• Pingback: Simple LDAP Login 1.2 Wordpress Plugin « Clifton Griffin

  • Layne

    Fatal error: Call to undefined function ldap_connect() in C:wampwwwwordpresswp-contentpluginssimple-ldap-loginadLDAP.php on line 157

    Im getting this error, Im 99% sure all my settings are correct, but when i test settings, it returns to a page with settings saved, and the above message. any ideas?

    • http://clifgriffin.com clifgriffin

      It sounds like your installation of PHP does not have LDAP compiled. It may be a simple config file change. See this document for more information: http://us.php.net/manual/en/ldap.installation.php

      Let me know if this takes care of the issue.

      • Josh

        I had this issue too on an Ubuntu Server.
        Installing php5-ldap worked for me:
        sudo apt-get install php5-ldap
        sudo /etc/init.d/apache2 restart

        • http://facebook.com/DustBunnyMafia Dust Bunny Mafia

           This is great, it was just what I needed. Thanks!

    • http://nawelv.com nawelv

      I had this issue too.. If you are using Apache, for example, you must active the ldap extension in php.ini

      ;extension=php_ldap.dll >> extension=php_ldap.dll

  • Fredrik

    Hi Clifton.

    Great plugin! I’ve been looking for something that integrates with AD and doesn’t break XML-RPC. Thanks!

    I have a small problem. AD isn’t username case-sentitive but it seems that your plugin is. Any chance of making it case insensitive?

    • http://clifgriffin.com clifgriffin

      Hi Fredrik,
      I’m glad the plugin works well for you. The case sensitive username issue is not actually an issue with my plugin in this instance. WordPress itself seems to enforce this case sensitivity.

      There are plugins that override this functionality but unfortunately they conflict with my plugin. I will consider adding that as an advanced option, but I’m leary of adding even more features to my “Simple” plugin. :)

  • Ben

    Hi, and thanks for a great plugin.

    I’ve added a small feature to adLDAP to support TLS so that passwords are not sent in the clear; I’ll send the patch upstream and you’re welcome to it too if you like, it’s very simple.

    One thing I’ve hit a problem with. I’m using the feature to create users in a certain group. It works fine except that I’ve asked for new users to be made Authors, but they are being created as Subscribers. A log of what’s going into the userData array supplied to wp_insert_user() shows that ‘role’ is set to ‘Author’ so I’m mystified as to why it’s not working. Any ideas?

    Cheers!

  • Ben

    Small addition to the above; the new user gets created with whatever the default is in the blog’s settings. So I can work around the problem by changing the default to Author, which is fine because this is an intranet blog so everyone can be an author. Still perplexed why your option isn’t working though!

    • http://clifgriffin.com clifgriffin

      Thanks for all of the feedback. I’m perplexed as well. I never tested that option thoroughly because it seemed so obvious and I knew the array I was sending was complete.

      I wonder if there is a case sensitivity problem here or something. I guess I’ll have to look at what is actually going on in the database…what role is being recorded and what it looks like once it is changed.

      TLS support is a good idea. Send me the patch and I’ll include it in future versions. :)

  • Ben

    This seems to be a bug, or incorrect documentation of the API, in WordPress. wp_insert_user() ignores ‘role’ if it’s creating a new account!

    I’ve raised a ticket at http://core.trac.wordpress.org/ticket/9891

    My TLS patch is at https://sourceforge.net/tracker/?func=detail&aid=2794301&group_id=104193&atid=637242

    • http://clifgriffin.com clifgriffin

      I’m releasing a small update to fix the role problem as well as disallow LDAP users from logging in if they are removed from the specified group.

      I decided to not incorporate the TLS patch into this as I’m afraid it could create problems for those who do not have their LDAP installations sufficiently configured.

      I did have one question though: you patched adLDAP but in your patch description you talk about modifying your openldap configs…this makes me think you are using the plugin with OpenLDAP but have the plugin set to Active Directory. Is this true?

      I ask because I was under the impression that adLDAP doesn’t work with OpenLDAP at all. If it does, I’m wondering if I wasted my time creating two binding methods. :)

      Part of the problem is that I don’t have a fully functional OpenLDAP installation to test with. I have thought about setting one up but haven’t followed through yet.

      Any feedback you can give me on this would be great.

    • http://clifgriffin.com clifgriffin

      You can download version 1.3.0.1 here. Warning: it has the original version of adLDAP.

      http://downloads.wordpress.org/plugin/simple-ldap-login.zip

  • Ben

    clifgriffin :
    I’m releasing a small update to fix the role problem as well as disallow LDAP users from logging in if they are removed from the specified group.
    I decided to not incorporate the TLS patch into this as I’m afraid it could create problems for those who do not have their LDAP installations sufficiently configured.

    All you’d need to do is change the initialisation of $_use_tls to false instead of true and it would have no effect unless specifically enabled. TBH I should have set it that way in the patch, I just didn’t spot that I’d left it true until too late!

    I did have one question though: you patched adLDAP but in your patch description you talk about modifying your openldap configs…this makes me think you are using the plugin with OpenLDAP but have the plugin set to Active Directory. Is this true?

    Not quite. I’m using the plugin on Linux, which uses openldap (lowercase) as the client library, configured in /etc/openldap/ldap.conf. But I am authenticating against a Windows Active Directory server, not an OpenLDAP (mixed case) one. Make sense? :)

    I think you are correct that adLDAP is only for talking to AD servers, not OpenLDAP ones, so you do still need your two binding methods.

  • Kurt Cypher

    I just installed Simple LDAP Plugin, and it’s working, to a point. I have it set to automatically create a wordpress account upon successful LDAP authentication, but when I try to login as a valid LDAP user that doesn’t have a wordpress account, I get:
    ERROR: Invalid username.

    However, if I login using a valid LDAP user who DOES have a wordpress account, I get logged in.

    Any ideas?
    Thanks,
    Kurt

    • http://clifgriffin.com clifgriffin

      Are you using OpenLDAP or Active Directory?

      • Kurt Cypher

        We’re currently using openLDAP.

    • http://clifgriffin.com clifgriffin

      One more thought: Have you tried the dev version linked to at the end of this article? I don’t think it will fix any of your problems but the error message might be more useful. (Possibly…if you’re just getting “Invalid username” with no details, it’s hard to say)

      It’s worth a shot though.

      • Kurt Cypher

        I may give that a shot when I get back in the office on Tuesday. It’s certainly worth a shot, if it’ll potentially give a better error message.

  • Nick

    I am using openLDAP and I got the first option to work, that is the default option where the I log into with existing usernames for both wordpress and LDAP.

    However, I am trying to get the second option to work but it keeps throwing me the error message: Invalid username. Simple LDAP Login mode allows account creation but the LDAP credentials provided are incorrect.
    So I am assuming it is the code somewhere between line 108 and 134 for the simple-ldap-login file.

    Any suggestions? I am trying to debug it at the moment, I will let you know if I find something useful.

  • Nick

    Actually, the default option doesn’t seem to be working too great anymore, it seems to only work for one of our accounts “pc01″ but not “pc02″, “pc03″… etc. It just so happened that pc01 worked and I thought it was working.

    • http://clifgriffin.com clifgriffin

      I can’t imagine it working for one account and not another under the first option. I’ve had several reports that the OpenLDAP login code is working well for a few people.

      Can you try downloading the dev version linked to above? It’s version 1.3.0.1 and it’s error messages are a little more instructive. I preemptively added a “location” suffix to them to help with debugging in the future.

      • Nick

        Thanks Clifton, I am pretty sure it was a problem on our end, the openLDAP creating new users also works now that I have upgraded WordPress to the latest version.

        Just wondering if you are considering the option of creating new blogs for the users that authenticate for the first time.

      • Nick

        Also, it seems that the role option doesn’t seem to be working using 1.3.0.1 for our us, everyone created is still a subscriber.

  • Michiel

    Hi there,

    Thanks for the plugin, it seems to work as intended, except for one little thing.
    I’ve got it set to create a user in WP upon successful authentication against AD, but when I try to log in with a valid AD user, I get the following:

    Array ( [user_pass] => [user_login] => Michiel [user_nicename] => Michiel [user_email] => michiel@domain.com [display_name] => Michiel [first_name] => Michiel [last_name] => [role] => Contributor )
    Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 649

    Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 650

    Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 651

    Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 850

    This is using version 1.3 of the plugin, with a completely fresh install WP 2.7.1.
    The odd thing is, after I see the above error messages, when I try to log in with the new user by going back to the login page, it works. The user is actually successfully created it seems.

    Any ideas where these errors come from and how I could fix this?

    Thanks

    • http://clifgriffin.com clifgriffin

      This a weird error message that I have seen randomly with every plugin I’ve written. One of my plugins had this problem because there was a single blank line at the end of the main plugin file. Strange…I know.

      Is this happening every time? Perhaps reinstalling the plugin? (Just replacing the files will work…settings will be saved.)

      You might also try the dev version linked to above, though it’s in a transition stage to implement new features. (Should work though)

      • Michiel

        Yeah, this happens every single time I try to log in with a user who does not exist in the WP user system, but is valid in AD.
        I tried reinstalling it as per your suggestion, but I keep getting the same error. I tried installing it via the new plugin auto-install system, and tried it manually; same result.
        I’ll do some more testing, see if I can find out what the issue is. Thing is, tbh I know jack all about code, I just know what buttosn to press to make stuff happen every now and then :)

        • http://clifgriffin.com clifgriffin

          Thanks for checking back. I’ll take a look at the code and see if I can imagine why this would happen.

          What version of PHP are you using?

          • Michiel

            PHP 5.2, with a pretty vanilla Apache.
            Anything else you might want to know?

            Also, thanks for taking the time to look into this. Much appreciated.

  • Nathan

    Excellent plugin that works as advertized!

    I have worked on this all day with other plugins and was never able to get them to work. Installed this and was connected to AD within 5 minutes. The only reason I didn’t go with yours to begin with is that I need to be able to have users, when created, put into a specific WP role depending on their AD group. Is this a feature that may come in the future?

    Either way, the plugin is excellent!

    • http://clifgriffin.com clifgriffin

      I’m glad it works for you! I had the same experience which is why I wrote it. It seemed like it didn’t have to be so hard.

      I hadn’t considered that possibility but I’ll think about it for future releases.

      Btw, the role setting doesn’t work at all in version 1.3. Download 1.3.0.1 to fix this. (Though it may have other bugs…haven’t gotten the chance to test it fully)

  • Justin

    I’m currently getting an Incorrect Password error when trying to login with a network account. The plugin is currently set for Normal Mode.

    First I entered all the settings that are required.

    I then used the Test Setting box to verify that a username and password in AD can successfully authenticate. I receive the “Congratulations!” message and move forward.

    Using the same name i verified with the test tool, I then created that account WordPress.

    After logging out of my admin user, at the main page I am unable to login using the newly created account.

    I’m not really sure where I went wrong. Any suggestions would be greatly appreciated.

    Thanks!

    Justin

  • http://clifgriffin.com clifgriffin

    That’s strange. Which version are you using?

    • Justin

      Im using the 1.3 Version in WordPress 2.7.1.

      Today is my first time trying to use this Plugin, so I’m not sure if its caused by the way I have things installed.

      I figured if the test tool said that it can authenticate, it should work though. I have tried several accounts in the test tool that are only in AD, and all have authenticated successfully.

      I turned on the Account Creation mode too, and tested an account and got the incorrect password as well.

      • Justin

        Well i tested a few more things tonight.

        First I upgraded XAMPP and created a new dev WordPress directory. The plugin worked correctly in the dev wordpress. Funny thing though is I got the same error message as Michiel above when i created a new user.

        I went back to my other install of WordPress that i was still having problems and removed the plugin, re downloaded it and installed it. I noticed it retained all of the domain information that i entered before. Where is this information being held? Is there anyway i can reset this saved information? Maybe when i entered it in the very first time, i entered something incorrectly and its retaining that incorrect information.

  • Justin

    Justin :
    Funny thing though is I got the same error message as Michiel above when i created a new user.

    I forgot to mention, even after the error it successfully created the user and i was able to login with it. It just gave that nasty error at user creation.

    • Justin

      The theme our Graphic Designer chose for the site is whats causing the issues. I applied the theme to my dev site and the login stopped working. I was still able to use the test tool to authenticate under the admin panel while the theme was active though. Bummer…

      I know its something outside of the plugin causing problems, but at least it might be a reason others are having problems.

      Here is the theme we are using if your curious: http://wordpress.org/extend/themes/atahualpa

      • http://popularfront.com Bobby

        I am having this same problem with the theme I developed. I was wondering if anyone knew of what could be causing themes to break the authentication? The two just seem unrelated.

        • http://popularfront.com Bobby

          I found the issue. The plugin uses the variable $options and it conflicts with a variable used in my custom theme options. Thanks for this awesome plugin!

  • Michiel

    Justin :
    I know its something outside of the plugin causing problems, but at least it might be a reason others are having problems.

    Odd thing is, I’m still using the default theme while trying to implement some of the (to us) more important plugins like this one. I would assume that the default is what it was developed against, or tested on.

    Anyways, I figured the error messages problem out. I had a look at the code for the plugin, and started looking for the line numbers referenced in the error itself. Turns out, the Simple-LDAP-Login.php file on line 99 says the following:

    print_r($userData);

    I found out that the main error itself (Cannot modify header information – Headers already sent by) means that the code for some reason is trying to send data while being told afterwards to redirect you to another page by using a header command. Which makes sense, the plugin tells WP to create a user and log in with it, and then sends that users on his/her way to the dashboard. Long story short, all you have to do is comment out that print_r($userData); line and that should be it. Fixed it for me in any case. Commenting that line out is done by inserting two slashes before the line of code in the Simple-LDAP-Login.php file so it looks like:

    // print_r($userData);

    That’s all folks.

    Oh, and damn you Clif, you made me try and learn to at least understand code now ;)

    • http://clifgriffin.com Clifton Griffin

      Justin,
      I noticed that when I was working on 1.3.0.1…not sure how that slipped by.

      I’m sorry that caused you so many issues! I’m going to do some testing with 1.3.0.1 today and tomorrow and try to fix some of these issues and release the version.

      Thanks for your help!

      • Justin

        No worries, the new features of the plugin are sweet. Thanks for your help and dedication on looking into the issues. = )

  • http://clifgriffin.com Clifton Griffin

    I still haven’t gotten a chance to do a proper review of the code for the next release. I expect to be able to do this either this weekend or sometime next week. Thanks for your patience.

    • http://www.vinodlive.com/ Vinod

      I am getting an error like “Invalid username”. But in the test-panel it is working properly. Not on the Login screen. I am on wordpress 2.8

  • Gaurav Sharma

    Hi Clifton,

    I am using “Simple LDAP Login” for my application which is using wordpress 2.8 , after setting the credentials in the settings tab when i use your testing option at the bottom of the page then it gives me the congratulation message.

    But when i try to login from the frontend after signout from the admin section with valid username/password that exists in LDAP it gives me the error message

    “ERROR: Invalid username. Simple LDAP Login mode allows account creation but the LDAP credentials provided are incorrect.”

    And when i do testing with same username/password it shows congratulation message.

    Please suggest for the same , where i am doing wrong.

    Gaurav

    • http://www.stradeperdute.net Domenico Calojero

      Hi,
      I have the same situation.
      From the control panel it works, but not from the login screen.
      Also with version 1.3.01.

      • http://ardacetin.net Arda Çetin

        I have a same problem too.
        Is there any solutions about that?

        • http://clifgriffin.com clifgriffin

          I haven’t seen this issue before.

          Unfortunately, I don’t have an installation to test with at the moment. (I no longer manage the installation I originally developed this for.)

          I will say that I know a lot of users who are not having this issue.

          Are you guys using the OpenLDAP option or AD?

  • Pingback: Create blog for mxc-ldap plugin

  • Tobias

    Hello there… Just to let you know: I’d really like the TLS feature to be implemented. We have our open ldap servers set up to only accept encrypted connections.

    Anyway, thanks for your hard work.

  • Matt Combs

    I’ve upgraded to version 1.3.0.1 and still can’t get the roles to work correctly. I have it set to create them as Editors but its not settings roles at all. I’m using option 3 to just allow a certain group to log in. Could this be causing something?

    • Matt Combs

      solved my own problem by changing

      ‘role’ => get_option(‘simpleldap_account_type’)

      to

      ‘role’ => strtolower(get_option(‘simpleldap_account_type’))

    • http://cxzcxz.com nocash

      It does appear that the role name needs to be lowercase in order for accounts to be created correctly. When the wp_options simpleldap_account_type value was set to ‘Author’ my users were being created with no role. When I changed it to ‘author’ it appears to work fine.

  • Peter

    This plugin works for me with OpenLDAP& wordpress 2.8.1. I also would like to use the group feature but it currently works for AD but not OpenLDAP. Hope it can be used via OpenLDAP as well soon.

  • Nasir

    I am trying to use this plugin for wordpress. I am confident about the configuration settings, but for some reason it is not passing. Can I get some help here ?
    Test Results:
    Failure. Your settings do not seem to work yet.

  • Nasir

    Forgot to mention: I am using wordpress 2.8.1

  • Nasir

    Nasir :
    I am trying to use this plugin for wordpress. I am confident about the configuration settings, but for some reason it is not passing. Can I get some help here ?
    Test Results:
    Failure. Your settings do not seem to work yet.
    and on login screen:
    ERROR: Invalid username. Simple LDAP Login mode allows account creation but the LDAP credentials provided are incorrect.

  • Tyrel Newton

    I have the beta dev version installed on a wordpress 2.8.2 installation and am attempting to auth user’s against apple’s version of the openldap directory. In my server logs, I was seeing invalid passwords entries even though I knew I was typing the password correctly. It turns out that in the password I was using to test with, there was an apostrophe (‘). So at some point in the login process, the password was being corrupted because it was not sanitized for special PHP characters. I don’t know what the solution to this problem is, but I wanted to throw it out there because maybe there is an easy fix.

    • Tyrel Newton

      Oh, and once I replaced the apostrophe with an underscore, the authentication worked just fine.

    • Ian Altgilbers

      We’ve run into the same issue here… We have had a couple of complaints now with people using apostrophe in their password. This could potentially open the door to some sort of injection attack, if the password is not being properly escaped.

      • http://twitter.com/clifgriffin Clifton Griffin

        I don’t think an injection vulnerability is likely unless one exists in adLDAP itself.

        I’m not really sure what the root cause is here. I’ll see if I can report an issue with adLDAP.

  • Louie

    I implemented the ldap 1.3.0.2 on our system and chose to “Create WordPress account for anyone who successfully authenticates against LDAP.”. Evrytime someone login it creates a username on wordpress. So now I have lots of user with the same username. It is so wierd.

    I am also getting this error on the Admin screen

    “Oddly, your version of PHP doesn’t allow file_get_contents to use URLs. But even more oddly, your browser doesn’t allow frames! I think it’s time for you to consider leaving 1998 in the past.

    “; ?> ”

    I am running windows 2003 with PHP 5.2.6

    • http://clifgriffin.com clifgriffin

      Fixed in 1.3.0.2.1. This is seemingly the day of updates!

      • Beben06

        This plugin seems awesome but i’m using simple LDAP Login 1.4.0.5.1 and i get this error with file_get_contents. WTF ?!

        • Anonymous

          What error are you getting?

          Clifton Griffin
          Wordpress Consultant | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)

          That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

          • Beben06

            Hi,

            My error is:

            Oddly, your version of PHP doesn’t allow file_get_contents to use URLs. But even more oddly, your browser doesn’t allow frames! I think it’s time for you to consider leaving 1998 in the past.(Great joke ;p)
            “; ?> in the frame of the annoucements. But i have the version 1.4.0.1 of your plugin, PHP 5.3.13, i use this in local with wamp2.2 64 bits. I try on a different computer and i have the same error and the connect to the ldap fails… I don’t see anything in the apache log….I’m doing a study about wp-plugin and multisites… and with two others plugins it’s work… I really want to authenticate with your plugin, do you have any ideas?Thanks in advance.

  • Louie

    nevermind I fixed…. It was the case sensisitivity. I converted them to lower….

  • http://www.kentschools.net/ Chris Carman

    Hello! We’re using your plugin for our school district’s upcoming transition to a WordPress-Mu based web site, and it’s working very well so far. LDAP authenticates successfully against our AD server, and everything is going well there.

    The only odd thing is that it only works properly when users log in to the main district blog (i.e., our home page, /) and not when they try to log into their own blog or school blog (e.g. /ccarman or /rhs). When I go to those blogs’ dashboards, I see the default bogus settings for the plugin, which points to mydomain.com etc., so obviously that’s not going to work. Do you know of any way to either:
    A: grab the LDAP settings from the main blog for all other blogs (ideal), or
    B: redirect any requests from /blog/wp-login.php to /wp-login.php, so they don’t get confused.

    I think we can accomplish “B” with themes, but I’d like to do a redirect if possible. Thanks!

    • http://clifgriffin.com Clifton Griffin

      I believe this is because of how WordPress-MU operates. I will investigate the feasibility of having global settings for all blogs and get back with you.

      • http://journals.utoledo.edu Brian

        Any news on using global settings for MU. This would come in handy for me right now….

        • http://clifgriffin.com clifgriffin

          Try putting the plugin in the mu-plugins folder. I think this will enable it globally for all blogs.

  • http://cxzcxz.com nocash

    I was encountering an issue where authentication would fail if the password contained a backslash (or other character that is escaped by whatever is doing the escaping). I had to add the following line to the authenticate method defined at line 197:
    $password = stripslashes($password);

    • http://cxzcxz.com nocash

      I imagine this is the same issue described in comment #52 above.

  • Steve Palm

    QUOTE:
    If you are using Active Directory, you will probably need PHP 5. This is because I’m using adLDAP 3.0 to do my Active Directory integration. As far as I know, the rest of the code should work with PHP 4. It is also possible that the functionality I’m using with adLDAP 3.0 does not depend directly on PHP 5. Your mileage may vary.

    QUESTION:
    I get an error activating the plugin, I only have PHP4. Do I have to do something to turn off the adLDAP stuff? I’m not using it, but apparently it’s trying to load it.

    • http://clifgriffin.com clifgriffin

      There may be other portions that only work in PHP5. What is the error message you get when activating?

      Is there a reason you haven’t gone to 5? Most hosts make it extremely simple to switch between versions.

      • Steve Palm

        It’s an old host that we don’t want to break anything on. :) Not sure what else on there may be affected. Anyway, it is dying on trying to load the adLDAP module. I just was curious if there was a way to turn it off so that it didn’t even try. I’ll poke at it here. The funny thing is that I saw the upgrade come along, and I thought we were using the previous version just fine, but the plugin wouldn’t re-activate. So it seems like something in the most recent update. I’ll post back when i find more.

        • http://clifgriffin.com clifgriffin

          What version were you on before?

          You can always try replacing the adLDAP.php file with an older, PHP4 compatible version from the adLDAP site if you believe that’s the issue.

          • Steve Palm

            Thanks, rolling adLDAP back to v2.1 which supports PHP4 works fine. Since that is only required for those using Active Directory, I wonder if you could change your plugin code to only require it if it was being used. Probably not worth the effort, though. Eventually all these old boxes running PHP4 will die. :)

  • Brian

    Version 1.3.0.2.1 works perfectly with my Active Directory, but version 1.3.0.3 fails with the following error (when testing settings):

    “Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.”

    Any ideas on why the latest version has broken AD authentication?

    • Brian

      Please ignore. I don’t know what happened but after going back and forth between the two versions, it now works?? I will make another note if this occurs again or open a ticket.

      • Brian

        I see now. If the user does not exist in the wordpress database, the authentication TEST fails. This was not the case in 1.3.0.2.1.

        • http://blog.whiking.se jonas

          Did you ever get this plugin to work, with the 1.3.0.3 version, or does the authentication still fail ?

  • Chris

    Hi, firstly, great plugin, thanks.

    I’m wanting to use the
    ‘Create WordPress account for users in specified AD group:’

    Is it possible to check more than one AD user group?

    • http://clifgriffin.com Clifton Griffin

      Thanks, Chris I’m glad you like it. There is currently no way to do this. . I plan to support this type of functionality in the future but have yet to implement it.

      I want to be able to let users link groups to account types and so on, but it will take a bit of work to get there. What I did in my organization was create a group to add all the other groups to. This should get around the problem.

  • Per-Arne Jørgensen

    Hi, tanks for a great plugin! But I have a problem with openldap where I use memberUid instead of memberof. Got this message:
    Warning: Invalid argument supplied for foreach() in simple-ldap-login/Simple-LDAP-Login.php on line 205.

    Do you have any tips?

  • Josh

    There appears to be two problems that I can immediately find which prevents my use of this plugin, unfortunately.

    One, the LOGIN varaible appears to be preset to “uid” and I don’t see anywhere to change that other than editing the code. However, we don’t use “uid,” we use something else.

    Second, it doesn’t look like you are connecting to the server via TLS. This is required by our LDAP server.

    However, I’m still not totally sure if these are the only things that need fixing for it to work for us, because even after I changed uid to what we needed and threw in ldap_start_tls($ldap); into simple-LDAP-login.php, it still doesn’t work, so….

    • http://clifgriffin.com Clifton Griffin

      Hi Josh,
      You are not the first to suggest TLS. I briefly investigated adding it in the past, but without a way to test it and only one user requesting it, I abandoned it.

      For the second, I will have to investigate that as well. I have no encountered a situation like yours.

      I can’t make any promises on when these things will be addressed. At the moment I have no installation (test or otherwise) to test against.

  • Stace

    Your plug in is exactly as advertised: simple and gets the job done. Thanks!

    Lately, I’ve been running it in a WordPress MU installation and that seems to work without issue as well. Only problem is at my end: I have to configure settings for each new blog a user creates. What I’d like to do is configure the settings within the plugin file itself, without any calls or writing to the database. Can you help point me in the right direction?

    Thanks,
    Stace

    • http://clifgriffin.com Clifton Griffin

      Hi Stace,
      If you look in the code for function simpleldap_activation_hook() you’ll see that all of the default settings are declared there.

      If you change these to what you like (should be *fairly* straightforward), any new blogs that activate the plugin should pickup the new settings.

      Because I use add_option, blogs that have already had the plugin activated before will not benefit from this change.

      And, remember, if you do an upgrade in the future, those defaults will be reverted to my defaults (though your settings for existing blogs will be fine).

      I hope this makes sense.

      Clif

      • Stace

        Hi Clif,
        Thanks for the reply! Swapping out the defaults as you mentioned does, indeed, work. But this is all for a K-8 elementary school where everything needs to be locked down. In other words, they will still be able to access the admin panel and mess with settings.

        I think what I’d like to have is no admin panel and nothing writing to the db. I know this is totally NOT what your great piece of code is all about but any chance you could help me get there?

        Thanks,
        Stace

        • http://clifgriffin.com Clifton Griffin

          I’m not sure I understand. The users who need to login shouldn’t have access to the admin panel in any capacity? That seems to defeat the purpose.

          If you don’t want them changing settings you could always set the default role to Subscriber or something incapable of making changes. (But, depending your setup, it is questionable they would even need to login at all if there role would be subscriber)

          Maybe some more information would be helpful.

  • Stace

    Sorry to be confusing. The application is this: setting up WPMU for a specific class project in which each student will create their own website. When a student creates their blog(site), they are, of course, admin. Which is fine, up to a point.

    We want them to have control over most aspects of their site but there are several backend areas I’d like them to stay out of and authentication is one of them. Because we’re a school, we require users to authenticate against our LDAP to get access – using your simple plugin. If the kids can modify it, they will, just to see what happens. So I would like to take out the settings page for the plugin and just configure within the plugin file.

    Does that make sense? I want admins to have some access but not to this.

    Thanks,
    Stace

    • http://clifgriffin.com Clifton Griffin

      I understand now.

      Unless you make them full admins, they won’t see the settings page. Make them Contributor or a more minor role like that.

      The plugin is designed to only let administrators use the admin page.

  • Stace

    OK – thanks!

  • Dessie Lunsford

    Can this plugin be configured for SSO with active directory?
    We’re using an instance of WordPress MU and havent had any luck with any of the other LDAP plugins with passing in the currently logged in users credentials. Can this one auto log-in users?

    Thanks,

    Dez

  • Caleb Jeffery

    I love your plugin! it is simple and straight to the point.

    I do have an issue though and not sure how to resolve it.

    I have setup an internal blog site on our intranet. The thing is is that our intranet is on a wan where we have people on different domains that want to login.

    Your plugin states that it can have mulitple domains but I can’t seem to get this working.
    each of our domains requires a different Base DN
    and after some testing i have discovered the suffix also plays a part.

    Could this be a new feature request or am I missing something?

    Thanks,
    Caleb

  • Pingback: Top 1000 WordPress Plugin Authors « Metode de promovare

  • Phillip

    This plugin is really great, but I’m having one problem implementing it.

    When I navigate to the login page of my blog, an error message appears just above the normal WordPress login box saying, “Error: The username field is empty.” If I then enter my domain credentials in the login box, it will accept them and log me in.

    I’ve traced the error to line 72 of the Simple-LDAP-Login.php file. I can even hard-code a $username and $password value from AD into the file, and it will log me in.

    Any ideas of how I can resolve this?

    Thanks!

    • http://clifgriffin.com Clifton Griffin

      Hi Phillip,
      This is a known issue. (http://traq.clifgriffin.com/simpleldap/ticket/7/) As it does not impede the functionality of the plugin in anyway, I have not spent a lot of time researching/fixing this.

      It will be fixed in the next version though!

      Clif

  • George

    Nice plugin! I’ve gotten it to work with AD (Win2003 R2 SP2) and Linux (Debian) apache2 and php5-ldap, etc. However, I’ve noticed accounts authenticate ONLY IF the Display Name = User Logon Name in the AD. Typically the Display Name is the user’s full name and not the Logon Name. Changing an AD db of users with accounts like this would be a major workaround.

    I noticed this is the case for both login modes “Authenticate WordPress users against LDAP” and “Create WordPress account for anyone who successfully authenticates against LDAP”.

    Any suggestions? Thanks.

  • http://oit.hostos.cuny.edu/socialnetwork Carlos

    I am using Version 1.3.0.3, and have a problem when new blogs get created, the LDAP configuration is empty, and it has to be manually configured. The problem arises when the user needs to login from the blog’s own login page, it does not recognize the LDAP credentials, and gives me an “Incorrect password error”.

    The plugin is activated site-wide, and still does not work

  • Dietmar

    Maybe useful for others (1.3.0.3): If you use OpenLDAP and created your entries with DN “cn=…,ou=…,o=…” be sure to change following line in Simple-LDAP-Login.php:

    define (‘LOGIN’, ‘uid’);

    to

    define (‘LOGIN’, ‘cn’);

    Maybe this should be a configuration option?

  • http://www.glump.net Brendan Kidwell

    I was able to patch this plugin to make it work with my company’s Domino server. Basically, use the OpenLDAP mode and make the following code changes:

    In Simple-LDAP-Login.php, find every
    $ldapbind = @ldap_bind($ldap, LOGIN .’=’ . $username . ‘,’ . BASE_DN, $password);
    and change it to
    $ldapbind = @ldap_bind($ldap, $username, $password);

    And in Simple-LDAP-Login.php find every
    $result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’ [...]
    and change it to
    $result = ldap_search($ldap, $ldapconfig['basedn'], ‘uid=’ . $username);

    YMMV.

    If enough people badger me, maybe I’ll fork the plugin, strip out the Active Directory stuff and just call it “Domino LDAP login” or something like that, and publish the fork.

  • Colleen

    Is is possible to change the LDAP password from within WordPress? If I use the profile page it seems to only change the local user password.

  • Barry

    Should this work if I install php and then install php-ldap.i686 instead of compiling php with ldap support? According to the package descriptions, the php-ldap packages are supposed to add ldap support to php. I ask because I am unfamiliar with compiling.

    • http://clifgriffin.com Clifton Griffin

      Yes.

      Installing php-ldap would be preferable.

  • Kevin

    I have configured the plug-in (v1.3.0.3) to work with our Active Directory, however some accounts are able to login and others are not. In testing the accounts that do not work using the Test Settings, I get the message “Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership”. Is there anyway to debug why one account would work and another won’t? I’m assuming it’s a permissions setting within AD, but not sure what it would be. My Sys Admin says there should be no difference between accounts, is there a way to debug the call to get additional details on what the issue is?

    • Kevin

      Oh, I forgot to mention. I am not limiting access to any specifc AD group. If you can authenticate to AD, it should create the account in WordPress and allow the person in.

    • http://clifgriffin.com Clifton Griffin

      Are all of the users in basically the same Forest/Tree/OU structure?

      Or do you have users that are located at the same level in the directory that one works and the other doesn’t?

  • Barry

    This wouldn’t work for our Active Directory because it does not use a Bind User for authenticating to AD. If this does not work for you you should try the Active Directory plugin, I did get it to work.

    • http://clifgriffin.com Clifton Griffin

      A bind user wouldn’t matter for simple authentication. If you’re using group membership, it will try to bind with the user that’s logging in (I think).

      Is your directory configured to prevent this? (I can’t imagine why this would be true…just asking)

      • Barry

        I think it is default behavior in a Windows domain. I first thought it would bind using the user login also, but that wasn’t the case. At least I couldn’t get it to work. I got a clue when a vendor setting up a different Linux application needed a bind login for there app to do the same. Thx.

        • http://clifgriffin.com Clifton Griffin

          It seems to me that even if an installation is configured so it doesn’t need to bind to read group information, you would still be able to bind to read group information.

  • Carlos

    I am using Version 1.3.0.3, and have a problem when new blogs get created, the LDAP configuration is empty, and it has to be manually configured. The problem arises when the user needs to login from the blog’s own login page, it does not recognize the LDAP credentials, and gives me an “Incorrect password error”.

    The plugin is activated site-wide, and still does not work

    • http://clifgriffin.com Clifton Griffin

      You placed it in the mu-plugins folder?

  • unicast

    Hi! I’m tryin to authenticate via LDAP and got some troubles with my LDAP-tree with many ou-containers.
    In example, i have containers ou=dev,ou=users,dc=examble and dc=com, ou=test,ou=users,dc=examble,dc=com
    BASE_DN ou=users,dc=examble,dc=com
    And authentication fails…
    Here is small patch:

    case “directory_ol”:
    //OpenLDAP create all
    $ldap = ldap_connect(LDAP_HOST, LDAP_PORT)
    or die(“Can’t connect to LDAP server.”);
    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION);
    $ureturn=@ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ‘sn’, ‘givenname’, ‘mail’));
    $uent=@ldap_first_entry($ldap, $ureturn);
    $bn=@ldap_get_dn($ldap, $uent);
    $ldapbind = @ldap_bind($ldap, $bn, $password);
    if ($ldapbind == true)

    case “directory_ol”:
    //OpenLDAP create based on group
    $ldap = ldap_connect(LDAP_HOST, LDAP_PORT)
    or die(“Can’t connect to LDAP server.”);
    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION);
    $ureturn=@ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ‘sn’, ‘givenname’, ‘mail’));
    $uent=@ldap_first_entry($ldap, $ureturn);
    $bn=@ldap_get_dn($ldap, $uent);
    $ldapbind = @ldap_bind($ldap, $bn, $password);
    //$ldapbind = @ldap_bind($ldap, LOGIN .’=’ . $username . ‘,’ . BASE_DN, $password);
    if ($ldapbind == true)

  • http://www.leandrotec.com Leandro Tec Can

    Hi, i have a big problem, when i Active the plugin i can’t see my CSS and Images.

    so my login has a nasty look.

    any ideas?

  • Tony Power

    Hi Clifton, Using the plugin with OpenLDAP, its working fine, WordPress is authenticating against our directory. I have a question about adding some extra functionality to the plugin though, maybe you’ve taken a look at this already. We’re setting up single sign on for a number of things, but initial registration of a user will happen in WordPress. I’d like for WordPress to add an entry to the LDAP directory when a new user is created rather than the other way around. Any ideas? Cheers

    • http://clifgriffin.com Clifton Griffin

      Hi Tony,
      Unfortunately, creating LDAP object is a different ballgame and not something I intend to include.

      If you are familiar with PHP, I encourage you to take a swing at it yourself. The WordPress plugin model is very simple and I think you could make a lot of progress quickly.

      If you have any questions, I’ll do my best to answer them.

      Clif

      • Tony Power

        Cheers Clif, I’ll give that a go, took a brief look and it should be do-able

  • Daniel

    Great plugin! I get an error each time I (or user) tries to get into the dashboard even though they are logged in. “ERROR: The username field is empty.” Any help would be much appreciated. Cheers, Dan

    • Daniel

      Still get this error and I have raised a ticket but get an error when I try to view that too! Any help on this would be great as its causing some fuss with our users. Cheers, Dan

      • http://www.lawweekonline.com James

        I am getting this same error. I can not even get to my dashboard. Can anyone help?

        • http://clifgriffin.com Clifton Griffin

          James, Daniel…sorry I missed these comments.

          I’ll send you guys an e-mail shortly requesting more information.

          • http://DashboardUnavailable Gena

            Hi Clifton,
            I’ve been using your plug-in and it has been working great except for the last 3 months.

            It seems I’m having the same issue as James and Daniel so I’m interested in reading what you shared with them to resolve their issues.

          • http://clifgriffin.com clifgriffin

            Sent you an e-mail. (For others, I don’t remember specifically what was done for this problem.)

  • http://contented.qolc.net Ben Wheeler

    Hi Clif,
    Looks like you’ve been getting a few spams lately. If you’re not already using it I recommend WP-HashCash – this is completely invisible to anyone using a normal browser to add a comment as long as they have javascript enabled, but prevents bots (which generally don’t have js) from adding comments. You can configure it to just put failures in the Moderation queue in case of false positives – I don’t know what the false pos rate is because I don’t get many genuine comments on my sites *sniff* but it has successfully stopped every single spam attempt.

  • Rods

    Hi clif,

    The users created by ldap plugin doesn´t sync with buddypress. How can I do this?
    At this moment all my users doesn´t have an entry in the wp_bp_xprofile_data table.

    • Ian Altgilbers

      I believe the problem is with user_nicename. The buddypress and this plugin have differing views on what that field should be.

      I change this plugin to set the user_nicename to be the same as username and buddypress sprang back to life.

  • Rods

    Hi Clifton, I´m using Simple LDAP with BuddyPress. The authentication goes fine, but the new user created by the plugin doesn´t get an entry in the xprofile’s tables. How can I managed that, since without this, the activity replies doesn´t show properly?

    Thank´s in advance.

  • Benjamin

    I’ve made additions to plugin which allow for connecting through an LDAP proxy with an intermediate user name (required in some environments). Is there a way to get this code to you for possible inclusion in the next version of Simple LDAP?

    • http://clifgriffin.com Clifton Griffin

      Hi Benjamin,
      Thanks for your contribution.

      At this point I’m not spending any development time on this plugin. I have too many other profitable projects I’m managing.

      I do plan to eventually make changes to this plugin, but I think that will mostly be a setup where users can contribute their own various versions of the plugin for others to use.

      Feel free to e-mail me a copy of your changes and I’ll attempt to include them when I make these changes. (Hopefully in the next month or two)

      Clif

      • Benjamin

        Will do. Can you pull the email address from my post and send me your address?

  • James

    Hi Clifton,
    Does the plugin work on WP 3.0? For the account suffix, if i dunt have suffix, would the plugin still work? Thank you!

    james

    • http://clifgriffin.com clifgriffin

      I’m not sure on either of those. I haven’t had a chance to test it.

  • Pingback: » Wordpress LDAP Login Kodo-Dev

  • http://pdpu.ac.in Devang Patel

    Hi

    I have just installed word press 3 on Windows server 2008 32 bit Machine with My Sql ,IIS and PHP 5 with ldap and mysql.

    I have done the procedure described by you for installing simple ldap login by placing it in wp-content and under settings i also done.

    i have several queries,
    does this work for windows server 2008 32 bit Active Directory
    i need to enter domain details in adldap.php and simple-ldap-login.php.
    once i successful the ldap users can post comment only if they login using their username and password.
    I’m very helpful if u reply on my email id

  • Bertrand

    Is there a possibility to bind non anonymously to the ldap server in simpleldap?

    It is common with Active Directory to deny anonymous bind if security is an issue.

    Thanks. B.

  • Chuck Thompson

    Do you have time to look this over and tell me if you think Simple LDAP Login for WordPress will accomplish my goals? I am a complete amateur and not at all skilled in this sort of thing, but if I use your product I will donate. After reviewing what follows please tell me whether you think Simple LDAP will do the trick and also give me an opinion on whether you think a complete amateur will be able to administer it.

    What I’m trying to accomplish is this:
    There are a number of sites to consider – all on the same server.

    The MAIN SITE and all the WordPress SUB-SITES will be WordPress 3.0.
    All registered users will be members of the MAIN SITE.
    Some users will be members of one or more of the WordPress SUB-SITES.
    All registered users of the MAIN SITE will have access to a forum hosted on the PhpBB3 site. PhpBB3 uses MySQL.
    All registered users of the MAIN SITE will have access to the eFront Learning site. eFront uses MySQL. http://www.efrontlearning.net/
    Membership only on the MAIN SITE will give users access to the MAIN SITE, the eFront site and the PhpBB3 site only.
    Membership in any of the SUB-SITES will give users access to that particular SUB-SITE and the MAIN SITE, the eFront Site and the PhpBB3 site.

    I hope I’ve given you everything necessary to advise me, but if you have any questions please do not hesitate to ask and I will get back to you as soon as I can.

    • http://clifgriffin.com Clifton Griffin

      Hi Chuck,
      Sorry for my belated response.

      This plugin can only help you with logging users in. I’m not sure what the plugin schema is for subsites in WP3.0, but I think you can enable the plugin with a different set of settings. So, for instance, you could have it enabled for the main site with a different role and group requirement than for subsites.

      As for providing access to all of the other things, the plugin can’t help there out of the box.

      I’m available for hire if you need a developer to provide some of these changes, so feel free to e-mail me.

      And, let me know if you have any questions.
      Clif

  • http://goodwin.drexel.edu/ Amir

    Hi Clif,
    Why is it that the settings don’t ask for the ldap server? Is it assuming localhost? Is it guessing it based on the Base DN and/or Domain Controller?

    Thanks,
    Amir

    • http://goodwin.drexel.edu/ Amir

      Nevermind – Controller=Server – I misunderstoond the Domain Contoller settings that someone had put in place earlier. Still, I can’t log in because my manager username is a different DN than the Base DN…

  • http://www.johnciacia.com John

    Is it possible to authenticate and create WordPress accounts for users in several groups? For example, I have three groups: Students, Faculty, and Staff. I would like to give Faculty and Staff the ability to login, but not Students. I tried separating groups with commas, but it doesn’t seem to be working.
    *starts looking through the code*

    • http://clifgriffin.com Clifton Griffin

      Not as configured, but I think you should be able to figure out how to make that happen. Especially in version 1.4…should be easy to loop through.

      But, that being said, you still would need to come up with a way to make the permissions different which would be a whole different animal.

      • http://www.johnciacia.com John

        Ok, I will probably be adding this feature. I’ll post it here when I’m done.

  • Ashish Upadhyay

    I have downloaded the Simple LDAP login 1.3 plug-in and uploaded into wordpress plug-in directory, then activate this plug in.

    I have specified the host name of the LDAP server (i.e. IP addrees of the server)

    After doing this when I test the settings, it will show me the following error.

    Fatal error: Call to undefined function ldap_connect() in C:xampphtdocswordpresswp-contentpluginssimple-ldap-loginadLDAP.php on line 157

    Is any body can suggest? I have Domino directory and I want to authenticate user form the Domino directory using LDAP.

    Are the settings specified above mandatory? because
    I have tried it with and with out specifying setting, in both the cases I got the same error.

    Please help.

    Thank you
    Ashish

  • Pingback: LDAP authentication for multi-site WordPress 3.0

  • Oliver Seeliger

    Hi Clif,

    I’ve finally made it to set up all the options correctly. I’m using the Advanced Option ” Create WordPress account for anyone who successfully authenticates against LDAP. ” and when I try to log in an error comes up saying ” Catchable fatal error: Object of class WP_Error could not be converted to string in /var/www/sevencs-intranet-wordpress/wp-includes/formatting.php on line 2772 ”

    When I set up the user name manually before I log in everything works as it should.

    Any idea?

    Thank you.

    I’ am using WP3

    • http://clifgriffin.com Clifton Griffin

      I’ll investigate and get back with you. Thanks.

      • Oliver Seeliger

        Hi again,

        I investigated a bit by myself and found out that the error occurred because *sigh* I had the email address already registered. But, anyway, in this the return value of sll_authenticate() is of type object WP_Error and this raises the fatal error.

        The function wp_insert_user() returns an array containing a useful error message and I think you should pass this message to the frontend.

        So, I got it working for me now and I must say it’s an awesome plugin. Great work.

      • http://www.timothyjcoulter.com Tim Coulter

        Hi Clif,

        First, great plugin. Exactly what I need, and it’s going to be a lifesaver.

        I wanted to say that I’m running into the same problem as Oliver, though I’m not sure why. I’m a newbie to LDAP, and I don’t even have the email schema installed — but it still appears to pop up. I’m going to investigate as well, but displaying the error messages as Oliver says below would be great. Thanks a ton for everything so far!

        • http://clifgriffin.com Clifton Griffin

          Tim,
          I’m still working on a solution to this problem.

          It’s due to a change in the way WordPress’s user creation functions work in WP3.0. I have successfully increased the level of error reporting, but without a firm solution to this problem I am reluctant to release a new version.

          Thanks for your patience,
          Clif

    • Gilad Aharoni

      Thanks, Oliver, for pointing me in the right direction!

      Since, when creating users in my LDAP server, I do not assign any emails to them, I was getting this exact same error after creating the first user, as all the following users were trying to be created with the same email (blank). The solution was to create a string-randomizing function in Simple-LDAP-Login.php, and use it to replace both instances of:
      'user_email' => $userinfo[0][mail][0],
      with:
      'user_email' => genRandomEmail(),

      The wordpress admin can then change the email address if they want to.

      The randomizing string function:


      function genRandomEmail() {
      $length = 10;
      $characters = ’0123456789abcdefghijklmnopqrstuvwxyz’;
      $string = '';
      for ($p = 0; $p < $length; $p++) {
      $string .= $characters[mt_rand(0, strlen($characters))];
      }
      $string = $string."@ChangeMe.com";
      return $string;
      }

      Got this function from:
      http://www.lost-in-code.com/programming/php-code/php-random-string-with-numbers-and-letters/

      All seems to work great now. Would still be helpful if the plugin could display the WP_Error, though.

  • Jordan

    Hi there! I’m running into an error right on activation:

    “Plugin could not be activated because it triggered a fatal error.

    Fatal error: Uncaught exception ‘adLDAPException’ with message ‘No LDAP support for PHP. See: http://www.php.net/ldap‘ in /home/MYDIR/public_html/wp-content/plugins/simple-ldap-login/adLDAP.php:338 Stack trace: #0 /home/MYDIR/public_html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php(60): adLDAP->__construct(Array) #1 /home/MYDIR/public_html/wp-admin/plugins.php(158): include(‘/home/MYDIR/pub…’) #2 /home/MYDIR/public_html/wp-admin/plugins.php(160): plugin_sandbox_scrape(‘simple-ldap-log…’) #3 {main} thrown in /home/MYDIR/public_html/wp-content/plugins/simple-ldap-login/adLDAP.php on line 338″

    Any thoughts?

    • http://www.johnciacia.com John

      That means your PHP install does not support LDAP.

    • Oliver Seeliger

      You have to install and activate the PHP ldap module what is only possible if you have root access to the server.

  • http://www.perinatalconference.com Dwight

    Warning: ldap_search() [function.ldap-search]: Search: No such object in C:inetpubwwwrootwordpresswp-contentpluginssimple-ldap-loginadLDAP.php on line 970

    Warning: ldap_get_entries() expects parameter 2 to be resource, boolean given in C:inetpubwwwrootwordpresswp-contentpluginssimple-ldap-loginadLDAP.php on line 971

    Catchable fatal error: Object of class WP_Error could not be converted to string in C:inetpubwwwrootwordpresswp-includesformatting.php on line 2772

    • http://www.perinatalconference.com Dwight

      This seems to indicate the presence of enabled LDAP module — but I still get above errors

      LDAP Support enabled
      RCS Version $Id: ldap.c 293036 2010-01-03 09:23:27Z sebastian $
      Total Links 0/unlimited
      API Version 3001
      Vendor Name OpenLDAP
      Vendor Version 20319

  • Olivier Roger

    Hello,

    I installed and used your plugin with ease.
    I only encountered a single problem which seems strange to me since the documentation says explicitly the opposite.

    When I enable the plugin, I cannot log with the local ‘admin’ user anymore. I got the message saying the LDAP plugin is enabled.

    Any reason for this ? Anybody experienced the same behavior ?

    Thanks in advance !

    • http://clifgriffin.com Clifton Griffin

      Olivier,
      That is my fault completely. I removed this function because I felt that most people weren’t naming their admin accounts admin and that it probably wasn’t helping anyone.

      Do you need this feature?

      Clif

      • Olivier Roger

        Clif,
        I see your point.
        Still, I think it is a nice feature since not everybody can/want to have a admin user in LDAP for that.

        What would be great would be to have an option to enable this behavior and, eventually, being able to select the user(s) it applies to in the settings. In my case I only need it for ‘admin’.

        Olivier

  • Gustavo Campos

    Hey Clifton!

    Nice work with the plugin, sounds awesome, but I can’t make it work.

    It’s all installed and configured fine, but the users never logon. I enabled Kerberos logging on my Windows 2008 R2 server, and for every request I receive a KDC_ERR_ETYPE_NOTSUPP.

    Microsoft documentation says that it means the client doesn’t have the appropriate Crypthography type and/or key. I already authenticate some sites within this same server, using apache’s mod_auth_kerb.

    I don’t know what else should I check, any help would be much appreciated!

    And keep up the really good work!

  • http://www.sportbrain.it Francesco Martino

    Hello there!
    Everything beautiful, just a question. Every time I set up a new blog, I have to re-configure the plugin in that blog backend.

    Is there any way to propagate the main blog settings, to all newly created ones?

    Regards,

    Francesco

  • http://www.sportbrain.it Francesco Martino

    Hello, I got the answer to my question (see above). It’s a plugin called YD-Network-Wide-Options.

    Now I’m trying to let the users login with their email address (not only username). Any idea about how to do it!?!

  • Scott

    I know i have LDAP configured correctly.
    I feel confident I have PHP setup right for LDAP.
    I turned on debug, and got this during my test auth against AD (along with my failure):

    Notice: Undefined property: WP_Error::$ID in C:wampwwwwp-contentpluginssimple-ldap-loginSimple-LDAP-Login-Admin.php on line 119

  • Eric

    Pretty new to WP. I have a multi-site setup with WP 3.0.1. I do not get the “settings” option on my plugin page. I do get an edit option but some pages (e.g. Simple-LDAP-Login-Admin.php) are “inactive”. Any idea what I’m doing wrong?

  • Ryan

    Is Open LDAP the same as Open Directory? I teach at a high school and have two Xserves that have learned to setup them up over the last couple of years. One is open directory master so the students can authenticate to the network. The other is the Web server for the class page and school newspaper. The sites are running on WP3.0. I want to give the students WP blogs and just base it off their lab logins through open directory. However, it isn’t working, so I wasn’t sure if openLDAP is different from Open Directory. I don’t want to hand create 200 accounts every year. :(

  • Will

    Hello. Great plugin! But fyi, the space you add to user_nicename breaks the author page links. So I flipped

    ‘user_nicename’ => $userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0]

    to

    ‘user_nicename’ => $userinfo[0][givenname][0] . $userinfo[0][sn][0]

    and then the links worked fine.

    thanks again.

    • http://clifgriffin.com Clifton Griffin

      Thanks, Will!

      I’ll make sure this is fixed in the next update. :)

  • http://Internalcompanysitebehindfirewall. Bejal Patel

    How do i set up the TLS. My Site works fine but we are in the mist of eliminating onon-secure LDAP authentication. I have to use TLS. I checked the TLS option but our told me the following one to indicate the attempt to start TLS, one to indicate whether the attempt was successful, and one to indicate which cipher was negotiated.

    Please advice.

  • lexter-groove

    Hello the It service at the company i work for requires the following info to access the LDAP directory (OpenLDAP) but the settings page of the plugin doesn’t have the sane label for every field and some fields are missing like a password…

    Can you help me with the making a link between the seetings if the plugin and the one required by openladap of my company…

    Ldap: ldapauth.company.com

    Base DN : ou=PersonCompany,o=sqli,c=com

    User DN : uid=authappli,o=companyi,c=com

    Port : 389

    password : ******

    • Ian Altgilbers

      We have a similar restriction for users who have “private” LDAP entries… Those entries are only discoverable if the plugin makes an authenticated bind before doing its user search. I hacked the code and hardcoded the password to make it work for us.
      Unfortunately, it seems to have broken as a multi-site plugin… Older versions used to work with WPMU, but the current version only seems to work on the “root blog” in a Network Install.

      Ian

  • http://Internalcompanysitebehindfirewall. Bejal Patel

    How do I set up the TLS setting? My Site works fine currently however my company is in the mist of eliminating unsecure LDAP authentication. I have to use TLS. I checked the TLS option but it does not work as our Admin told me the following: It didn’t work. If it it was secure, you should see the following lines in the transaction, one to indicate the attempt to start TLS, one to indicate whether the attempt was successful, and one to indicate which cipher was negotiated. Is there any other setting that I need to do. Open LDAP has been configured on the server correctly with the security certificate.

    Please Help and advice.
    Kindest Regards
    Bejal

    • http://clifgriffin.com Clifton Griffin

      Are you receiving any error messages?

      TLS is a beta feature…I have no way of testing it myself.

      • http://Internalcompanysitebehindfirewall. Bejal Patel

        No I am not getting an error and funny enough the authentication works however according to our LDAP administrators, the connection is not secured even though TLS is checked in the plug-in setup. He stated that is the TLS was successful he would be able to see if it started, if it was successful and if the cipher was negotiated. So my question to you is apart from checking the TLS checkmark do we have to configure something else on the server etc. We have Open ldap configured 100% with the security certificate.

        Please advice.

  • Bob

    Hi,

    I am trying to use the TLS feature of the simple LDAP plugin and getting the following error.

    Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Connect error in /opt/fedex/webapps/data/dev/wp-content/plugins/simple-ldap-login/adLDAP.php on line 372

    Please help.
    Thanks

    • http://clifgriffin.com Clifton Griffin

      Hi Bob,
      TLS is a beta feature so I’m not 100% sure how to fix this. Were you able to find any solution?

  • Rutger

    Great plugin, compliments!
    I configured it, and users can login with their LDAP-account.
    One question: do users need to login manually (type their username and password)? Because in my situation they do. I can’t find out if this plugin can/should login users automatically.

    • http://clifgriffin.com Clifton Griffin

      Unfortunately, SSO isn’t something I have the ability to support so users will have to enter their username/password.

  • Pat J

    Hi,

    I love the Simple LDAP login plugin. It’s been immensely helpful.

    I’m in a situation, though, where I need to authenticate users that may be in one of several DNs. Is there any way to do this, currently, or am I going to have to modify the plugin?

    • http://clifgriffin.com Clifton Griffin

      I have a Dual LDAP Login plugin that can bridge between 2 domains. Would this be sufficient?

      It isn’t published in the plugin directory, so let me know if you need it. You can e-mail me if you like. clifgriffin[at]gmail.

  • Jim T

    For the good of the order I thought I share my success with using Simple LDAP Login with my Mac OS X Server 10.6 OpenDirectory setup. All that was needed in addition to the documented information on the plugin’s setup page was to prepend the Base DN with CN=users

    Thanks for the plugin, Clifton!

    • Jim T

      I should add that users log in with their shortname, not their Full Name. The user is defined as “Clifton Griffin” with a shortname of “cliftongriffin” — so logging in at the WordPress login page will not work as “Clifton Griffin” but will work as “cliftongriffin”

      The code would have to consult the LDAP database to find the shortname associated with that full name… at present it doesn’t do that.

      • Anonymous

        Yes, that is by design :)

        Glad you got it working!

  • Kaz

    Hi, Great plugin, works really well against our Novell edirectory.

    Slight problem for us though is that we have users in several containers at the same level eg. ou=IT and ou=TREAS. Users who do not exist in the IT container have an alias object in the IT container.

    If we set the base dn to point to the IT container, users with an alias in that container don’t get an error message when logging in but are left at the login screen as if login has failed (ie they do not get the invalid username or password error).
    If we set the base dn to the parent container of the IT and TREAS containers, then nobody can login. Users from the IT container who have previously logged in, get an “incorrect password” error. Users who exist in the IT or TREAS subcontainers who have not previously logged in to WordPress get an “invalid username” message.

    It seems like the ldap is not searching subcontainers???
    Would you also be expecting it to work with aliases?
    Thanks

    • http://clifgriffin.com Clifton Griffin

      Hi Kaz,
      I’ve seen this issue a couple of times before but haven’t found a solid reason/solution.

      Have you tried pointing to just the parent OU that contains both of these child OUs? (if one exists)

      • Kaz

        Hi Cliff, Yes if I point the base dn to the parent container, nobody can login. I think the ldap is not searching subcontainers. Thanks

        • Anonymous

          I would like to figure this issue out eventually, but I don’t have much of a way to test (and very little time for personal development these days).

          Let me know if you found a solution.

  • http://www.activatedcarbonfilter.net Activated Carbon Filter

    Politics is of course very annoying, politicians do annoy me because of their bad performance `*’

  • http://www.ndfilter.net ND Filter

    what matters most is the good deeds that we do on our fellow men, it does not matter what religion you have as long as you do good stuffs ;..

  • Vince Thyng

    I was able to get the plug in working well with an active directory and am trying to change it over to a corporate Tivoli directory server. Since it isn’t working, I’d like to see the commands that are being sent. Is there a log? I haven’t found a way to turn one on for PHP LDAP, and don’t see anything in the apache logs.

    • Anonymous

      I don’t know how to do that either. I developed the non-AD LDAP code pretty much blind as I don’t have a test server.

      I would suggest using WireShark or something similar.

  • Mike

    I was wondering if it is possible to use ldap filters. For example I have a filter something like (&(|(urpsaffiliation=FAC)(urpsaffiliation=STF))(|(urpsemployeestatus=A) (urpsemployeestatus=L) WHRE CAN I PLACE THIS?

    • Anonymous

      I’m not extremely familiar with LDAP filters, sorry. If you look at the code, it’s pretty simple so I think if you know what you want to do you can figure it out. Good luck!

  • http://templetv.net Paul

    I installed Simple LDAP Authentication and configured it properly. Now I cannot log into my site. When I go to the wp-login.php page all I get is a white screen.

    • Anonymous

      I’m thinking that maybe you have the wrong version of PHP installed or something (PHP 5 is required). In any rate, you can rename the folder to “deactivate” the plugin. Once it is deactivated, you can rename it back to the original name.

      Let me know if you find any specific errors in the logs and I’ll see if I can help you.

  • http://staff.iar.org Matthew Brewer

    I love the plug-in! Thanks!

    I’m using P2 theme and when I click an author to view their posts it gives me a 404 page. The url has the persons full name in it so I even tried modifying it to first initial last name and that failed too. Should an author page get created when someone logs in the first time? How can I fix this? Thank you!

    • Anonymous

      I’m not sure, Matthew. I can’t really think of anyway this would break because of something the plugin does…unless it sets one of the profile values in such a way that breaks it?

      Have you been able to find anything?

  • James

    Great plug-in. I have it running on my website currently. One question though. I used to be able to change the author of a page or post, but now only I show up in the available authors list. Any ideas on how to get that functionality back?

    THANKS!

    • Anonymous

      I can’t think of anything that would affect this functionality. My hooks begin and end with the login process.

      Sorry! :)

  • mmihelic

    If I understand the process correctly, the plugin uses an unauthenticated bind to search for the user and then tries to authenticate using the user record it found with the password that was provided by the user.
    Would it not be better to have an option to provide the DN structure? This way you could authenticate the user directly without having to do a search first. I would spare you the time for one bind+search and would make the plugin work with setups that do not allow unauthenticated searches.

    • Anonymous

      This came from a user contribution. I pushed the updates in kind of a rush…your logic makes perfect sense and I should have used more critical thinking.

      I’m going to rollback that portion.

  • Dellantre

    Hi,

    I love this plugin. But i have a little big problem. User can enter any password to login. When i did test setting, it also succeed even my password was different in ldap server.

    How to fix this.

    • Anonymous

      Craptacular.

      I patched some things based on user contribution, but didn’t have a great way to test. I’ll roll back some of yesterday’s changes.

  • alex

    I’ve been running this plugin for some time and it’s amazing. We just figured out that single quotes and double quotes in PW’s are causing failed logins but it appears that the problem exists in adLDAP.php. Has anybody else run into this problem and come up with a fix?

  • Josh

    Great plugin very easy to use and setup. do you know of anyway to add integrated/NTLM authentication to this plugin in addition to forms auth?

  • http://openid-provider.appspot.com/DonChino DonChino

    So what do you do if you lock yourself out? :P

    • Anonymous

      Rename the plugin folder. Refresh. This will deactivate the plugin.
      Rename it back.

  • http://www.facebook.com/anlief Andi Hakim Irhaby

    ———————————-this is my root openLDAP——————————-
    # root, People, politel.edu
    dn: uid=root,ou=People,dc=politel,dc=edu
    uid: root
    cn: root
    objectClass: account
    objectClass: posixAccount
    objectClass: top
    objectClass: shadowAccount
    userPassword:: e2NyeXB0fSQxJFliTTVrcmxhJE1GRXd2emVvN2FpU3V1MjdiNzFrdy8=
    shadowLastChange: 15046
    shadowMin: 0
    shadowMax: 99999
    shadowWarning: 7
    loginShell: /bin/bash
    uidNumber: 0
    gidNumber: 0
    homeDirectory: /root
    gecos: root

    ————————–this is my drupal config———————-
    account suffix : @politel.edu
    LDAP login attribute : uid
    base DN : dc=politel,dc=edu
    Domanin Controller : ldap.politel.edu

    when i try to connect with admin ldap. it’s return:
    Test Results:
    Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.

    OMG, this error message make me crazy.

  • Guest

    Is there a way to use this plugin with a Multisite? I’d like to configure it once for all users and not allow them the option of even seeing the settings.

  • Anonymous

    I’m confused as to how ‘Create WordPress account for users in specified AD group:’ works.

    I’ve entered ‘Intranet_User’ in the field (which has an analogous security group in AD populated with a few users for testing) but users cannot log in with their AD credentials unless I use the ‘auth against AD’ catch-all option.

    Is it something obvious, like I need to put the link to the group as a DN? Other Ideas?

    • clifgriffin

      You should be able to use just the name of the group. It is supposed to check group membership with no more information. I would make sure it is spelled exactly the same, including case.

      Other than that, I’m not sure. Is there anything different about the group?

      • Anonymous

        It is like for like. I’ve even tried trimming its name (both the Group Name & Pre-Win2000 Name) down to just ‘Intranet’ in case the underscore was introducing an issue – no dice. It’s a global security group in a OU higher up the tree than the actual users, so inheritance shouldn’t be an issue.

        It’s not a problem – the ‘Auth against AD’ option works and suits our purpose, as ‘Auth against Group’ would only of really been any use if you could control multiple roles against multiple groups (possible future development? :))

  • Prasannapsp

    Fatal error: Uncaught exception ‘adLDAPException’ with message ‘No LDAP support for PHP. See: http://www.php.net/ldap‘ in C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginadLDAP.php:338 Stack trace: #0 C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginSimple-LDAP-Login.php(60): adLDAP->__construct(Array) #1 C:xampphtdocscosmicblogwp-adminplugins.php(108): include(‘C:xampphtdocs…’) #2 {main} thrown in C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginadLDAP.php on line 338

    • http://twitter.com/clifgriffin Clifton Griffin

      Your PHP installation does not have LDAP enabled/installed. You will need to enable this before proceeding.

  • Robert Conard

    I had Simple LDAP 1.4.0.1 working fine on WP 3.1.1, I upgraded Simple LDAP to version 1.4.0.4 and it worked fine. I then upgrade WP to 3.1.2 and now Simple LDAP is broken. I get an error when testing Simple LDAP with settings that worked before the upgrade. The error is:

    Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership

    I haven’t changed my credentials and they are correct. I have verified that the combination of WP 3.1.2 and Simple LDAP 1.4.0.4 don’t seem to work for my configuration. I can downgrade my Simple LDAP from 1.4.04 to 1.4.01 and it works fine with WP 3.1.2.

    • Anonymous

      Robert,
      Thanks for reporting this.

      Do you use AD or some other LDAP install?

      I made a very small change in 1.4.0.4 that only effects account creation so
      I would suspect the error crept in between 1.4.0.1 and 1.4.0.3. I’ll do a
      diff and see if I can find likely suspects. In the meantime, I’d suggest
      using the older version.

      I apologize for the inconvenience!
      Clif

  • Leandro Fontenla

    Hi Clif,

    Plugin is login fine but i have the following problem, when i set in the Advanced settings to search for a specific group (in this case SYSADMIN) i get this error:

    Warning
    : ldap_search() [
    function.ldap-search
    ]: Search: Bad search filter in
    /mnt/opt/apache-2.2.14/htdocs/wp.www.site.com/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
    on line
    226

    Warning
    : ldap_get_entries() expects parameter 2 to be resource, boolean given in
    /mnt/opt/apache-2.2.14/htdocs/wp.www.site.com/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
    on line
    227

    But the real problem is when i look into openldap logs and i get this:

    May 12 17:10:22 ldap slapd[12539]: conn=2889 fd=74 ACCEPT from IP=10.193.102.66:47644 (IP=0.0.0.0:389)

    May 12 17:10:22 ldap slapd[12539]: connection_get(74)

    May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 BIND dn=”uid=user,ou=People,dc=site,dc=com” method=128

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “uid=lfontenla,ou=people,dc=site,dc=com”

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “uid=lfontenla,ou=people,dc=site,dc=com”

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “cn=sysadmin,ou=policies,dc=site,dc=com”

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “cn=sysadmin,ou=policies,dc=site,dc=com”

    May 12 17:10:22 ldap slapd[12539]: ==> bdb_bind: dn: uid=lfontenla,ou=People,dc=site,dc=com

    May 12 17:10:22 ldap slapd[12539]: => access_allowed: result not in cache (userPassword)

    May 12 17:10:22 ldap slapd[12539]: => access_allowed: auth access to “uid=lfontenla,ou=People,dc=site,dc=com” “userPassword” requested

    May 12 17:10:22 ldap slapd[12539]: => acl_get: [1] attr userPassword

    May 12 17:10:22 ldap slapd[12539]: => acl_mask: access to entry “uid=lfontenla,ou=People,dc=site,dc=com”, attr “userPassword” requested

    May 12 17:10:22 ldap slapd[12539]: => acl_mask: to value by “”, (=0)

    May 12 17:10:22 ldap slapd[12539]: <= check a_dn_pat: self

    May 12 17:10:22 ldap slapd[12539]: <= check a_dn_pat: anonymous

    May 12 17:10:22 ldap slapd[12539]: <= acl_mask: [2] applying auth(=xd) (stop)

    May 12 17:10:22 ldap slapd[12539]: slap_access_allowed: auth access granted by auth(=xd)

    May 12 17:10:22 ldap slapd[12539]: => access_allowed: auth access granted by auth(=xd)

    May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 BIND dn=”uid=lfontenla,ou=People,dc=site,dc=com” mech=SIMPLE ssf=0

    May 12 17:10:22 ldap slapd[12539]: send_ldap_result: err=0 matched=”" text=”"

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “uid=lfontenla,ou=people,dc=site,dc=com”

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “uid=lfontenla,ou=people,dc=site,dc=com”

    May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 RESULT tag=97 err=0 text=

    May 12 17:10:22 ldap slapd[12539]: connection_get(74)

    May 12 17:10:22 ldap slapd[12539]: conn=2889 op=1 UNBIND

    May 12 17:10:22 ldap slapd[12539]: conn=2889 fd=74 closed

    Looking closer the plugin is searching in “cn=sysadmin,ou=policies,dc=site,dc=com”.

    Do you know how to force the plugin search to a specific search ???

    Thanks in advance,

  • Diamnd

    Hi, I’m trying to create WordPress Account for users in Specified AD Group and allways give the following message:

    Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.

    Anybody knows how to do it? Is needed to insert an specific reference or only the name of the AD Group?

    Thanks!

    • Anonymous

      Just the name should work.

      Do you get that message when actually trying to login? (The test settings
      panel isn’t bullet proof)

      • Diamnd

        That message is from the test settings panel… but it works fine if I select “Create WordPress account for anyone who successfully authenticates against LDAP” option…

        • Anonymous

          So do you get the same error when you try logging in with group setting on?

          The best way to do this is to try it in a separate browser. That way you
          don’t accidentally lock yourself out. Let me know what you find.

  • Simonjday

    Hi

    Are there any known issues with the plugin and WP 3.2  as i would like to upgrade my site to WP 3.2 and use your ldap login plugin a lot

    Thanks

    • Anonymous

      I have not tested it. I will say WordPress is very good at maintaining
      compatibility across versions so I would be pretty surprise of there were
      issues.

      I have seen no compatibility issues with other plugins as of yet.

      I welcome feedback as I don’t have a great way to test.

  • David Rogers

    I have just installed a new version of WP and upgraded it to latest version. Installed Simple LDAP login 1.4.0.01. I am using AD to authenicate and create WP users. I have set my base DN to be DC=bhs,DC=local and can log in with my account which is in this context. I have users who are in other contexts coming off this base DN, like ou=staff,DC=bhs,DC=local. These users are not able to log in either through the test panel or on the site itself. Will this plugin search subcontexts? If not, how do I specify multiple contexts? Separating with ; does not seem to work.
    I am surprised that I do not need to specify a username and password for authentication with this as I do with other LDAP authentication systems.

  • http://twitter.com/svrooij Stephan van Rooij 

    Really like your plugin.

    I’m developing a plugin that with use wordpress with single sign on behind microsoft isa server. This will use your plugin for authentication, and an this new plugin to get every user logged in.

    More on this soon….

  • Francisco

    Dear Clif: I communicate from Tierra del Fuego, Ushuaia, Argentina, use your plugin for the intranet of the Government of the province is working great and we are grateful. my question would be:
    how to make once logged rather than redirect you to the back end will be redirected to the front end.
    thank you very much for your time.

  • Francisco

    Dear Clif: I communicate from Tierra del Fuego, Ushuaia, Argentina, use your plugin for the intranet of the Government of the province is working great and we are grateful. my question would be:
    how to make once logged rather than redirect you to the back end will be redirected to the front end.
    thank you very much for your time.

  • http://www.facebook.com/profile.php?id=1282241432 Michael Ray Whittenburg

    Is it possible to have the LDAP department field come into a custom field I created in the wordpress user table?

    I have added the user_market into the wp_insert_user statement, but it doesn’t seem to be filling out the field in the table, you got any thoughts?
    function sll_create_wp_user($username)
    {
    global $ldap, $adldap;
    $result = 0;

    switch(get_option(‘simpleldap_directory_type’))
    {
    case “directory_ad”:
    $userinfo = $adldap->user_info($username, array(“samaccountname”,”givenname”,”sn”,”mail”,”department”));
    //Create WP account
    $userData = array(
    ‘user_pass’     => microtime(),
    ‘user_login’    => $userinfo[0][samaccountname][0],
    ‘user_nicename’ => sanitize_title($userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0]),
    ‘user_email’    => $userinfo[0][mail][0],
    ‘user_market’ => $userinfo[0][department][0],
    ‘display_name’  => $userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0],
    ‘first_name’    => $userinfo[0][givenname][0],
    ‘last_name’     => $userinfo[0][sn][0],
    ‘role’ => strtolower(get_option(‘simpleldap_account_type’))
    );

    $result = wp_insert_user($userData); 
    break;

    case “directory_ol”:
    if($ldap == null) {return false;}
    $result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ‘sn’, ‘givenname’, ‘mail’, ‘department’));
    $ldapuser = ldap_get_entries($ldap, $result);

    if ($ldapuser['count'] == 1) {
    //Create user using wp standard include
    $userData = array(
    ‘user_pass’     => microtime(),
    ‘user_login’    => $ldapuser[0][LOGIN][0],
    ‘user_nicename’ => sanitize_title($ldapuser[0]['givenname'][0].’ ‘.$ldapuser[0]['sn'][0]),
    ‘user_email’    => $ldapuser[0]['mail'][0],
    ‘user_market’ => $ldapuser[0]['department'][0],
    ‘display_name’  => $ldapuser[0]['givenname'][0].’ ‘.$ldapuser[0]['sn'][0],
    ‘first_name’    => $ldapuser[0]['givenname'][0],
    ‘last_name’     => $ldapuser[0]['sn'][0],
    ‘role’ => strtolower(get_option(‘simpleldap_account_type’))
    );

    //Get ID of new user

    $result = wp_insert_user($userData);
    }
    break;
    }

    return $result;
    }

    • Anonymous

      Do you mean you added a column to the wp_users table?

      • http://www.facebook.com/profile.php?id=1282241432 Michael Ray Whittenburg

        Yep

        • Anonymous

          I have never heard of such a technique…and I’m nearly positive it isn’t designed to work that way.

          I know there are ways to add information to a user’s profile but I’m not personally familiar with them. From your modification, it looks like you have the right idea though and it shouldn’t be too hard to do once you find the correct method.

          • http://www.facebook.com/profile.php?id=1282241432 Michael Ray Whittenburg

            and im just trying to bounce ideas off you, but how would you have gone about it? if you needed to capture the department of a new user…would you try and store it in the wp_usermeta table instead?

  • Victor Gatnicki

    Hi,

    I found a little bit of a bug with OpenLDAP. In file Simple-LDAP-Login.php if the LDAP search returns more than 1 item in the sll_create_wp_user method ADD USER fails.

    To fix this change: 
    if ($ldapuser['count'] == 1) {
    TO
    if ($ldapuser['count'] > 0) {

  • http://twitter.com/hoisc Christian Hois

    I  use your plugin. Is great but  i have the following urgent questions:

    *  I want to connect ala SSO against MS AD with my PC (Windows 7 Login) without the  need to  login in word press too. this is a overhead which my userns in the intranet not want.  Option 1:

    Authenticate WordPress users against LDAP. I will create the accounts in
    wordpress myself. (default)
    does not provide this functionality SSO.  how is this possibly?
    * how can i make user ldap login happend automatically without
    the need to login in wordpress  twice.  windows login account name should be used and connect automaticall. 
    * Can i connect automatically to LDAP without the neccisarity to  create a wordpress account too. is connecting againt LDAP and only using the account data from MS AD not enough . or is it neccessary to create a wordpress account too?
    * do you know an other plugin solution which solves my SSO problems?

    thx for your answer
    Chris
    from Austria, Linz

    • Monandra

      I have this problem too. Do you have the answers for this question?

      Thanks!
      Monica
      from Brasil

  • Subversive

    Hi, I’m having trouble getting the plugin to activate. I get the error: “Fatal error: Cannot redeclare class adLDAPException in
    C:inetpubwwwrootmysitewp-contentpluginssimple-ldap-loginadLDAP.php
    on line 2411″

    If I comment out that line, then I get the same error, but on a different line. If I comment out that line, then the error changes completely, it seems I’m just digging deeper. Would appreciate any suggestions. Thanks.

  • todopoj

    Hey Clif,
    Your plugins works really well with WP3.2.1 with just one exception.
    Once the plugin is activated it gets the users from AD just fine. But, then, none of the original wp users are able to log in.

    Keep getting this error:
    Simple LDAP Login Error: adLDAP may have errored. Message: Invalid credentials

    No shake either, like that for invalid credentials.

    Help is deeply appreciated.

    • http://twitter.com/hoisc Christian Hois

      Ich bin am 28.11.2011 wieder im Office erreichbar.
      Mfg EDV AK OÖ, Mag. Christian Hois

    • Anonymous

      If you turn security mode to low, wp users can login. Otherwise LDAP is enforced.

      • http://twitter.com/hoisc Christian Hois

        Ich bin am 28.11.2011 wieder im Office erreichbar.
        Mfg EDV AK OÖ, Mag. Christian Hois

      • todopoj

        Wow ! That was quick.

        I just tried it and it worked. I don’t know why id did not work earlier.

        Thanks a ton.

        • http://twitter.com/hoisc Christian Hois

          Ich bin am 28.11.2011 wieder im Office erreichbar.
          Mfg EDV AK OÖ, Mag. Christian Hois

  • Hois Christian

    i installed the plugin  and when i wanted to login i got the error:
    Test Results:
    Failure. Your settings do not seem to work yet or the
    credentials are either wrong or have insufficient group membership.

    i marked: LOW Mode as mentioned in other comments but it doesnt work.
    BUT: i have an simple LDAP_TEST.php script which works fine . there LDAP PHO Module works fine.
    why not your plugin. 

    please help
    Christian

    • Anonymous

      Hi Christian,

      Open another browser and try logging in. Set it to high security mode first. You should get a better error message.

      Clif

      • http://twitter.com/hoisc Christian Hois

        I use IE9.
        Set it to high security mode first. where  to do it?
        which other browser?  where to confugure high security mode ?

        thx

        • Anonymous

          In the plugin settings, set it to use High Security mode.

          Then, open a different browser. If you usually use IE9, open Chrome or Firefox. Then try logging in. See if it gives you a different error.
          The test form in the settings doesn’t always give great errors.

  • Hois Christian

    i tested it in crome  and set  plugin mode =  HIGH.
    same error :
    Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.

  • http://twitter.com/hoisc Christian Hois

    Hi

    Thx for your Tipp . now it works fine.

    One Question: I  want that all automatically created User accounts do not have the option “show admin menu” under the personal settings enabled. how can i control this?  can you give me a tipp how WordPress control this and where you rely on this settings and how can i overrule the default role settings of an user profile settings?

    thx su much for your tips and comments.

    Nice greatings from Austria
    Chris

  • Lnlau

    Hi guys,

    Does anyone know if this plugin work with AD LDS?
    I encountered failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership when I tried to test out.
    Please help.

  • Kevin

    Latest update causing weird issues where admin logins using IE and Safari show blank white screens or Error 500.  Chrome seems to work fine.  

    • Kevin

      This is actually happening for the original ADMIN account only.  All my LDAP users are logging just fine.

      • Anonymous

        Hi Kevin,

        The admin account only has problems in Chrome?

        Also, did you upgrade from 1.4.0.4?

        Sorry you’re having problems!
        Clif

        • Kevin

          I thought it was just the admin account but I have staff now reporting issues on my sub blogs.  They are using IE.  When the issues started, last night after I updated to the latest version, IE and safari would not login using the local admin account.  Chrome would work.  I disabled the plugin and everything started working.  

          I reloaded the plugin from scratch and that did not solve the issue.  I thought I was fine though because Chrome worked.  Now even Chrome doesn’t work.  Not sure what I’m going to do now.  

          • Anonymous

            Hi Kevin,

            I highly suggest you roll back to 1.4.0.4 until I figure this out. Sorry for screwing up your site. :-/

            Clif

          • Kevin

            Couldn’t find that version but installed 1.4.0.1 and things are back to normal now.  Thanks.  

          • Anonymous
          • Kevin

            Thanks for all your work on this.  It’s a great plugin.  :-)

          • Anonymous

            Hi Kevin, I just uploaded 1.4.0.5.1 that I think fixes the problem. My mistake was updating adLDAP and assuming it was backwards compatible as previous versions have been. My apologies. Let me know if this version has issues.

          • Kevin

            So far so good!  :-)

  • Adam

    We were having problems with users who had a password that included a single quote.  It seems there is a need for:
    $password = stripslashes($password); in the authenticate function. 

  • Phil

    I was able to get your plugin without much effort, thanks! I had one quick question: If I change the password for an AD user that already exists in wordpress, is there a way to automatically update the wordpress password on a new login? thanks!

    • Anonymous

      Hi Phil,
      Simple LDAP will use whatever the LDAP password is. The WordPress password isn’t modified.

      Clif

      • http://twitter.com/hoisc Christian Hois

        Ich bin am 4.1.2012 wieder im Office erreichbar.
        Mfg EDV AK OÖ, Mag. Christian Hois

  • Jens Vieler

    Is there a way to ask two different ldap-servers in chain, if the first is out of order?

    • Joe Murphy

      I have the same question. Any thoughts?

      • Anonymous

        Hi Joe,

        It isn’t possible at the moment. I believe it selects the Domain Controller randomly.

        I think it could probably be accomplished without a ton of effort, but it would definitely take a lot of testing. Unfortunately, I’m not setup to implement such a change at the moment.

        Clif

  • Chris

    I am getting an error.
    Simple LDAP Login Error: LDAP credentials
    are correct and user creation is allowed but an error occurred creating the user
    in WordPress. Actual WordPress error: Cannot create a user with an empty login
    name.Everything works ok if I manually add the network id to the users id. What is causing it not to pass the username? I suspect it’s a setting on the AD server

  • http://profile.yahoo.com/6KSGX32XSHJCYILHVBZCBYJBJI Elvina

    this plugin allows subscribers to view the LDAP settings !!!!!
    ridiculous low level of security.

    • Anonymous

      Elvina,

      This is the first I’ve heard of this. The call to add the options page requires a level 10 user. This is a deprecated way of adding an options page, but it still works.

      You sure this this happening? How are you accessing the page from the subscriber role?

      Clif

      • elvina

        Hi Cliff,
        I had it set up so that everyone needed to login to view our site, LDAP users were made subscribers. When they logged in, the wordpress dashboard shows them their profile and your plugin settings page. (using wordpress 3.2)

        i changed this line
        function simpleldap_admin_actions()
        {
            add_options_page(“Simple LDAP Login”, “Simple LDAP Login”, 10, “simple-ldap-login”, “simpleldap_menu”);

        }

        to:

        function simpleldap_admin_actions()
        {
            add_options_page(“Simple LDAP Login”, “Simple LDAP Login”, ‘install_plugins’, “simple-ldap-login”, “simpleldap_menu”);

        }
        and now it doesn’t show.

        cheers

  • msuzer

    Hi all,

    I used the plugin today for my wordpress blog against OpenLDAP. I want to contribute as I solved some problems for my installation.first: in openLDAP setups, usually, BASE_DN looks like: ou=users,dc=example,dc=com, so if someone miss ou part, it will not work.second: once you add ou=users, then the group authentication will fail. then you have to tweak the code in the main php file as: //$result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(‘cn’));
    $result = ldap_search($ldap, “ou=groups,dc=example,dc=com”, “memberuid=$username”, array(‘cn’));please note another change as “memberuid=$username”.I am not an expert, but these changes may hopefully help someone to make the setup work. And Clif may find these suggestions helpful to update the plugin.
    Thanks to Clif for this handy plugin.

    • http://pulse.yahoo.com/_QNVN5OBG5HO6GRRMEC54MPRAEA Not Steve Jobs

      This worked for me, thank you msuzer. 

      Clif, I noticed that in some of the older versions in svn… it looked like you were working on adding the group suffix and group member attribute as settings that can be changed.  Is that on the road map at all?

      Thanks for making this great plugin available!

  • Cariberecord

    Saludos, este pluing funciona como SSO, es decir que al registrarme en mi pagina me registre también en otro servidor? hay alguna documentación al respecto?  gracias. 

  • Tony

     Is there any way to automatically create all LDAP users in wordpress without them having to log in first? Maybe a script that would add users who aren’t already added and remove users who are no longer in LDAP?

    • Anonymous

      There is no way to do that and I can’t think of an easy way to add it.

      Clifton H. Griffin
      me@clifgriffin.com | 434.229.2474 | @clifgriffin

      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes Sent with Sparrow (http://www.sparrowmailapp.com/?sig)

  • Anonymous

    Help!  I updated to  1.4.0.5.1 and the AD stuff works fine but I can’t log in as a local admin.  I need to log in as a local wordpress admin so I can access more options within wordpress for administration.  All the AD authenticated users can only write posts and read their drafts.

    Luckily I ran this on my wptest directory and database.  Its not affecting production, but I need a plan for when I do decide to upgrade production.

    The username should be admin and I put in the proper password and get:
    Simple LDAP Login Error: adLDAP may have errored. Message: Invalid credentials 

    • Anonymous

      I e-mailed you.

      For others: The simplest way to disable a plugin when you can’t get into WordPress Admin is to rename the plugin directory in wp-content/plugins/.
      Simple LDAP Login allows the user account with user ID 0 to login without going through LDAP. That account should always be the original admin account setup (though admin may not be the username obviously).

  • xeiran

    Great plugin, 1.4.0.5.1 even works with the latest 3.4.1 WordPress.  That said, login is still manual, even if authenticated against AD.  About a year ago Maartin Balliauw used your code to come up with a limited way to do single sign-on based on your code (only works if using IE), and posted his code on his blog at http://blog.maartenballiauw.be/post/2011/05/04/Wordpress-auto-sign-on-with-IIS7-and-a-plugin.aspx.

    Don’t know the social protocols to this, but would it be possible to integrate his code into yours?  His code works great, but when it creates a new user it simply fills in all the user fields with $username, as opposed to your code which goes to more trouble to fill in first and last name and such.  It would be great to see the functionality of both in the same plugin, especially since one is based on the other.

  • Jurgen Weber

    I could use some help. I am using wp 3.4.1 and ldap login 1.4.0.1. Using OpenLDAP.

    I have the correct settings, as far as I can tell but it does not auth. 

    Firstly, what is the account suffix option? is that just an AD thing?

    I need the login attribute to be uid, but as far as I can tell with my bad php it does not search for uid?

    $result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(‘cn’)); $ldapgroups = ldap_get_entries($ldap, $result);

    What is the ldapgroups? I do not want it to check any groups. Just search the base dn for the uid, if it is successful, it logs in.

    Thanks

    • Jurgen Weber

      re reading this, you say 

      //Ok, we should have the user, all the info, including which groups he is a member of.  //Now let’s make sure he’s in the right group before proceeding.

      but what group are you looking for?

      • Jurgen Weber

        alright, I have it working. I worked it out.. I assumed you “searched” for the bind dn, but then you would need an admin. 

        With the Base DN you have in options, you want the full user DN.I have multiple companies over different DN’s, so I can only let one DN to login.a little bit limited, but I get it. ;)

        features requests:

        allow a user which has unlimited read so you can use a search to find the user.

  • Wrobinson

    Hello I tried to add your plugin to my WordPress site by it does not work? I am hosting my site on bluehost.com, but not on a dedicated server or IP address. Does your plugin need to be able to use the hosting companies port 389. Is there a command I can use to test if it is my hosting company. LDAP is working for all our other services.

    • Wrobinson

      Here is the error:

      Fatal error: Uncaught exception ‘adLDAPException’ with message
      ‘No LDAP support for PHP. See: http://www.php.net/ldap‘ in
      /homepages/42/d404026612/htdocs/staging/wp-content/plugins/simple-ldap-login/adLDAP.php:338
      Stack
      trace:
      #0
      /homepages/42/d404026612/htdocs/staging/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php(60):
      adLDAP->__construct(Array)
      #1 /homepages/42/d404026612/htdocs/staging/wp-admin/plugins.php(142):
      include(‘/homepages/42/d…’)
      #2 /homepages/42/d404026612/htdocs/staging/wp-admin/plugins.php(144):
      plugin_sandbox_scrape(‘simple-ldap-log…’)
      #3
      /homepages/42/d404026612/htdocs/staging/wp-admin/network/plugins.php(16):
      require(‘/homepages/42/d…’)
      #4 {main}
      thrown in /homepages/42/d404026612/htdocs/staging/wp-content/plugins/simple-ldap-login/adLDAP.php on line 338

      • BrettM

        As your error message says, LDAP support is not enabled in your particular version of PHP, and it must be in order for this to work.  If this is a windows server you can have your hosting company enable it by adding “extension=php_ldap.dll” to the bottom of the php.ini file.  If it is a linux distro, PHP must be compiled with LDAP enabled.

        • Wrobinson

           The hosting environment is a LAMP. How do I compile PHP with LDAP enabled? Is this something I would do or the hosting company would have to?

  • Tony

    When you are on the “Users” page of a single site or in the multisite network admin (where you can browse through all of your users) and you click the “Add New” button at the top of this page, it redirects you to user-new.php which is the standard wordpress ‘add new user’ page.

    I feel that button should send you to the Simple LDAP plugin page instead so that site admins don’t accidentally add local WP users to their site. Any way to change where that “Add New” button directs you?

    The rest of the “Add User” buttons on the menu bar send you to the correct Simple LDAP add user page so I think this may be a bug/oversight.

    Thanks for the great plugin!

  • Vanavah

    I am looking to buy a plugin that would allow me to authenticate and auto-login users into word press by passing the login credentials.  Does your plugin do that?

  • Obloochi

    I have one ladp server configured ans i have added 10 users. I am using sample ldap login plugin for logging in to wordpress. What i am trying to do is, i need only 5 out of 10 users to login to the wordpress. Other 5 won’t be having access to wordpress. How can i achieve this?
    thanks in advance….

     

    • Anonymous

      You can limit by group membership. I’d put them in a separate group.


      Clifton H. Griffin
      me@clifgriffin.com | 434.229.2474 | @clifgriffin

      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes Sent with Sparrow (http://www.sparrowmailapp.com/?sig)

  • Antoin Currie

     Hi,

    Does this work with wordpress version 3.4?

    • Anonymous

      It should!


      Clifton H. Griffin
      me@clifgriffin.com | 434.229.2474 | @clifgriffin

      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes Sent with Sparrow (http://www.sparrowmailapp.com/?sig)

  • navdeep bagga

    From where should I add ldap group and ldap group members through simple ldap login page?

  • Anonymous

    I want to now get this to work with secure ldap.  We moved domain controllers to 2008 R2 and now through group policy want to enforce secure ldap binds first (refuse cleartext).  Clear text ldap binds are a security concern because they are susceptible to replay attacks.  We want to go ldaps (secured).  Domain trust certificate is installed via domain autoenrollment and I think I need to install a certificate on the wordpress box as part of this. I tried simply using the Use TLS checkbox in this plugin but it just hangs.  I was reading here how to get Apache to work with ldap and further down is Configuring secure LDAP : LDAPS http://www.frank4dd.com/howto/apache/apache-ldap-active-directory.htm  I did verify secure LDAP is working on our servers through a Microsoft resource utility ldp.exe.  Secure LDAP uses port 636 or 3269.

    Thanks for any input you may have!

  • http://www.facebook.com/mbnoimi محمد بشير النعيمي

    I’m using version (1.4.0.5.1) but it didn’t work although OpenLDAP works fine!
    I tried a lot but I gave up so I need your help.

    Here you can Simple LDAP Login configurations:
    http://i.imgur.com/efsuGzN.png

    And OpenLDAP configurations:
    http://i.imgur.com/oixeFqA.png

    /etc/ldap.conf
    http://pastebin.com/WtMqayYD

    /etc/hosts
    http://pastebin.com/21NC0xG2

    OS: ubuntu 12.10 64 bit
    WP: 3.5.0

    • clifgriffin

      Hi,

      The most important thing to test is that your WordPress site can reach your LDAP domain controller on the correct port (389 I believe).
      Clif

      Clifton Griffin
      Wordpress Consultant | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)

      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

      • http://www.facebook.com/mbnoimi محمد بشير النعيمي

        how can I be sure that my wordpress site reaches my LDAP domain?

        PS
        Don’t forget that phpLDAPAdmin can controls my LDAP server perfectly (as mentioned in this pic. http://i.imgur.com/oixeFqA.png )

      • http://www.facebook.com/mbnoimi محمد بشير النعيمي

        Any help guys :(

  • phearism

    I’ve just installed php 5.3.24 with ldap enabled (this is confirmed through phpinfo and I’ve checked in php.ini). I’ve then installed wordpress 3.5.1 (windows 2008). Both fresh installations.

    The issue is when trying to activate simple ldap login I’m still getting the ‘no ldap support for php’ error.

    After seeing a post about IIS being funny I have copied libeay32.dll and ssleay32.dll from c:/php into windows/system32 and restarted IIS. I’ve also checked PHPRC is in the environmental variables and pointing to the right place.

    Any ideas why it wont recognise that ldap is enabled? Have I missed something?

    Thanks in advance for any help and advice!

    • clifgriffin

      I’m not sure. It’s possible that adLDAP needs to be updated to work with PHP 5.3, though I’d assume I’d have heard more issues if this were the case. Please let me know if you find a solution.

  • http://www.facebook.com/Sem03 Alberto Obi-Wan Ingrao

    Hi all,
    i’ve fixed problem with authentication.
    the problem is solved with change authentication level from 2 to 3 in the files.
    maybe it’s best pratice have this possibility setting in the admin interface in next release.

    • clifgriffin

      Can you show me your code change? I’ll consider it.

      Clifton Griffin
      WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)

      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

      • http://www.facebook.com/Sem03 Alberto Obi-Wan Ingrao

        it’s simple, i’ve changed in all files where’re present from: define (‘LDAP_VERSION’, 2); to define (‘LDAP_VERSION’, 3);
        But it’s more simple for non-coders people have this params in configuration options where you’ve a test form.

  • pesinet

    ADLPS authentication problem with AD in the cloud through Federation Services.

    I am facing the problem when I try to authenticate againts AD on the cloud. We have a federation services company in the middle, they sent me all the parameter but still is not working. Any idea if this plugin works with federation services?

    • clifgriffin

      Hi Pesinet,

      I really have no idea. If those services operate as LDAP servers and follow the protocol, it should in theory work. But I have no direct experience with them.

      Clifton Griffin
      WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)

      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

      • Pesinet

        thx anyway.

  • http://www.yepi250.com/ yepi250

    Nice Sharing There must be a groundswell for this. Thank

  • http://www.kizi-2.net/ kizi2

    the sharing of your very good, very useful for me. thank you.

  • ellenm1

    Thank you very much for this plugin! I had to update it to make it work well with WP version 3.5. The updated version of the plugin is available for download here: http://thedesignspace.net/MT2archives/001035.html

    • clifgriffin

      Thanks for the updates, ellenm1. I really need to rewrite this plugin from the groundup. This is one of the first plugins I wrote, and it shows!

  • Nikki Brown

    I want to integrate AD to our wordpress site using this simple ldap login plugin. However, our wordpress site is located at hostgator and not at our physical site. Will we be able to use this plugin? Or does the wordpress site and LDAP server need to be located on the same physical network?

    • clifgriffin

      Your web server must be able to talk directly to your LDAP server on the appropriate ports. It doesn’t matter if they are on the same physical network.
      However, I’d hazard a guess that your network security team will not be in favor of opening up your LDAP servers to Hostgator.

      Clifton Griffin
      WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)

      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

  • Matt

    Im getting this error when activating plugin. I’m almost 99% sure everything is enabled and ready to go. Any thoughts?

    Warning:
    require_once(C:inetpubwwwroot/wp-content/pluginspluginssimpleLDAPupdate_for_WP3.5simple-ldap-loginadLDAP.php):
    failed to open stream: No such file or directory in
    C:inetpubwwwrootwp-contentpluginssimpleLDAPupdate_for_WP3.5Simple-LDAP-Login.php
    on line 10
    Fatal error: require_once(): Failed opening required
    ‘C:inetpubwwwroot/wp-content/pluginspluginssimpleLDAPupdate_for_WP3.5simple-ldap-loginadLDAP.php’
    (include_path=’.;C:phppear’) in
    C:inetpubwwwrootwp-contentpluginssimpleLDAPupdate_for_WP3.5Simple-LDAP-Login.php
    on line 10

    • clifgriffin

      Hi Matt,

      I recommend you try Simple LDAP Login 1.5 Beta. I uploaded it yesterday: http://downloads.wordpress.org/plugin/simple-ldap-login.zip

      It uses a better method to include adLDAP. Please let me know if you have any problems with it…I don’t have the environment to do testing at the moment so I’m relying on other people to fill in the gaps. :)

  • http://www.byleroylee.com LeRoy

    The upgrade from 1.4 to 1.5 broke the plugin for me. I had to roll it back. This is what my php log shows…
    PHP Warning: array_rand() expects parameter 1 to be array, string given in C:inetpubblogwp-contentpluginssimple-ldap-loginincludesadLDAP.php on line 2294

    • clifgriffin

      Thanks for letting me know. Can you tell me the error message you received? —
      Sent from Mailbox for iPhone

      • http://www.byleroylee.com LeRoy

        I updated my original post, but this is what my php log says…

        PHP Warning: array_rand() expects parameter 1 to be array, string given in C:inetpubblogwp-contentpluginssimple-ldap-loginincludesadLDAP.php on line 2294

        • clifgriffin

          Very odd. It’s using the same version of adLDAP. I’ll investigate in the morning! —
          Sent from Mailbox for iPhone

    • clifgriffin

      Uploaded 1.5.1. I think that will fix the problem. Sorry about that!

  • Uwe Willenbacher

    So I updated today from version 1.4.0.5.1 to your latest version 1.5.1 and it broke my login:( Even restoring the older plugin made no difference after the upgrade – somehow the only thing that brought me “back to live” was a drop DB and restore DB:( You mentioned to “test before upgrade – how could I do that? I am more then happy to help out fixing this but I am not sure how since all I have is my production environment. I am using WordPress 3.5.2 on a Mac (Lion) server. My PHP version is 5.3.15 and no, there was nothing written to the Apache error log:(

    Cheers,

    - Uwe Willenbacher

    • clifgriffin

      Hi Uwe,

      Really sorry it broke your site. This comment made me realize it wasn’t very wise to clean up the old settings on activation of the new version since that makes rollbacks harder.
      I’m working on a couple of bug fixes now…I’ll release a 1.5.2 that won’t blow away the 1.4.0.5.1 settings so it should be much easier to test.
      Kind regards,
      Clif

      Clifton Griffin
      WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)

      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

    • clifgriffin

      I just uploaded version 1.5.2 with several bug fixes. Please let me know if it works for you if you have a chance to test it. And please relay all error messages if it does not work.
      Thanks!

      Clifton Griffin
      WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)

      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

      • Uwe Willenbacher

        So I just updated and I seem to be able to log in:) I have to say that I do miss the little test box (username/password) with “instant” result… Anyhow, I did find one, visual, bug: I have a completely “locked down” site and when the user hits the login page the (reddish) LDAP error page immediately shows: “Simple LDAP Login could not authenticate your credential…” Yes, I have the “High security mode” enabled…

        • clifgriffin

          Hi Uwe,

          I’ve heard one other complaint on that. Very odd!

          I’ll take a look and see what I can figure out. Thanks for getting back with me.
          Kind regards,
          Clif

          Clifton Griffin
          WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)

          That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

  • Alberto Ingrao

    Hi, i’ve updated your plugin via worpress update and the users can’t login into the blog (1.5.2 plugin version).

    When i reinstall version 1.4.0.1 the users can login.

    the error message is: invalid password

  • ellenm1

    1.52 is not working for me: in all settings fields I get “Notice: Undefined variable: thix in E:wpwpwp-contentpluginssimple-ldap-loginSimple-LDAP-Login.php, repeated many times, followed by the old, stored settings follow. I can still login as an existing LDAP user, but I’m going to roll this back.

  • HK Qoo

    i am new in LDAP. I installed. however, when i access to http://blog/wp-login.php, the screen is blank and the html has nothing there. did i do something wrong?

    • HK Qoo

      I turned on DEBUG and see:

      Notice: Undefined variable: thix in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: Trying to get property of non-object in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: Undefined variable: thix in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: Trying to get property of non-object in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: Undefined variable: thix in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: Trying to get property of non-object in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: wp_enqueue_script was called incorrectly. Scripts and styles should not be registered or enqueued until the wp_enqueue_scripts, admin_enqueue_scripts, or login_enqueue_scripts hooks. Please see Debugging in WordPress for more information. (This message was added in version 3.3.) in /var/www/html/wp-includes/functions.php on line 3012

      • clifgriffin

        Good catch! Patching for the next version, thanks.

  • Uwe Willenbacher

    I just created my first user with the simple LDAP plugin version 1.5.2 and realized that the LDAP information (Username, FName, LName and email address) does NOT get populated in the WordPress account….that could be a potentially big problem and I wonder how I can troubleshoot that? BTW: I just noticed you posted version 1.5.3 – might that fix the problem and is it compatible with openLDAP?

    • clifgriffin

      Hi Uwe,

      I’ll see what I can find out. Thanks for your patience.

      Clif

      Clifton Griffin
      WordPress Consultant | Shopp Core Contributor | http://cgd.io | @clifgriffin (http://twitter.com/clifgriffin)

      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

  • Uwe Willenbacher

    Yup, definitely a problem with SImple LDAP – just used the old and it worked…

    • clifgriffin

      New version, you mean?

      Clifton Griffin
      WordPress Consultant | Shopp Core Contributor | http://cgd.io | @clifgriffin (http://twitter.com/clifgriffin)

      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

  • Uwe Willenbacher

    version 1.4 works -> 1.5.x does not. Again, this is using openLDAP running on Mac OS not Directory Service

  • pkirill

    Hi – I just installed 1.53 and it connects to AD just fine. However when creating WP user accounts, only the username (sAMAccountname) is brought over. Is there simple fix to bring over the email, first and last as well? I have installed on a WP 3.6 installation that is running on an internal Windows/IIS server.

    • Michele

      I am seeing the same behavior when a new user is added. Has there been a resolution to this?

      • clifgriffin

        I’m aware of this issue and will fix it as soon as I am able. I apologize for the disruption. :-/

        Clifton Griffin
        WordPress Developer • Shopp Contributor
        Website: http://cgd.io
        Follow me on Twitter: @clifgriffin (https://twitter.com/clifgriffin) Shopp Plugins: http://cgd.io/shopp
        That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

      • clifgriffin

        Just uploaded 1.5.4. This should be fixed!

  • Franck

    Hi. First of all, thanks for this nice plugin. I have just upgraded to 1.5.4 and wanted to turn group filtering on but it didn’t work. Checking the code quickly in Simple-LDAP-Login.php it seems that in the case of OpenLDAP group filtering is made on cn:
    ldap_search($this->ldap, $this->get_setting(‘base_dn’), ‘(‘ . $this->get_setting(‘ol_login’) . ‘=’ . $username . ‘)’, array(‘cn’));
    $user_groups[] .= $ldapgroups[$i]['cn'][0];

    This is rather strange since the common name should contain the user name, and actually if i put my complete name in the Required Groups config field I can authenticate, add a typo and it fails.
    On a “standard” OpenLDAP I think group filtering should be made either à la Unix on the gidNumber or checking for the user’s dn being a member in a groupOfNames.
    Cheers.

    • clifgriffin

      Hi Franck,

      It seems the configuration varies here. I am working on a patch that will allow specifying the group search attribute and separate it from the login attribute.
      Clif

      Clifton Griffin
      WordPress Developer • Shopp Contributor
      Website: http://cgd.io
      Follow me on Twitter: @clifgriffin (https://twitter.com/clifgriffin) Shopp Plugins: http://cgd.io/shopp
      Blog: http://clifgriffin.com
      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

  • Uwe Willenbacher

    Hey there,

    I just upgraded to the latest version 1.5.4 and indeed, my earlier problems seem fixed – Thank you! However, I think I found another problem to the plugin: I am about to add the requirement to belong to a specific LDAP group for a login to work, however, that does not seem to function. Any idea why that might be?

    Do I need to add any specific syntax to the “Required Groups” field or am I just to add the name or the shortname for that group?

    Thanks in advance,

    - Uwe

    P.S.: I agree with the previous post: Nice plugin – Thanks a bunch for all your hard work…

    P.P.S.: I amy be the only one on this, but I do miss the simple username password LDAP query/verification to check if the configuration is correct and a given user actually exists…maybe that could be a feature to be added back by “choice”, i.e. a hidden div if you want to hide it?

  • RK

    Hi, Thanks for the plugin, but I noticed that the user information like name and email are not populating when the account is automatically created. I have version 1.5.4.

  • JesseJohnson

    The auto-creation of accounts does not seem to work… If I prebuild the user in WP it works great for authentication. Otherwise the user is just displayed the following error:

    Notice: Use of undefined constant givenname – assumed ‘givenname’ in
    /var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
    line 353

    Notice: Use of undefined constant sn – assumed ‘sn’ in
    /var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
    line 353

    Notice: Use of undefined constant mail – assumed ‘mail’ in
    /var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
    line 354

    Notice: Use of undefined constant givenname – assumed ‘givenname’ in
    /var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
    line 356

    Notice: Use of undefined constant sn – assumed ‘sn’ in
    /var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
    line 357

    Am I missing something?

  • Troy

    Just installed this module & having troubles getting it to work. In drupal i just specify o=xxx for the base dn and the uid for the UserName attribute and it works. Can i do something similar with this module?

  • John

    Thanks for developing this plugin. I’d like to get it to work on my site.

    I installed the plugin and set the Base DN to dc=mycompany,dc=com, which matches the base setting in ldap.conf. But when I try to log in to WordPress using credentials that are stored in LDAP, the login is rejected. Here is the connection in my LDAP logs:

    Oct 16 10:28:23 myserver slapd[16063]: conn=310610 fd=42 ACCEPT from IP=127.0.0.1:60487 (IP=0.0.0.0:389)
    Oct 16 10:28:23 myserver slapd[16063]: conn=310610 op=0 do_bind: invalid dn (=john.lastname,dc=mycompany,dc=com)
    Oct 16 10:28:23 myserver slapd[16063]: conn=310610 op=0 RESULT tag=97 err=34 text=invalid DN
    Oct 16 10:28:23 myserver slapd[16063]: conn=310610 op=1 UNBIND
    Oct 16 10:28:23 myserver slapd[16063]: conn=310610 fd=42 closed

    When I use an LDAP browser I can verify that the user does exist at cn=john.lastname,ou=people,dc=mycompany,dc=com

    Can you tell me what I’m doing wrong? Thanks in advance.

  • Uwe Willenbacher

    Hey there, I just installed Version 1.5.5and it the “Required Groups” still does not work? Any idea what I am doing wrong, how to troubleshoot this. I would like to implement this feature, but each time I enter an exiting LDAP Group in the “Required Groups” fields my my login fails (yes, I am part of the necessary group and yes, I tried the Long name, the short name as well as the group ID – same result with all three…

  • Martin

    Hi, got a question.. in plugin configuration there is a notice : Do not specify an OU here. …. Question: where should i specify OU and other stuff? Thanks

    • clifgriffin

      I find this usually causes problems and doesn’t contribute much.

      YMMV…if you find it works for you, let me know!

      Clifton Griffin
      WordPress Developer • Shopp Contributor
      Website: http://cgd.io
      Follow me on Twitter: @clifgriffin (https://twitter.com/clifgriffin) Shopp Plugins: http://cgd.io/shopp
      Blog: http://clifgriffin.com
      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

  • Luca Beltrame

    I assume it only works with anonymous binds? Because I’ve disabled them, and thus nothing seems quite to work. How to debug the authentication process?

    • clifgriffin

      Any actions it take that require authentication use the user info at the time they are logging in. So, if it can’t bind, it will fail. If it can bind, it will check their group membership and other requirements to determine if login proceeds.

      This model leverages the fact that all users in an LDAP system should be able to access these basic things and prevents us from having to do independent authentication.

      The best way to debug is to use two browsers. You should get helpful error messages that will point you in the right direction.

  • Michael O’Keeffe

    Hi Clifton,

    We installed this plugin, but some users in our environment are members of lots of groups – when unpacked, one of our users is a member of 722 groups.

    This causes issues with one of your functions running into the PHP memory allocation limit (set at 128mb, though we’ve now lifted it to 256mb).

    Function definition: public function recursive_groups(group) at line 756 of includesadLDAP.php

    I didn’t want to mess with the plugin’s code myself, but have you considered using the LDAP recursive filter? This should be faster than recursing inside PHP, and saves execution time on the webserver.

    We use this elsewhere;

    $filter = ‘(memberof:1.2.840.113556.1.4.1941:=’.$groupToFind.’)';
    $search = ldap_search($this->connection, $userDN, $filter, array(‘dn’), 1);
    $items = ldap_get_entries($this->connection, $search);

    Just a suggestion – thanks for the great plugin.

    • clifgriffin

      Oh wow, the current code certainly didn’t anticipate 700+ groups.

      Feel free to submit a pull request to the project on github: http://wordpress.org/plugins/simple-ldap-login/

      I’m a bit busy at the moment, so it may be awhile till I can address this personally. :)

  • htc123

    Hi Clifton,

    Good morning. I am new to use ldap. Could I ask you a question on ldap plugin please?

    Basically what I need to do is to use ldap plugin to authenticate a user that is belong to a group called Group1 and pass the credential of Group1 to WordPress for authentication. Is this possible to do in ldap plugin?

    E.g.
    User1 ID login to system. He/she belongs to Group1 group. ldap then pass Group1/password (Not User1) to WordPress to login.

    Your help is greatly appreciated.

    • clifgriffin

      That isn’t possible with my plugin. It would take a large amount of changes to get there…if it is even possible!

  • Maximilian Pecha

    Hey Clifton

    We are using a wordpress site with your LDAP plugin for our company’s intranet site. At the moment we are faceing problems with users that have special chracters in their passwords – they can’t login to the wordpress site. Is there any possibilty to fix that issue?
    Thanks a lot!

    • clifgriffin

      Can you give me an example of the special characters that aren’t working? Thanks!

      • Maximilian Pecha

        Hey!

        For sure: In this case it’s “(
        Not sure if more characters are’nt working, but if you like I can test it for you?