LDAP Groups override role of existing users?

  • authLdap has an option called “LDAP Groups override role of existing users?”.

    I think this is rather misleading, because no matter how this setting is set, UserRoleHandler.php will remove already assigned user roles, that are not mapped with LDAP.

    <span style=”text-decoration: underline;”>So here’s my use case:</span>

    I need to auth my users against an AD/LDAP i can’t admin myself. To gain some control on my side, i need to be able to assign WP user roles, separate from whats mapped with LDAP (again, because i can’t change LDAP). So if a mapping is there, the user should be assigned the mapped roles, but if the user already has roles that are not mapped, they should keep these as well.

    The way authLdap is written, thats not possible straight away, because it will remove any user roles that are not mapped with LDAP.

    <span style=”text-decoration: underline;”>Here’s my solution:</span>

    Just comment the lines that remove user roles in UserRoleHandler.php.

    It’s just weird, because i thought that’s what uncheckig “LDAP Groups override role of existing users?” was supposed to do.

    Cheers

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author heiglandreas

    (@heiglandreas)

    Hey there.

    THanks for raising that. Indeed that was what unchecking LDAP groups override role of existing users was supposed to do. And also did in previous versions of WordPress.

    When the plugin was created there was only one role assigned to a user and that would then not be overwritten by the plugin when the option was unchecked.

    In a later version of WordPress though it became possible to assign multiple roles to a user. The plugin though still only assigns the first of those roles. And therefore breaks your current setup.

    I’m sorry about that but I am actually right now preparing a new release that should fix that. If you want to, you can download the new version of the plugin and try to install that to see whether it fixes your issues.

    Thread Starter d0m1

    (@d0m1)

    wow, super fast support. thanks ??

    actually my quick fix works a treat for now. my intention was to make you aware that this might be a reason why others are struggling with your amazing plugin.

    anyways, thanks for your support and continuous work!

    Hi,

    On December 7, I updated my WordPress to the latest version of everything, and at that moment the users who authenticate with LDAP stopped being able to log in.

    Errors with ok users are:

    Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /opt/wordpress/htdocs/wordpress/wp-content/plugins/authldap/src/Wrapper/Ldap.php on line 36

    Notice: No bind successfull. Exception thrown in line 75 in /opt/wordpress/htdocs/wordpress/wp-content/plugins/authldap/authLdap.php on line 522

    I have a multisite and our LDAP is Novell, if you could please help me.

    Thanks a lot

    Juana

    Plugin Author heiglandreas

    (@heiglandreas)

    Hey @juanarr: Would you mind opening a new thread for this? It will make helping you easier for me and everyone else.

    Thanks!

    In the meantime: To help you I need some more information. Most importantly the configuration of the plugin and from that the LDAP-URI is the most important one.

    Additionally if you could tell me (and everyone else checking) what your previous versions of the plugin, WordPress and all the things you updated were and to what you updated.

    Thanks a lot, I’ve made it just know.

    Plugin Author heiglandreas

    (@heiglandreas)

    Hey @d0m1: I’ve released a new version that should – at least partially – fix your problem. I’d really appreciate your feedback!

    Thread Starter d0m1

    (@d0m1)

    hi @heiglandreas,
    thanks for checking back! wdym “partially”? ??

    my fix still works a treat, so there is no need to change anything right now.

    but since you were asking for feedback, i guess i could give it a try. i’d need to test this on our live system, because i dont have another working ldap to check with. i can probably do that sometime next week. i will hit you back.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘LDAP Groups override role of existing users?’ is closed to new replies.