heiglandreas

Hey. Great to hear that that problem was solved ??

Let’s now tackle the other issue ??
The easiest would be to either send some screenshots or the result of `SELECT *
option_value from wp_options WHERE option_name = ‘authLDAPOptions’`

• This reply was modified 3 years, 9 months ago by heiglandreas.

Hey there.

This sounds really weird. Can you provide me with the configuration of authLdap and the content of the existing and the new User from the LDAP?

I need to see some more details to figure out why it is working in some cases and not in others…

And does that happen for all new users? Since when is that an issue? Or is that one specific user that has this problem?

Feel free to send the sanitized information directly to authldap AT heigl DOT org if you don’t feel comfortable sharing it here in public.

From what I read from the logs, there is either an issue with finding the new user in the LDAP or with the password of that user.

Thanks for your help in solving that!

In the just released version 2.4.3 I’ve added escaping of the provided “username” value, so that this should not be an issue any more. All other provided informations come either from the administrator or directly from the LDAP and are therefore not considered harmful and are not escaped. The password is also not escaped as that might break existing valid logins.

Can you check that it works as you expected?

Hey there.

Thanks for the suggestion! I will need to check what is currently already possible especially with WPMU setups. I will get back to you tomorrow on that!

Hey there. I’ve just tagged a new release that allows to use environment variables. Feel free to give it a try and report any issues either here or via https://github.com/heiglandreas/authLdap/issues

If everything works I’d be happpy if you could mark this thread as resolved ??

I won’t be able to do it right now, but will see how far I get over the weekend.

Currently I’m thinking of 2 things:

* using a special schema env:MY_ENV_VARIALBE_NAME in the ldap-URI field that will then use the value of the environment-variable MY_ENV_VARIALBE_NAME as LDAP-URI
* Replacing %ENV:MY_ENV_VARIABLE_NAME% inside the LDAP-URI with the value of the environment-variable MY_ENV_VARIABLE_NAME

SO you could then use one of the two approaches as flexible as you’d like.

Would that be helpful?

Currently that is not possible but it is actually a good idea.

Would you just want to store the password in an env-variable or also the username? Or rather the complete LDAP-URI?

Yes, that’s possible. The LDAP-Uri can contain a user-DN and a password that is used for the initial bind. For more information have a look at the documentation on the configuration page of the plugin.

You are most probably using an outdated PHP-version as the ldap_escape function is only available from PHP5.6 on. That’s why the plugin version 2.1.1 requires at least PHP5.6 as noted in the readme.txt – Though I’ve just noticed that the plugin page still states PHP5.4 as the min version.

Thanks for bringing that to my aftention. I see to fix that ASAP.

So for you the tso options are either to upgrade your PHP to a supported version (7.1 or higher – highly recommended!) or use an older version of the plugin.

You should be able to deactivate registration of new users. That way only people known to the LDAP or users the admin created via the backend can authenticate.

For more information have a look at this blog-post

I hope that helps ??

Hi. That sounds like a missconfiguration on your webserver. That notice you are refering to only appears on screen if display_errors is set to true in the php.ini-file which should never be the case on a production server.

As it’s a notice everything else should work sa expected and you should again see the login-screen with a mesage stating that an error occured along with the empty login-form.

Due to security resaons a wrong username or a wrong password both result in the same error message as otherwise it would give away whethre the username exists making it easier for an attacker to find valid usernames. That’s called an information leakage.

It that is still a problem I’d really aprechiate a screenshot to go on with debugging.

• This reply was modified 5 years, 8 months ago by heiglandreas.

Good to know that it’s fixed ??

I’ve just released a new version (2.1.1) that properly escapes the filter-values. Would you mind giving that a try?

If you need a different port you have to provide the port like you posted to the LDAP-URI

And yes, you would provide multiple LDAP-URIs one after the other separated by the separator.

Have you URL-Encoded any special characters in the LDAP-URI? Like Spaces or anything not ASCII?

I resolve this then