[Plugin: Active Directory Authentication Integration] Usernames with @ signs

  • For our multisite environment, the 0.6 version of the ADAI plugin came at just the right time. We are getting ready for a fall launch of our WordPress environment at Princeton, and as soon as I upgraded to 0.6, everything worked like a charm, including SSL.

    We do have a fringe issue. This issue won’t prevent us from using the plugin. This might be too unique of a problem to justify a change to the plugin, but I thought that I would explain the issue we are having to see if a workaround was possible.

    We have an organizational unit within our directory, in which all of the uid values are email addresses. These are part of our guest account system for provisioned users outside of our university. All Princeton users have a normal uid, for example, mdmuzzie (me). An example guest account user might log in as [email protected] (also me).

    For our normal AD accounts, the uid is the same as the sAMAccountName. For my example guest account, the uid is [email protected] but the sAMAccountName is guest100000000002032.

    I already added a filter to the wpmu_validate_user_signup function in ms-functions.php to allow the period and the @ sign, so I was able to manually add my test guest user to the system. However, that user cannot authenticate, and gets the debug message “…[2] Authentication failed [3] Storing failed login for “[email protected]

    For all users, authentication does not work at all unless I configure ADAI to “Append account suffix to AD usernames before being validated,” using the string “@pu.win.princeton.edu”

    So what I suspect is happening is that the test user is being sent to AD as [email protected]@pu.win.princeton.edu

    What I think might solve this would be an alternate option to “Prepend account prefix to AD usernames before being validated” (instead of the suffix). Then I could use the string “PRINCETON\”

    In our other systems PRINCETON\[email protected] authenticates just fine.

    Does this make sense, or is there a simpler workaround? Are we unique in our use of @ signs in guest usernames?

    Thanks,
    Michael

    https://www.ads-software.com/extend/plugins/active-directory-authentication-integration/

Viewing 3 replies - 16 through 18 (of 18 total)
  • Plugin Author Curtiss Grymala

    (@cgrymala)

    @idealien – Have you tried entering Username@DOMAIN as the bind username to see if that works? I’ve found, in a lot of cases, DOMAIN\Username & Username@DOMAIN are interchangeable.

    I’m thinking that, when the option is actually saved, the backslash is not actually removed; it’s removed when the options page is re-rendered (which means that, if you save the options again without adding it back in, it will be removed from the saved options). It’s most likely because of the stripslashes_deep() call on line 146 of inc/class-adauthint_option.php; but removing that call might cause the plugin to add or leave in extra slashes when other characters are present in the setting.

    Hi

    I have a similar issue and wondered if you’re able to help.

    Using plugin version 0.6 and WordPress 3.4.1 I can’t get the AD suffix to work. We have multiple suffix’s at this company. Our previous version of WordPress using plugin version 0.5a worked ok, but using a ; to separate the suffix’s, i.e. @test.com;@anothertest.com;@lasttest.com

    Any idea’s why it’s not working or what I’m doing wrong? For now I have removed the suffix’s and am using full usernames to log in i.e. [email protected] – I have tried with and without a bind user, and with a bind user having the suffix appended and not appended, but it doesn’t make any difference. I’ve also tried with just one suffix rather than multiple which also failed.

    Your help would be appreciated.

    Thanks,
    Dan.

    Hello,

    We are running 3 WordPress sites, and 1 of which is for our entire campus uses it and we are using your plugin for AD authentication.

    This was working great up until we changes the AD security group that a user had to be in order to gain access to the site, previously manually managed by an Admin, but now the new group is managed by our SIS system. Now we are finding some of our transfer and first year students cannot get in, but others can. It’s wierd….

    I turned debugging on and it doesn’t tell us a whole lot, however when a user who is in the correct security group tries to login to the site, we get an “Invalid Username” message…..

    Can anyone explain this or tell me how to fix it?

    This is a problem such that we are now down to creating manual accounts, local WP accounts for a small group of users…. The impact of doing this is that this will remain this way for all 4 years of their college experience since they are required by some classes they are taking to do classwork and assignments on the site…

    Thanks,

    Phillip M.

Viewing 3 replies - 16 through 18 (of 18 total)
  • The topic ‘[Plugin: Active Directory Authentication Integration] Usernames with @ signs’ is closed to new replies.