wpDirAuth 1.6 Update

https://www.ads-software.com/extend/plugins/wpdirauth/changelog/ shows this:

1.6.0
Added Add Dir Auth User to Admin User menu. Now able to pre-add Directory Authenticated users and assign roles where previously users would have to log in first, and then have an admin change their role.

Thanks. I must have been looking at cache.

Ummm, we installed 1.6 and had to back it out. In the Apache log we were getting an LDAP cannot connect message, our sys admin reports. When users attempted to login they would just see:

“Directory authentication initially succeeded, but no valid profile was found (search procedure).”

Sad face. ??

@mendocinowebmaster There was some issue with the wordpress plugin directory. The changelog and updated information was in the readme.txt but for some reason, the directory wasnt pulling the updated information. Otto did something to correct it so it is now showing on the wordpress directory.

The new functionality: in the previous versions, if you wanted to add a new Editor (or any user with a role), you were required to have them log in first (since the script creates a new WP User if the directory authenticated username didnt exist in the WP Users table) and after they logged in, change their user role. I personally wanted the ability to add a directory authenticated user AND give them a role before they logged in, and then have it email this user to let them know they had been added to the site.

So no, it wont add all of your AD users to your wordpress site. But it should make the process of adding a new AD user that should have an elevated role easier to manage.

As for who I am, I’m a programmer/Analyst at the University of Missouri. If you search for my name on Google, the first two pages of results are all connected to me. ??

@gilzow Thanks for the information. I thought I pulled a rookie move for a minute.

I dig the idea of the new feature, but I’m also getting connection errors when trying to add users.

As an aside, we’re not on AD. Is AD where you’re going with this plugin? I’ll roll back and stop updating if that’s the case.

LDAP is a pain and I applaud your efforts!

@cewyattjr can you give me some details on how you have wpdirauth configured? That specific error means that the plugin was able to connect to your DC, was able to bind with the passed ssoid/password but that when it searched for the user’s details (sn, givenname, mail) that the DC returned an error. So it’s odd that the Apache logs would show that LDAP was unable to connect since the users wouldnt (or shouldnt) have been able to get that far without a valid connection.

If you want, open up wpdirauth.php, go to line 1411, and change it from
." [$strFilter]");
to
." [$strFilter]" . "[".ldap_error($rscConnection)."]");

Have a user try to log in, and then let me know what the error message says.

@mendocinowebmaster AD is what I have access to but isnt necessarily where I’m moving the plugin to.

Connection issues, huh? The new feature uses the same function to establish the connection as the normal authentication. Which error message are you receiving?

Directory Authentication Error:
* For an unknow reason, WP failed to create a new user. Failure occurred at line 1536 in the function wpDirAuth_add_new_user in the file wpDirAuth.php.

So, the user ID returned isn’t an integer. If I play with the return from if(!is_int($intUserID)){ (line 1534) I get:

Directory Authentication Error:
* Cannot create a user with an empty login name.

I don’t work in PHP a whole lot and this was just a cursory glance, but maybe it’ll help.

Absolutely does. That means there was an issue creating the user via wp_update_user() function.

Can you try something for me? Before line 1532 which contains:
$intUserID = wp_update_user($aryUserDetails);
can you add the following?

if(!function_exists('wp_update_user')){
      include_once(ABSPATH . WPINC . '/registration.php');
  }

and then try adding a new user again.

If this fixes things, it means I made an incorrect assumption and will need to issue a bug fix.

No go. Same error.

I’ve now tried with anonymous and admin binding.

Well then, for some reason, there’s a wordpress failure in creating the user. Is this happening with EVERY user you’re trying to add? Or just a specific one? Is it possible this person(s) is missing information in their LDAP entry (especially email)?

I’m going to guess this is a production site. Is there a point where it has some downtime where you could enable WP_DEBUG in you wp-config file so we can see what additional errors might be occurring?

This is happening with all attempts to manually add. Tweaking the return data on the error gave me the full, appropriate email address.

People who log in with their LDAP credentials have an account created correctly.

After digging through the WP code I decided to change the $intUserID = wp_update_user($aryUserDetails); line to $intUserID = wp_insert_user($aryUserDetails); and it seems to be working. What do you think?

Thanks for all the help, Paul!

ok, that makes no sense. wp_update_user uses wp_insert_user so it should be failing as well. What version of wordpress are you on?

of course, both wp_update_user and wp_insert_user state that they can either create a new user or update a current user so i’m not really sure why they both exist.

Looked through the wp core files. Dont see any reason why I couldnt just use wp_insert_user over wp_update_user though I’m still confused as to why it wont work. Will probably push out 1.6.1 as a bug fix then and change it to wp_insert_user.

I believe I have found a solution to the problem mentioned by cewyattjr. It seems the wpDirAuth_auth function never sets the $strFilterQuery variable if the “Authentication Groups” configuration field is empty. This variable is used as the LDAP search filter by the wpDirAuth_retrieveUserDetails command. Adding the following else statement at line 480 appears to have fixed the bug for us.

if($boolUseGroups == 1){
    // UseGroups code
} else {
    $strFilterQuery = $filterQuery;
}

ah crap. good catch. Actually, it looks like $strFilterQuery should be $filterQuery. The joys of taking over someone elses code and having a different naming schema. Let me make the changes and I’ll push out a bug fix.