wpLDAP
wpLDAP is a LDAP/AD authentication plugin for Wordpress 2.0+.
Current Version: 1.02
It uses the famous adLDAP class to do all the dirty LDAP/AD work.
Instructions to Install.
1. Download the file wpLDAP.zip and unzip it in the wp-content/plugins folder in wordpress.
2. Sign in as ‘admin’ and go to options > wpLDAP Options
3. Add the following details
3.1 Domain Controllers: This is the AD server address which the authentication scripts looks for. Multiple entries can be seperated by commas - e.g. looks like 101.11.11.22, my.ldapserver.com, 10.10.10.22
3.2 Base DN for the AD server: e.g looks like CN=Users,DC=domain,DC=com
3.3 Account Suffix: Many a times the usernames are email addresses in systems. This field lets you add the default suffix to usernames when authenticating the user. hence if my username was ashay@domain.com. I can add @domain.com in the suffix field and sign in as ‘ashay’
3.4 Enable LDAP: Lets you activate or de-activate this plugin.
3.5 The last option lets you add a new user in the Wordpress user database so that the admins can have better access control on them through the Wordpress Admin System. The users will still be authenticated through AD/LDAP. The users are added in the wordpress db on first signon and will inherit the default role specified in Wordpress admin Option > General > New User Default Role.
Hope you guys enjoy this plugin!. And do leave you feedback if something doesn’t work or if you need help.
Update: Sorry guys, its ben long since I updated this. I have been busy lately.. (read very busy :)). I am working on a new version with all the wonderful changes people have submitted here. Will update it soon. Thanks!
Japala said,
This is something that I’ve been waiting for long time. Thanks! 
sandy said,
i am using ur plugin , but after authentication from ldap wordpress showing a message ” you don’t have sufficient permission to access this permission ” , any idea , how to resolved it ???
sandy said,
message is - “you don’t have sufficient permission to access this page “
sandy said,
hi ,
i found solution , i haven’t enabled the option “If the user does not exist in the system, create a new WordPress user from LDAP (when they sign in)? ” ,after enabling this option it is working find , but is it possible to allow ldap user to login with out storing its information in wp-user database???
Ashay said,
Hey Sandy,
Do u Successfully Authenticate? . If yes, then its fine. If you are getting the permission errors when you click on ‘Site Admin’, then its working correctly. Since there was no user created in the local database of Wordpress, you cannot goto Site Admin. You will have to enable the ‘”If the user does not exist in the system, create a new WordPress user from LDAP (when they sign in)? ” option for that.
Let me know if you cannot even login.
ashay
Damian said,
Thank you for providing this plugin. I have it installed and configured on my wordpress installation. When attempting to authenticate using AD credentials, I get a blank page. Any ideas? Is there anything i need to add/remove from the wp-config.php file?
Thanks
Damian said,
Before you answer, let me make sure that openLDAP is installed on the server and that LDAP is enabled for PHP.
Bosco said,
Ashay,
I have downloaded your plugin with hopes to put it to use soon. I am waiting on approval of using the open source WP at work (college) to add to our online course tools as well as other things. I have been told that they are anti open source but I am hopeful this project will slide by. I will keep you posted if I am able to put this into action.
Damian said,
Recompiled PHP with LDAP support (by default it is turned off). Your tool has made me a hero!!!
Many thanks!!!
Damian said,
Question, is there a way to limit LDAP searches to a specific OU in AD? For example, if I have two OUs, one called bloggers (ou=bloggers, dc=mydomain, dc=com) and one called spammers (ou=spammers, dc=mydomain, dc=com), is there a way to configure the Base DN so it only looks at the bloggers ou and not the spammers ou?
Ashay said,
Hi Damian,
I think if you just add OU=bloggers in the Base DN, it should work. I cannot try it on my system (as its not organized so well :)) to test it. Let me know if that works.
One other trick that will surely work is to tweak the adLDAP code that comes with this plugin.
search for adLDAP.php in the plugin’s root and goto line 322. it reads
$filter=”samaccountname=”.$username;
append ure OU filter to this and I guess that will work.
Check this for more help.
Let me know what happens.
ashay
LK14 said,
Hi Ashay
For some reaso, wpldap ignores my BaseDN setting:
May 12 15:32:09 huuhaa slapd[7522]: conn=7465 fd=25 ACCEPT from IP=127.0.0.1:39537 (IP=0.0.0.0:389)
May 12 15:32:09 huuhaa slapd[7522]: bind: invalid dn (lk14)
May 12 15:32:09 huuhaa slapd[7522]: conn=7465 op=0 RESULT tag=97 err=34 text=invalid DN
May 12 15:32:09 huuhaa slapd[7522]: conn=7465 op=1 UNBIND
May 12 15:32:09 huuhaa slapd[7522]: conn=7465 fd=25 closed
If I type the whole DN into the WP login box, then it shows up correctly in my slapd.conf. Perhaps we can chat about it over messenger?
Ashay said,
Hey LK14,
could you paste the Base DN in here? or email me (use the email link on top-left).the base DN I use is very simple .. something like (CN=Users,DC=domain,DC=com) and it works for me…
If youre using AD, It would be be good if you replicate the DN settings you use in the AD settings of youre system.
glen schaefer said,
we are using OpenLDAP 2.2 and have added our base DN into wpLDAP but can’t get users in the LDAP directory to login yet (error is : FATAL: AD bind failed. Check the login credentials)
we can search our LDAP directory using anonymous bind ok.
any help welcomed.
Ashay said,
Hi Glen.
Are u using the Account Suffix Option?
if not are u keeping it blank? It would be cool if you could email me the data you are entering for the wpLDAP Options.Make sure the entry for Account Suffix is completely blank (no spaces) if you are not using that option.
Pete said,
Hi, I’m having the same problem as Glen
I’ve set up the var in the adLDAP.php file with my account that hassearch rights but I still get “FATAL: AD bind failed. Check the login credentials.”
Account Suffix is completely blank and the rest is information pulled from other apps that work with the same credentials.
any ideas? if you need more info just email or post.
thanks in advance
Pete
Ashay said,
hey guys
i added some logic to remove the suffix logic. Please download the new version and I guess it will solve your problems.
-ashay
Pete said,
that breaks it with :
Parse error: syntax error, unexpected T_STRING, expecting T_VARIABLE or ‘$’ in /usr/home/it/web/wp-content/plugins/wpLDAP.php on line 158
Kyle said,
When I attempt to activate the plugin on a fresh install of wordpress2.2 i get the following error:
Plugin could not be activated because it triggered a fatal error.
Is something wrong with my install or does this plugin not work on 2.2?
Ashay said,
this is is what happens when u deploy in a hurry.
I have tried to solve the issue now.
please try and let me know.
else I will sit tonite and debug the problem.. sorry for all these issues guys!
Ashay said,
Hey Kyle .. from what I know.. you must be facing a script error which I introduced a few minutes back.. it should work fine now.. please try and let me know.
ashay
Adams said,
Thanks for the plugin for wordpress!
I wonder if you can tell me if there are any other additional attribtuies or tags to be added for the assess to non-anonymous LDAP service for successful LDAP infromation authentication, such as acount /password transmission from your wordpress plugin to LDAP server!
Thanks!
Pete said,
Hi Adams,
I think you can do it with in the adLDAP.php file
Aaron said,
I noticed that when I login with an AD user that isn’t already setup in WordPress that it creates the account successfully… however, it does not pull in the user’s first or last name. Is this a bug, or is it just not setup to do this? How can I get it to do this?
Ashay said,
hey aaron,
currently its not implemented as yet.. I am revamping the script currently and you see that feature implemented in the next release (may be in 1 week).
hope you can wait till then
ashay
Aaron said,
Thanks, Ashay… yes, I have no problem waiting, and thanks for the work on this… this plugin is fantastic!
James said,
Does this work with WordPress 2.2? Having some problems authenticating.
GoodThings2Life said,
James,
I’m running it with WP 2.2 with no problems on a Windows Server 2003 / IIS 6.0 system. I’m PHP 5.1.6, MySQL 5.0.27, and here are my settings:
servername.domain.net
CN=Users,DC=domain,DC=net
@domain.net
Yes
Yes
Make sure that you’ve added the php_ldap.dll to your PHP.INI extensions list.
Joan Zamora said,
Hello, i have this error
Fatal error: Call to undefined function ldap_connect() in /var/www/wordpress/wp-content/plugins/wpldap/adLDAP.php on line 105
Can you help me?
Aaron said,
Joan,
You need to add php_ldap.dll to your php.ini file.
Joan Zamora said,
Ok, thank u, I installed the phpldap library and I don’t have the error, but I still can’t connect to server, I’m using
server.ldap.com
OU=People
@domain.com
Excuse me by my english
adi said,
I successfully installed the ldap pluggin,but I am not able to use it ,we dont use acitive directory,but instead have ibm secureway directory client,would this pluggin work with this client?
I also have installed mediawiki,the ldap pluggin is working fine for me with mediawiki,I am confused as this pluggin has no option for a search attribute?
Aaron said,
Joan,
yourservername.yourdomain.com (or .edu, .net, .org, etc)
CN=Users,DC=yourdomain,DC=com (or other folder if you put your user accounts somewhere besides the default Users folder)
@yourdomain.com
Yes
Yes
Richard said,
Version 1.02 of this plugin works well for me, vs. WordPress 2.1.3, openldap-2.0.27 and php-4.3.2. I have created a patch that does several things:
* Allows for an SSL option to force communication over the ldaps
* Does some copy editing to make the plugin more consistent with other WordPress option screens
* Reorganizes the preferences slightly to make the most important options at the top of the list
You can get this patch here:
http://www.pkrinternet.com/~rbulling/private/wpLDAP-1.02-ssl.patch
I have a few other observations about the plugin:
* The version number in the text of the plugin is 1.00 though it should be 1.02.
* The directory structure has an extra level in it:
$ unzip -l wpLDAP.zip
Archive: wpLDAP.zip
Length Date Time Name
——– —- —- —-
0 05-23-07 10:43 wpLDAP/wpLDAP/
25570 05-23-07 09:19 wpLDAP/wpLDAP/adLDAP.php
236 08-08-06 11:38 wpLDAP/wpLDAP/ldap_auth.css
9505 05-23-07 10:49 wpLDAP/wpLDAP/wpLDAP.php
——– ——-
35311 4 files
Jeff said,
Thanks for putting together this plugin.
Thanks for the SSL patch Richard.
I’m trying to use it with accounts following the posix schema. This means usernames are in the uid attribute. I can’t login with just my username. I found that I can login if I use my full DN. I looked in the source to see how it translates the username to the DN. It looks to me like the authenticate method in adLDAP is just trying to bind with the username variable directly without looking up a DN. However, other comments here suggest that the DN is getting looked up somehow.
I’ll just add a DN lookup to adLDAP’s authenticate method for now, but any suggestions would be appreciated.
Dan said,
Using version 1.02 of the plugin and Wordpress 2.2, the following error is returned when trying to login with an LDAP account:
Error: Could not Authenticate user. Please check credentials
The settings on the wpLDAP page are:
LDAP Server: ldap.domain.com
Base DN: OU=people,DN=domain,DN=com
Account Suffix: (none, also tried with @domain.com)
Enable LDAP? Yes
Create a new Wordpress user from LDAP: Yes
The username and password I entered correspond to the uid: and userPassword: fields in an LDAP entry. Could this error have something to do with connectivity to the LDAP server? Thank you.
kvazqenzgh said,
Hello! Good Site! Thanks you! gsdmmwzdahqssc
Melinda said,
We have Novell eDirectory. I’ve tried my settings every which way I can, and each time I get “could not authenticate user. please check credentials.”
Settings I think should work are
ldap server: xxx.xxx.xxx.xxx
Base DN: ou=users, ou=staff, o=domain,o=edu
suffix: (none)
Enable and create: both yes
Do I need to tweak the code for eDirectory, maybe?
Dan said,
Melinda,
Should the Base DN perhaps be
ou=users,ou=staff,dc=domain,dc=edu ?
I’m getting the same error, which slapd reports as due to an invalid DN. It doesn’t seem to be documented for this plugin against which fields the username and password are authenticated. I’m using a DN of form
uid=, ou=people,dc=domain,dc=com ,
and have the password in a userPassword field (the objectClass is posixAccount).
Robb said,
The wpLDAP link is broken. Anybody have a pointer to a version that’ll work with the current Wordpress (2.2)?
I found a “wpldap” project on Sourceforge, but the files are all 4 years old…
leffe said,
Hi
I really would like to try wpLdap but link is dead
you wanna fix it?
someone said,
Marco said,
WP 2.2.2, openldap, wpldap 1.0.2
Whatever DN i put on the config the authentication is done by using as DN the
instead of cn=login, ou=users, dc=…
That’s funny, but it also prenvent the autenthication from working.
Has anyone already solved the issue?
Marco said,
Ok, solved the DN problem with openldap, BEWARE, it works for me, can’t guarantee
it works for you too.
i’ve modified row #136 of file adLDAP.php shipped with version 1.0.2
the original row is:
$this->_bind = @ldap_bind($this->_conn,$username.$this->_account_suffix,$password);
the new one is:
$this->_bind = @ldap_bind($this->_conn,’uid=’.
$username.$this->_account_suffix.’,’.$this->_base_dn,$password);
(all in the same line)
and i’ve set the base DN as: ou=users,dc=myFavouriteDC
Hope this helps to shed a light.
antonio said,
good hack marco !
zlatan said,
Solved the issue of not retrieving first name, last name, display name data from LDAP (Microsoft Active Directory in my case) …
… basically after a LDAP authenticated user logs in for the first time it will have these details filled in for him together with the username and email.
/// MODIFICATIONS FOLLOW
////
##### modify line 324 in adLDAP.php
//original line:
$fields=array(”samaccountname”,”mail”,”memberof”,”department”,”displayname”,”telephonenumber”,”primarygroupid”); }
// modify to:
$fields=array(”samaccountname”,”mail”,”memberof”,”department”,”sn”,”givenname”,”displayname”,”telephonenumber”,”primarygroupid”); }
#### add following lines to wpLDAP.php between lines 192 and 193
…. original looks like:
$user_id = wp_create_user( $userLogin, $password, $userEmail);
return true;
… modify to following:
$user_id = wp_create_user( $userLogin, $password, $userEmail);
// added code
$user = get_userdata( $user_id );
$user->first_name = apply_filters(’pre_user_first_name’,$userData[0][”givenname”][0]);
$user->last_name = apply_filters(’pre_user_first_name’, $userData[0][”sn”][0]);
$user->display_name = apply_filters(’pre_user_first_name’,$userData[0][”displayname”][0]);
$user_id = wp_update_user( get_object_vars( $user ));
// end added code
return true;
Hope I helped and enjoy !!!
Richard Bullington-McGuire said,
Ashay,
Could you confirm what license your module is distributed under? I assume that since this is a WordPress plugin, and WordPress is licensed under the GPL, that your module would also be licensed under the GPL.
-Richard
Howard Miller said,
I managed to make this work with Novell E-Directory. It came out of tracing how moodle (moodle.org) does it and nicking some code from there. If anybody cares I can supply the details of modified files - howard.miller@udcf.gla.ac.uk
A5Ben said,
Is it possible to control access via group membership?
Ashay said,
yes it is most probably. You might have to edit the adLDAP.php script to do so (wherever it authenticates the user)
WordPress Plugins Database » Plugin Details » WordPress LDAP Authentication said,
[…] Visit […]
iSven » Blog Archiv » en - WP LDAP PW-Change Plugin said,
[…] this is my first WP plugin, I´m still using WP with LDAP authentication via this Plugin. […]
Pablo Catalina said,
I have problems with openLDAP directory and this plugin.
I have the users on the domain sambadarua.org at the Base DN: “ou=people,ou=sambadarua.org,ou=domains,dc=locolandia,dc=net”, so I have a user: “uid=prueba,ou=people,ou=sambadarua.org,ou=domains,dc=locolandia,dc=net”
I set in the preferences of the plugin:
LDAP Server: “127.0.0.1″
Base DN: “ou=people,ou=sambadarua.org,ou=domains,dc=locolandia,dc=net”
Account Suffix: “”
Enable LDAP: Yes
Create WP Accounts: Yes
But when I try to loggin I get this on the slapd debug log:
Oct 3 21:34:07 fastfoot-ng slapd[22817]: connection_get(18)
Oct 3 21:34:07 fastfoot-ng slapd[22817]: bind: invalid dn (prueba)
Oct 3 21:34:07 fastfoot-ng slapd[22817]: send_ldap_result: err=34 matched=”" text=”invalid DN”
Oct 3 21:34:07 fastfoot-ng slapd[22817]: connection_get(18)
I just try with the posible solution at the comment writed by Marco (August 7, 2007 @ 6:45 am), but it doesn’t work.
I see at the logs that it try to bind with the DN prueba, so I try to write into the login form “cn=admin,dc=locolandia,dc=net” (the admintrator) and the password of the admin, and the LDAP query works, but as normaly I can’t loggin without any error, so I think there is a problem with the Bind DN.
Can you help me?
Pablo Catalina said,
( First: Sorry but my english, I speak spanish ; )
Second: Sorry, I changed the line 146 that is similar to the line 136, so the comment of Marco works perfect 
Geoffroy said,
A patch including marco’s and zlatan’s .
Apply this to make openldap work with wpldap 1.0.2 (tested with WP 2.3, OpenLDAP 2.3.x)
Go to wp-content/plugins/wpldap, and
# wget -q -O - http://dgeo.perso.dgeos.net/patch_wpldap_openldap.diff | patch -p1
(with a little more work - 2 more config options - it may work for AD too and be merged for 1.0.3 ?)
Hope this helps
Jesper said,
I am trying to get your plugin to work with windows active directory but I get this error when trying to login: “you don’t have sufficient permission to access this permission”
Now I can’t even log on with my admin password.
Any ideas
Thanks
steph said,
Hellooo .. does it work with wordpress 2.5 ? I really need this plugin working on it…Can someone help me ?
Tomas said,
Hi, yes I would love to use this on WP 2.5.x aswell.
Will it work?
Thanks
-tsl-
Jaswinder said,
It’s now 2.6 version of wordpress. Any plans to update this to work with that?
I’d REALLY REALLY love to use it.
As it is, right now I am using wordpress2.1 JUST so I can use THIS extension.
InXone said,
Is this plugin dead?
Gaurav said,
Hi All,
I installed wpldap on my word press blog application and i have three different LDAP servers so in the configuration of wpldap i entered Domain Controllers value as comma seperated all the three LDAP servers.
And in the base DN i put base dn value for all the three different LDAP servers like below
“DC=us,DC=int,DC=com,DC=india,DC=int,DC=com,DC=uk,DC=int,DC=com”
And i left the suffix field blank because username is not email address , and i have enabled the LDAP authenticated by choosing yes radio button and enabled the add new user if he/she does not exists in the wordpress database.
But when i login with a username and password that exists in the wordpress local database i.e. mysql but not in LDAP Directory then it still allows it to login but it should not validate the user because he/she does not exists in LDAP directory.
When i login with a username/password who exists in the LDAP directory then it does not create new user in the wordpress blog database and shows only invalid username password error message.
Please suggest for the same , i have followed all the read me installation guide.
Thanks
JoshWink.Net » Blog Archive » Soporte LDAP en WordPress 2.x said,
[…] http://old.ashay.org/?page_id=133 Descarga: […]
RSS feed for comments on this post · TrackBack URI
