Stephane Daury (stephdau)

While wpDirAuth is being peer reviewed, I released another plugin I use on my site. ??

https://tekartist.org/labs/wordpress/plugins/wpredirect/

@tabeverly: good luck. Let me know how it goes. ??

@koelly: thanks for the quick note. Glad it can be of use. ??

SVN Rev. #309

Extra error checking and handling tweaks + cleaned up error messages format for easier future localization.

SVN Rev. #308

Added extra security check to make sure only one account is returned during the profile search in wpDirAuth_auth, before returning to wp_login. Better safe than sorry.

Oh, hadn’t refreshed the page before posting my last comment and I missed your added info.

The code I added will only really help if the username we search for anonymously matches the unique identifier defined in the account filter. This actually translates to sentUsername + accountSuffix if setup in the wpDirAuth prefs [optional].

Here’s an example which might help you with part involving locating the user’s profile, whether for dn pre-mapping (added code), or binding:

In what I’ve seen in other php/ldap related code, people seem to default the field on which we try to locate the profile with to samAccountName (hence the default in wpDirAuth), which seems to be assumed to be the same value as the username used to bind with.

In my context, the samAccount is in one form, but the username used to bind (first.last@myDomaincontroller, not full dn) with simple auth actually matches a field named userPrincipalName.

So in my setup, I expect users to enter first.last@myDomainController, leave the Account Suffix pref empty (since we have multiple ones), and set my Account Filter to userPrincipalName.

As an aside, I’m realizing that I need to make sure the added code didn’t open a hole if the anonymous search returns more than one entry, since we ultimately default to entry[0] when returning to wp_login.

The snag I’m hitting with implementing the solution you suggested is that on my side, my dir server won’t let me search without binding… The old chicken and egg thing. ??

Soooo, what I did was to try and couple both approaches.

Since there was already an anonymous bind being performed in the connection pool loop, I’m trying an anonymous search on success, trying to retrieve the targeted user’s full dn.

If the profile is located, user binding is performed with the full dn, or we try the sent username instead.

See lines 363-368 in the updated version available in SVN.

Is that solving it for you?

On another note, could you post details about your setup?
OS, dir server type, ldap configs with “Blah Corp” instead of your company’s info where it matters, etc?

PS: I’m in Montreal, and can only devote time to this in the evening, hence my posting timeframe. ??

Are you by any chance using OpenLDAP?

I wonder if an update to the ldap_bind call similar to the one linked to below would help:
https://ashay.org/?page_id=133#comment-558

I’ll see if it works in AD.

I also just launched a plugin hosting request to https://dev.wp-plugins.org/ so we can get access to svn and Trac project management tools there.

I now added an initial readme file in the subversion repository: https://labs.tekartist.org/wordpress/svn/branches/dev/plugins/wpDirAuth/readme.txt

Based on the standard WordPress readme format: https://codex.www.ads-software.com/Writing_a_Plugin#Readme_File

Hi there,

First, thanks for giving it a shot. ??

I haven’t had time to write the readme yet, so here it goes:

Installation:
– create as follow [wordpress_root]/wp-content/plugins/wpDirAuth/
– drop wpDirAuth.php in the latter directory.
– go to https://[wordpress_install]/wp-admin/plugins.php and activate the plugin
– go to https://[wordpress_install]/wp-admin/options-general.php where you should now see a menu entitled “Directory Auth.”
– click it and it should take you to the plugin admin screen, most likely located at https://[wordpress_install]/wp-admin/options-general.php?page=wpDirAuth.php

I’ve been debating having the menu under the plugin section instead, but also being new to WP, I’m not sure if there are backward compatibility issues and if having the admin tool in the Options section is better. To be debated. ??

In case it comes up, one of the reasons that I’m not using OO on this one is primarily due to the limitations of OO in PHP4, which WP still supports (probably at least for a few more months, until php.net drops their own support of php4 [sched. for around 2008-01-01]).

Let me know how it goes.

After getting in touch in and getting “approval” from its author, I’m attempting to fork off and revive wpLDAP and would like the code to be peer reviewed by other developers before I release my version.

Please see https://www.ads-software.com/support/topic/129814

Thanks for any help I can get. ??

After getting in touch in and getting “approval” from its author, I’m attempting to fork off and revive wpLDAP and would like the code to be peer reviewed by other developers before I release my version.

Please see https://www.ads-software.com/support/topic/129814

Thanks for any help I can get. ??

After getting in touch in and getting “approval” from its author, I’m attempting to fork off and revive wpLDAP and would like the code to be peer reviewed by other developers before I release my version.

Please see https://www.ads-software.com/support/topic/129814

Thanks for any help I can get. ??

@andyk:

There’s a small typo in your code:

if($post->page_type != 'post') {

should be:

if($post->post_type != 'post') {

Thanks for the code though. It helped me figure out my page nav. ??