7:notice] [pid 30081] [client 00.00.00.00:8548] [AuthLDAP] No bind successfull. Exception thrown in line 68, referer: https://example.net/
As far as I can see, both users have valid roles, so I can’t see where AuthLDAP is getting this data from.
Any help would be appreciated.
Barry
]]>