[Plugin: Active Directory Integration] Version 0.9.0 published

I think this plugin will fit my needs but I have a few snags limiting its use for me.

Couple of questions that may help in its continued use…

1. Can you add an option to auth off of AD’s samaccountname instead of AD’s description attribute?

2. Can you add an option to set WordPress displayname to be them same as AD’s description (if not using the description to auth off of)?

Hi jc!

1. The user is authenticated by sAMAccountName not by description, which would make no sense.

2. I have added the option to choose which Active Directory attribute is used to set the WP display name in version 0.9.3. You can choose from sAMAccountName, displayName, description, SN, CN, givenName or mail.

I hope this helps you.

The plugin is great. I just installed it and it works mostly fine. I am not sure if it is just me. I have one small issue. When a user click “log in”, and the log in page shows with a “Invalid username or incorrect password” error message. At this moment, the user has not entered anything yet. After correct AD credential is entered, all just work. The version I use is 0.9.5 with WordPress 2.8.1, php 5.3.0 and iis 7 on Windows 2008. Any idea on this issue? Thanks.

1. You are right. It would make no sense. I had description on the brain. I meant AD’s displayname. I have done several tests in my dev environment where I cannot login without using the AD displayname instead of the AD samaccountname. In my test environment I have a samaccount name of aaabbb and a displayname of aaabbb_disp. Using this plugin I cannot locate / login with the samaccount name of aaabbb only the displayname aaabbb_disp. If the AD display name is blank I still cannot login. However, through all this I think my issue is/was around the fact that my dev environment did not have the configuration setting for Account Suffix. It was empty. Setting it made to auth’ing work as expected. Not having it configures makes the auth’ing work against the displayname for some reason. A question does come to mind is if there are multiple @domain.tld options that could be applied, for one example a parent – child domain, how would authentication be affected with a set appended suffix if auth’ing across domain?

2. This does help tremendously. Thanks for make the addition!! The key though is like item #1. If there is no suffix listed then when creating a user in WordPress all fields don’t get populated correctly.

3. You have an option to send notification is an account is blocked. Is that AD locked or AD disabled? I’d like to see some type of integration and notification with an AD disabled account and the corresponding WordPress account. Is this possible?

(is there a better place to discuss support on this product than here?)

1. Use of the account suffix is essential. I think about the ability to authenticate against different domains. I′ll set it on the roadmap.

2. …

3. No changes were made to AD. The username is stored locally in the wordpress db together with a timestamp. If the account is blocked (in wordpress) no AD authentication attempts are made. That′s all. Simple but effective.

You can discuss ADI on BLogbuch.

@shimh: this issue is fixed in 0.9.6.

OK, So what am I doing wrong? I installed the plugin like so many others and when I goto the login page, Internet Explorer comes up blank and says done at the bottom.
I can no longer get the the Login Page with it activated.
I even tryed to use the default Theme. I am using WordPress 2.8.1

Thoughts and thanks.

@jc_513 The trick to get it to authenticate against samaAccountname is to comment out the following line in adLDAP.php in function authenticate. Then you won’t need to mess around with suffix.

$this->_bind = @ldap_bind($this->_conn,$username.$this->_account_suffix,$password);

Hope it works for you.

Hi Glatze,
Thanks for making this plugin.
Does your plugin work with WordPress 2.8.6? It only says 2.8.5. My district internet engineer has been trying to make an AD/LDAP WordPress plugin work for me. I think the reason these plugins aren’t working is that none of them work with v. 2.8.6–at least none of them say they are compatible with this version.

This is a vital component of what I’m trying to do in the ‘Growing Communities of Scientists’ program with hundreds of users and need to know if our Internet guy should continue pressing forward with your plugin.

I’m using Ubuntu Hardy as the server.
Thanks again,
David

@naima.shaikh

Thanks for the tip about samaAccountname.
I was geting this message when using the test tool:

[NOTICE] adLDAP object created.
[INFO] max_login_attempts: 3
[INFO] users failed logins: 0
[ERROR] Authentication failed
[WARN] storing failed login for user “ldap”
Logon failed

It’s been bugging me forever and I haven’t been able to authenticate with AD using any other plugin so far, and by commenting out that code everything worked fine. So if anyone ever gets this error, try following what naima.shaikh mentioned above.

I had the same error.

And yes commenting out that line in the adLDAP.php file under the plugin folder works!

If you comment out that code, it’s not pulling data from the Active Directory, it’s just adding a new user to the WordPress database. I am having much difficulty successfully connecting to the AD for my company. It says it successfully creates the ldap object but then gives me the Authentication Failed error and warns that “storing failed login for rpeters”. I know I’m putting in a correct network username and password.