Comments

  1. Layne says

    Fatal error: Call to undefined function ldap_connect() in C:wampwwwwordpresswp-contentpluginssimple-ldap-loginadLDAP.php on line 157

    Im getting this error, Im 99% sure all my settings are correct, but when i test settings, it returns to a page with settings saved, and the above message. any ideas?

  2. Fredrik says

    Hi Clifton.

    Great plugin! I’ve been looking for something that integrates with AD and doesn’t break XML-RPC. Thanks!

    I have a small problem. AD isn’t username case-sentitive but it seems that your plugin is. Any chance of making it case insensitive?

    • says

      Hi Fredrik,
      I’m glad the plugin works well for you. The case sensitive username issue is not actually an issue with my plugin in this instance. WordPress itself seems to enforce this case sensitivity.

      There are plugins that override this functionality but unfortunately they conflict with my plugin. I will consider adding that as an advanced option, but I’m leary of adding even more features to my “Simple” plugin. :)

  3. Ben says

    Hi, and thanks for a great plugin.

    I’ve added a small feature to adLDAP to support TLS so that passwords are not sent in the clear; I’ll send the patch upstream and you’re welcome to it too if you like, it’s very simple.

    One thing I’ve hit a problem with. I’m using the feature to create users in a certain group. It works fine except that I’ve asked for new users to be made Authors, but they are being created as Subscribers. A log of what’s going into the userData array supplied to wp_insert_user() shows that ‘role’ is set to ‘Author’ so I’m mystified as to why it’s not working. Any ideas?

    Cheers!

  4. Ben says

    Small addition to the above; the new user gets created with whatever the default is in the blog’s settings. So I can work around the problem by changing the default to Author, which is fine because this is an intranet blog so everyone can be an author. Still perplexed why your option isn’t working though!

    • says

      Thanks for all of the feedback. I’m perplexed as well. I never tested that option thoroughly because it seemed so obvious and I knew the array I was sending was complete.

      I wonder if there is a case sensitivity problem here or something. I guess I’ll have to look at what is actually going on in the database…what role is being recorded and what it looks like once it is changed.

      TLS support is a good idea. Send me the patch and I’ll include it in future versions. :)

    • says

      I’m releasing a small update to fix the role problem as well as disallow LDAP users from logging in if they are removed from the specified group.

      I decided to not incorporate the TLS patch into this as I’m afraid it could create problems for those who do not have their LDAP installations sufficiently configured.

      I did have one question though: you patched adLDAP but in your patch description you talk about modifying your openldap configs…this makes me think you are using the plugin with OpenLDAP but have the plugin set to Active Directory. Is this true?

      I ask because I was under the impression that adLDAP doesn’t work with OpenLDAP at all. If it does, I’m wondering if I wasted my time creating two binding methods. :)

      Part of the problem is that I don’t have a fully functional OpenLDAP installation to test with. I have thought about setting one up but haven’t followed through yet.

      Any feedback you can give me on this would be great.

  5. Ben says

    clifgriffin :
    I’m releasing a small update to fix the role problem as well as disallow LDAP users from logging in if they are removed from the specified group.
    I decided to not incorporate the TLS patch into this as I’m afraid it could create problems for those who do not have their LDAP installations sufficiently configured.

    All you’d need to do is change the initialisation of $_use_tls to false instead of true and it would have no effect unless specifically enabled. TBH I should have set it that way in the patch, I just didn’t spot that I’d left it true until too late!

    I did have one question though: you patched adLDAP but in your patch description you talk about modifying your openldap configs…this makes me think you are using the plugin with OpenLDAP but have the plugin set to Active Directory. Is this true?

    Not quite. I’m using the plugin on Linux, which uses openldap (lowercase) as the client library, configured in /etc/openldap/ldap.conf. But I am authenticating against a Windows Active Directory server, not an OpenLDAP (mixed case) one. Make sense? :)

    I think you are correct that adLDAP is only for talking to AD servers, not OpenLDAP ones, so you do still need your two binding methods.

  6. Kurt Cypher says

    I just installed Simple LDAP Plugin, and it’s working, to a point. I have it set to automatically create a wordpress account upon successful LDAP authentication, but when I try to login as a valid LDAP user that doesn’t have a wordpress account, I get:
    ERROR: Invalid username.

    However, if I login using a valid LDAP user who DOES have a wordpress account, I get logged in.

    Any ideas?
    Thanks,
    Kurt

    • says

      One more thought: Have you tried the dev version linked to at the end of this article? I don’t think it will fix any of your problems but the error message might be more useful. (Possibly…if you’re just getting “Invalid username” with no details, it’s hard to say)

      It’s worth a shot though.

      • Kurt Cypher says

        I may give that a shot when I get back in the office on Tuesday. It’s certainly worth a shot, if it’ll potentially give a better error message.

  7. Nick says

    I am using openLDAP and I got the first option to work, that is the default option where the I log into with existing usernames for both wordpress and LDAP.

    However, I am trying to get the second option to work but it keeps throwing me the error message: Invalid username. Simple LDAP Login mode allows account creation but the LDAP credentials provided are incorrect.
    So I am assuming it is the code somewhere between line 108 and 134 for the simple-ldap-login file.

    Any suggestions? I am trying to debug it at the moment, I will let you know if I find something useful.

  8. Nick says

    Actually, the default option doesn’t seem to be working too great anymore, it seems to only work for one of our accounts “pc01″ but not “pc02″, “pc03″… etc. It just so happened that pc01 worked and I thought it was working.

    • says

      I can’t imagine it working for one account and not another under the first option. I’ve had several reports that the OpenLDAP login code is working well for a few people.

      Can you try downloading the dev version linked to above? It’s version 1.3.0.1 and it’s error messages are a little more instructive. I preemptively added a “location” suffix to them to help with debugging in the future.

      • Nick says

        Thanks Clifton, I am pretty sure it was a problem on our end, the openLDAP creating new users also works now that I have upgraded WordPress to the latest version.

        Just wondering if you are considering the option of creating new blogs for the users that authenticate for the first time.

      • Nick says

        Also, it seems that the role option doesn’t seem to be working using 1.3.0.1 for our us, everyone created is still a subscriber.

  9. Michiel says

    Hi there,

    Thanks for the plugin, it seems to work as intended, except for one little thing.
    I’ve got it set to create a user in WP upon successful authentication against AD, but when I try to log in with a valid AD user, I get the following:

    Array ( [user_pass] => [user_login] => Michiel [user_nicename] => Michiel [user_email] => michiel@domain.com [display_name] => Michiel [first_name] => Michiel [last_name] => [role] => Contributor )
    Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 649

    Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 650

    Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 651

    Warning: Cannot modify header information – headers already sent by (output started at /var/www/domain.com/dev/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:99) in /var/www/domain.com/dev/wp-includes/pluggable.php on line 850

    This is using version 1.3 of the plugin, with a completely fresh install WP 2.7.1.
    The odd thing is, after I see the above error messages, when I try to log in with the new user by going back to the login page, it works. The user is actually successfully created it seems.

    Any ideas where these errors come from and how I could fix this?

    Thanks

    • says

      This a weird error message that I have seen randomly with every plugin I’ve written. One of my plugins had this problem because there was a single blank line at the end of the main plugin file. Strange…I know.

      Is this happening every time? Perhaps reinstalling the plugin? (Just replacing the files will work…settings will be saved.)

      You might also try the dev version linked to above, though it’s in a transition stage to implement new features. (Should work though)

      • Michiel says

        Yeah, this happens every single time I try to log in with a user who does not exist in the WP user system, but is valid in AD.
        I tried reinstalling it as per your suggestion, but I keep getting the same error. I tried installing it via the new plugin auto-install system, and tried it manually; same result.
        I’ll do some more testing, see if I can find out what the issue is. Thing is, tbh I know jack all about code, I just know what buttosn to press to make stuff happen every now and then :)

          • Michiel says

            PHP 5.2, with a pretty vanilla Apache.
            Anything else you might want to know?

            Also, thanks for taking the time to look into this. Much appreciated.

  10. Nathan says

    Excellent plugin that works as advertized!

    I have worked on this all day with other plugins and was never able to get them to work. Installed this and was connected to AD within 5 minutes. The only reason I didn’t go with yours to begin with is that I need to be able to have users, when created, put into a specific WP role depending on their AD group. Is this a feature that may come in the future?

    Either way, the plugin is excellent!

    • says

      I’m glad it works for you! I had the same experience which is why I wrote it. It seemed like it didn’t have to be so hard.

      I hadn’t considered that possibility but I’ll think about it for future releases.

      Btw, the role setting doesn’t work at all in version 1.3. Download 1.3.0.1 to fix this. (Though it may have other bugs…haven’t gotten the chance to test it fully)

  11. Justin says

    I’m currently getting an Incorrect Password error when trying to login with a network account. The plugin is currently set for Normal Mode.

    First I entered all the settings that are required.

    I then used the Test Setting box to verify that a username and password in AD can successfully authenticate. I receive the “Congratulations!” message and move forward.

    Using the same name i verified with the test tool, I then created that account WordPress.

    After logging out of my admin user, at the main page I am unable to login using the newly created account.

    I’m not really sure where I went wrong. Any suggestions would be greatly appreciated.

    Thanks!

    Justin

    • Justin says

      Im using the 1.3 Version in WordPress 2.7.1.

      Today is my first time trying to use this Plugin, so I’m not sure if its caused by the way I have things installed.

      I figured if the test tool said that it can authenticate, it should work though. I have tried several accounts in the test tool that are only in AD, and all have authenticated successfully.

      I turned on the Account Creation mode too, and tested an account and got the incorrect password as well.

      • Justin says

        Well i tested a few more things tonight.

        First I upgraded XAMPP and created a new dev WordPress directory. The plugin worked correctly in the dev wordpress. Funny thing though is I got the same error message as Michiel above when i created a new user.

        I went back to my other install of WordPress that i was still having problems and removed the plugin, re downloaded it and installed it. I noticed it retained all of the domain information that i entered before. Where is this information being held? Is there anyway i can reset this saved information? Maybe when i entered it in the very first time, i entered something incorrectly and its retaining that incorrect information.

  12. Justin says

    Justin :
    Funny thing though is I got the same error message as Michiel above when i created a new user.

    I forgot to mention, even after the error it successfully created the user and i was able to login with it. It just gave that nasty error at user creation.

    • Justin says

      The theme our Graphic Designer chose for the site is whats causing the issues. I applied the theme to my dev site and the login stopped working. I was still able to use the test tool to authenticate under the admin panel while the theme was active though. Bummer…

      I know its something outside of the plugin causing problems, but at least it might be a reason others are having problems.

      Here is the theme we are using if your curious: http://wordpress.org/extend/themes/atahualpa

      • says

        I am having this same problem with the theme I developed. I was wondering if anyone knew of what could be causing themes to break the authentication? The two just seem unrelated.

        • says

          I found the issue. The plugin uses the variable $options and it conflicts with a variable used in my custom theme options. Thanks for this awesome plugin!

  13. Michiel says

    Justin :
    I know its something outside of the plugin causing problems, but at least it might be a reason others are having problems.

    Odd thing is, I’m still using the default theme while trying to implement some of the (to us) more important plugins like this one. I would assume that the default is what it was developed against, or tested on.

    Anyways, I figured the error messages problem out. I had a look at the code for the plugin, and started looking for the line numbers referenced in the error itself. Turns out, the Simple-LDAP-Login.php file on line 99 says the following:

    print_r($userData);

    I found out that the main error itself (Cannot modify header information – Headers already sent by) means that the code for some reason is trying to send data while being told afterwards to redirect you to another page by using a header command. Which makes sense, the plugin tells WP to create a user and log in with it, and then sends that users on his/her way to the dashboard. Long story short, all you have to do is comment out that print_r($userData); line and that should be it. Fixed it for me in any case. Commenting that line out is done by inserting two slashes before the line of code in the Simple-LDAP-Login.php file so it looks like:

    // print_r($userData);

    That’s all folks.

    Oh, and damn you Clif, you made me try and learn to at least understand code now ;)

    • says

      Justin,
      I noticed that when I was working on 1.3.0.1…not sure how that slipped by.

      I’m sorry that caused you so many issues! I’m going to do some testing with 1.3.0.1 today and tomorrow and try to fix some of these issues and release the version.

      Thanks for your help!

      • Justin says

        No worries, the new features of the plugin are sweet. Thanks for your help and dedication on looking into the issues. = )

        • says

          I still haven’t gotten a chance to do a proper review of the code for the next release. I expect to be able to do this either this weekend or sometime next week. Thanks for your patience.

          • Gaurav Sharma says

            Hi Clifton,

            I am using “Simple LDAP Login” for my application which is using wordpress 2.8 , after setting the credentials in the settings tab when i use your testing option at the bottom of the page then it gives me the congratulation message.

            But when i try to login from the frontend after signout from the admin section with valid username/password that exists in LDAP it gives me the error message

            “ERROR: Invalid username. Simple LDAP Login mode allows account creation but the LDAP credentials provided are incorrect.”

            And when i do testing with same username/password it shows congratulation message.

            Please suggest for the same , where i am doing wrong.

            Gaurav

          • says

            I haven’t seen this issue before.

            Unfortunately, I don’t have an installation to test with at the moment. (I no longer manage the installation I originally developed this for.)

            I will say that I know a lot of users who are not having this issue.

            Are you guys using the OpenLDAP option or AD?

          • says

            I am getting an error like “Invalid username”. But in the test-panel it is working properly. Not on the Login screen. I am on wordpress 2.8

  14. Matt Combs says

    I’ve upgraded to version 1.3.0.1 and still can’t get the roles to work correctly. I have it set to create them as Editors but its not settings roles at all. I’m using option 3 to just allow a certain group to log in. Could this be causing something?

    • Matt Combs says

      solved my own problem by changing

      ‘role’ => get_option(‘simpleldap_account_type’)

      to

      ‘role’ => strtolower(get_option(‘simpleldap_account_type’))

    • says

      It does appear that the role name needs to be lowercase in order for accounts to be created correctly. When the wp_options simpleldap_account_type value was set to ‘Author’ my users were being created with no role. When I changed it to ‘author’ it appears to work fine.

  15. Peter says

    This plugin works for me with OpenLDAP& wordpress 2.8.1. I also would like to use the group feature but it currently works for AD but not OpenLDAP. Hope it can be used via OpenLDAP as well soon.

  16. Nasir says

    I am trying to use this plugin for wordpress. I am confident about the configuration settings, but for some reason it is not passing. Can I get some help here ?
    Test Results:
    Failure. Your settings do not seem to work yet.

  17. Nasir says

    Nasir :
    I am trying to use this plugin for wordpress. I am confident about the configuration settings, but for some reason it is not passing. Can I get some help here ?
    Test Results:
    Failure. Your settings do not seem to work yet.
    and on login screen:
    ERROR: Invalid username. Simple LDAP Login mode allows account creation but the LDAP credentials provided are incorrect.

  18. Tyrel Newton says

    I have the beta dev version installed on a wordpress 2.8.2 installation and am attempting to auth user’s against apple’s version of the openldap directory. In my server logs, I was seeing invalid passwords entries even though I knew I was typing the password correctly. It turns out that in the password I was using to test with, there was an apostrophe (‘). So at some point in the login process, the password was being corrupted because it was not sanitized for special PHP characters. I don’t know what the solution to this problem is, but I wanted to throw it out there because maybe there is an easy fix.

    • Ian Altgilbers says

      We’ve run into the same issue here… We have had a couple of complaints now with people using apostrophe in their password. This could potentially open the door to some sort of injection attack, if the password is not being properly escaped.

      • says

        I don’t think an injection vulnerability is likely unless one exists in adLDAP itself.

        I’m not really sure what the root cause is here. I’ll see if I can report an issue with adLDAP.

    • Ian Altgilbers says

      We’ve run into the same issue here… We have had a couple of complaints now with people using apostrophe in their password. This could potentially open the door to some sort of injection attack, if the password is not being properly escaped.

      • says

        I don’t think an injection vulnerability is likely unless one exists in adLDAP itself.

        I’m not really sure what the root cause is here. I’ll see if I can report an issue with adLDAP.

        • says

          ———————————-this is my root openLDAP——————————-
          # root, People, politel.edu
          dn: uid=root,ou=People,dc=politel,dc=edu
          uid: root
          cn: root
          objectClass: account
          objectClass: posixAccount
          objectClass: top
          objectClass: shadowAccount
          userPassword:: e2NyeXB0fSQxJFliTTVrcmxhJE1GRXd2emVvN2FpU3V1MjdiNzFrdy8=
          shadowLastChange: 15046
          shadowMin: 0
          shadowMax: 99999
          shadowWarning: 7
          loginShell: /bin/bash
          uidNumber: 0
          gidNumber: 0
          homeDirectory: /root
          gecos: root

          ————————–this is my drupal config———————-
          account suffix : @politel.edu
          LDAP login attribute : uid
          base DN : dc=politel,dc=edu
          Domanin Controller : ldap.politel.edu

          when i try to connect with admin ldap. it’s return:
          Test Results:
          Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.

          OMG, this error message make me crazy.

  19. Louie says

    I implemented the ldap 1.3.0.2 on our system and chose to “Create WordPress account for anyone who successfully authenticates against LDAP.”. Evrytime someone login it creates a username on wordpress. So now I have lots of user with the same username. It is so wierd.

    I am also getting this error on the Admin screen

    “Oddly, your version of PHP doesn’t allow file_get_contents to use URLs. But even more oddly, your browser doesn’t allow frames! I think it’s time for you to consider leaving 1998 in the past.

    “; ?> ”

    I am running windows 2003 with PHP 5.2.6

      • Beben06 says

        This plugin seems awesome but i’m using simple LDAP Login 1.4.0.5.1 and i get this error with file_get_contents. WTF ?!

          • Beben06 says

            Hi,

            My error is:

            Oddly, your version of PHP doesn’t allow file_get_contents to use URLs. But even more oddly, your browser doesn’t allow frames! I think it’s time for you to consider leaving 1998 in the past.(Great joke ;p)
            “; ?> in the frame of the annoucements. But i have the version 1.4.0.1 of your plugin, PHP 5.3.13, i use this in local with wamp2.2 64 bits. I try on a different computer and i have the same error and the connect to the ldap fails… I don’t see anything in the apache log….I’m doing a study about wp-plugin and multisites… and with two others plugins it’s work… I really want to authenticate with your plugin, do you have any ideas?Thanks in advance.

    • Hois Christian says

      i tested it in crome  and set  plugin mode =  HIGH.
      same error :
      Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.

  20. says

    Hello! We’re using your plugin for our school district’s upcoming transition to a WordPress-Mu based web site, and it’s working very well so far. LDAP authenticates successfully against our AD server, and everything is going well there.

    The only odd thing is that it only works properly when users log in to the main district blog (i.e., our home page, /) and not when they try to log into their own blog or school blog (e.g. /ccarman or /rhs). When I go to those blogs’ dashboards, I see the default bogus settings for the plugin, which points to mydomain.com etc., so obviously that’s not going to work. Do you know of any way to either:
    A: grab the LDAP settings from the main blog for all other blogs (ideal), or
    B: redirect any requests from /blog/wp-login.php to /wp-login.php, so they don’t get confused.

    I think we can accomplish “B” with themes, but I’d like to do a redirect if possible. Thanks!

  21. says

    I was encountering an issue where authentication would fail if the password contained a backslash (or other character that is escaped by whatever is doing the escaping). I had to add the following line to the authenticate method defined at line 197:
    $password = stripslashes($password);

  22. Steve Palm says

    QUOTE:
    If you are using Active Directory, you will probably need PHP 5. This is because I’m using adLDAP 3.0 to do my Active Directory integration. As far as I know, the rest of the code should work with PHP 4. It is also possible that the functionality I’m using with adLDAP 3.0 does not depend directly on PHP 5. Your mileage may vary.

    QUESTION:
    I get an error activating the plugin, I only have PHP4. Do I have to do something to turn off the adLDAP stuff? I’m not using it, but apparently it’s trying to load it.

    • says

      There may be other portions that only work in PHP5. What is the error message you get when activating?

      Is there a reason you haven’t gone to 5? Most hosts make it extremely simple to switch between versions.

      • Steve Palm says

        It’s an old host that we don’t want to break anything on. :) Not sure what else on there may be affected. Anyway, it is dying on trying to load the adLDAP module. I just was curious if there was a way to turn it off so that it didn’t even try. I’ll poke at it here. The funny thing is that I saw the upgrade come along, and I thought we were using the previous version just fine, but the plugin wouldn’t re-activate. So it seems like something in the most recent update. I’ll post back when i find more.

        • says

          What version were you on before?

          You can always try replacing the adLDAP.php file with an older, PHP4 compatible version from the adLDAP site if you believe that’s the issue.

          • Steve Palm says

            Thanks, rolling adLDAP back to v2.1 which supports PHP4 works fine. Since that is only required for those using Active Directory, I wonder if you could change your plugin code to only require it if it was being used. Probably not worth the effort, though. Eventually all these old boxes running PHP4 will die. :)

  23. Brian says

    Version 1.3.0.2.1 works perfectly with my Active Directory, but version 1.3.0.3 fails with the following error (when testing settings):

    “Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.”

    Any ideas on why the latest version has broken AD authentication?

    • Brian says

      Please ignore. I don’t know what happened but after going back and forth between the two versions, it now works?? I will make another note if this occurs again or open a ticket.

      • Brian says

        I see now. If the user does not exist in the wordpress database, the authentication TEST fails. This was not the case in 1.3.0.2.1.

        • Jurgen Weber says

          I could use some help. I am using wp 3.4.1 and ldap login 1.4.0.1. Using OpenLDAP.

          I have the correct settings, as far as I can tell but it does not auth. 

          Firstly, what is the account suffix option? is that just an AD thing?

          I need the login attribute to be uid, but as far as I can tell with my bad php it does not search for uid?

          $result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(‘cn’)); $ldapgroups = ldap_get_entries($ldap, $result);

          What is the ldapgroups? I do not want it to check any groups. Just search the base dn for the uid, if it is successful, it logs in.

          Thanks

          • Jurgen Weber says

            re reading this, you say 

            //Ok, we should have the user, all the info, including which groups he is a member of.  //Now let’s make sure he’s in the right group before proceeding.

            but what group are you looking for?

          • Jurgen Weber says

            alright, I have it working. I worked it out.. I assumed you “searched” for the bind dn, but then you would need an admin. 

            With the Base DN you have in options, you want the full user DN.I have multiple companies over different DN’s, so I can only let one DN to login.a little bit limited, but I get it. ;)

            features requests:

            allow a user which has unlimited read so you can use a search to find the user.

  24. Chris says

    Hi, firstly, great plugin, thanks.

    I’m wanting to use the
    ‘Create WordPress account for users in specified AD group:’

    Is it possible to check more than one AD user group?

    • says

      Thanks, Chris I’m glad you like it. There is currently no way to do this. . I plan to support this type of functionality in the future but have yet to implement it.

      I want to be able to let users link groups to account types and so on, but it will take a bit of work to get there. What I did in my organization was create a group to add all the other groups to. This should get around the problem.

  25. Per-Arne Jørgensen says

    Hi, tanks for a great plugin! But I have a problem with openldap where I use memberUid instead of memberof. Got this message:
    Warning: Invalid argument supplied for foreach() in simple-ldap-login/Simple-LDAP-Login.php on line 205.

    Do you have any tips?

  26. Josh says

    There appears to be two problems that I can immediately find which prevents my use of this plugin, unfortunately.

    One, the LOGIN varaible appears to be preset to “uid” and I don’t see anywhere to change that other than editing the code. However, we don’t use “uid,” we use something else.

    Second, it doesn’t look like you are connecting to the server via TLS. This is required by our LDAP server.

    However, I’m still not totally sure if these are the only things that need fixing for it to work for us, because even after I changed uid to what we needed and threw in ldap_start_tls($ldap); into simple-LDAP-login.php, it still doesn’t work, so….

    • says

      Hi Josh,
      You are not the first to suggest TLS. I briefly investigated adding it in the past, but without a way to test it and only one user requesting it, I abandoned it.

      For the second, I will have to investigate that as well. I have no encountered a situation like yours.

      I can’t make any promises on when these things will be addressed. At the moment I have no installation (test or otherwise) to test against.

      • Stace says

        Your plug in is exactly as advertised: simple and gets the job done. Thanks!

        Lately, I’ve been running it in a WordPress MU installation and that seems to work without issue as well. Only problem is at my end: I have to configure settings for each new blog a user creates. What I’d like to do is configure the settings within the plugin file itself, without any calls or writing to the database. Can you help point me in the right direction?

        Thanks,
        Stace

        • says

          Hi Stace,
          If you look in the code for function simpleldap_activation_hook() you’ll see that all of the default settings are declared there.

          If you change these to what you like (should be *fairly* straightforward), any new blogs that activate the plugin should pickup the new settings.

          Because I use add_option, blogs that have already had the plugin activated before will not benefit from this change.

          And, remember, if you do an upgrade in the future, those defaults will be reverted to my defaults (though your settings for existing blogs will be fine).

          I hope this makes sense.

          Clif

          • Stace says

            Hi Clif,
            Thanks for the reply! Swapping out the defaults as you mentioned does, indeed, work. But this is all for a K-8 elementary school where everything needs to be locked down. In other words, they will still be able to access the admin panel and mess with settings.

            I think what I’d like to have is no admin panel and nothing writing to the db. I know this is totally NOT what your great piece of code is all about but any chance you could help me get there?

            Thanks,
            Stace

          • says

            I’m not sure I understand. The users who need to login shouldn’t have access to the admin panel in any capacity? That seems to defeat the purpose.

            If you don’t want them changing settings you could always set the default role to Subscriber or something incapable of making changes. (But, depending your setup, it is questionable they would even need to login at all if there role would be subscriber)

            Maybe some more information would be helpful.

      • Clifton Griffin says

        Elvina,

        This is the first I’ve heard of this. The call to add the options page requires a level 10 user. This is a deprecated way of adding an options page, but it still works.

        You sure this this happening? How are you accessing the page from the subscriber role?

        Clif

        • msuzer says

          Hi all,

          I used the plugin today for my wordpress blog against OpenLDAP. I want to contribute as I solved some problems for my installation.first: in openLDAP setups, usually, BASE_DN looks like: ou=users,dc=example,dc=com, so if someone miss ou part, it will not work.second: once you add ou=users, then the group authentication will fail. then you have to tweak the code in the main php file as: //$result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(‘cn’));
          $result = ldap_search($ldap, “ou=groups,dc=example,dc=com”, “memberuid=$username”, array(‘cn’));please note another change as “memberuid=$username”.I am not an expert, but these changes may hopefully help someone to make the setup work. And Clif may find these suggestions helpful to update the plugin.
          Thanks to Clif for this handy plugin.

          • says

            This worked for me, thank you msuzer. 

            Clif, I noticed that in some of the older versions in svn… it looked like you were working on adding the group suffix and group member attribute as settings that can be changed.  Is that on the road map at all?

            Thanks for making this great plugin available!

        • elvina says

          Hi Cliff,
          I had it set up so that everyone needed to login to view our site, LDAP users were made subscribers. When they logged in, the wordpress dashboard shows them their profile and your plugin settings page. (using wordpress 3.2)

          i changed this line
          function simpleldap_admin_actions()
          {
              add_options_page(“Simple LDAP Login”, “Simple LDAP Login”, 10, “simple-ldap-login”, “simpleldap_menu”);

          }

          to:

          function simpleldap_admin_actions()
          {
              add_options_page(“Simple LDAP Login”, “Simple LDAP Login”, ‘install_plugins’, “simple-ldap-login”, “simpleldap_menu”);

          }
          and now it doesn’t show.

          cheers

  27. Stace says

    Sorry to be confusing. The application is this: setting up WPMU for a specific class project in which each student will create their own website. When a student creates their blog(site), they are, of course, admin. Which is fine, up to a point.

    We want them to have control over most aspects of their site but there are several backend areas I’d like them to stay out of and authentication is one of them. Because we’re a school, we require users to authenticate against our LDAP to get access – using your simple plugin. If the kids can modify it, they will, just to see what happens. So I would like to take out the settings page for the plugin and just configure within the plugin file.

    Does that make sense? I want admins to have some access but not to this.

    Thanks,
    Stace

    • says

      I understand now.

      Unless you make them full admins, they won’t see the settings page. Make them Contributor or a more minor role like that.

      The plugin is designed to only let administrators use the admin page.

  28. Dessie Lunsford says

    Can this plugin be configured for SSO with active directory?
    We’re using an instance of WordPress MU and havent had any luck with any of the other LDAP plugins with passing in the currently logged in users credentials. Can this one auto log-in users?

    Thanks,

    Dez

  29. Caleb Jeffery says

    I love your plugin! it is simple and straight to the point.

    I do have an issue though and not sure how to resolve it.

    I have setup an internal blog site on our intranet. The thing is is that our intranet is on a wan where we have people on different domains that want to login.

    Your plugin states that it can have mulitple domains but I can’t seem to get this working.
    each of our domains requires a different Base DN
    and after some testing i have discovered the suffix also plays a part.

    Could this be a new feature request or am I missing something?

    Thanks,
    Caleb

  30. Phillip says

    This plugin is really great, but I’m having one problem implementing it.

    When I navigate to the login page of my blog, an error message appears just above the normal WordPress login box saying, “Error: The username field is empty.” If I then enter my domain credentials in the login box, it will accept them and log me in.

    I’ve traced the error to line 72 of the Simple-LDAP-Login.php file. I can even hard-code a $username and $password value from AD into the file, and it will log me in.

    Any ideas of how I can resolve this?

    Thanks!

  31. George says

    Nice plugin! I’ve gotten it to work with AD (Win2003 R2 SP2) and Linux (Debian) apache2 and php5-ldap, etc. However, I’ve noticed accounts authenticate ONLY IF the Display Name = User Logon Name in the AD. Typically the Display Name is the user’s full name and not the Logon Name. Changing an AD db of users with accounts like this would be a major workaround.

    I noticed this is the case for both login modes “Authenticate WordPress users against LDAP” and “Create WordPress account for anyone who successfully authenticates against LDAP”.

    Any suggestions? Thanks.

  32. says

    I am using Version 1.3.0.3, and have a problem when new blogs get created, the LDAP configuration is empty, and it has to be manually configured. The problem arises when the user needs to login from the blog’s own login page, it does not recognize the LDAP credentials, and gives me an “Incorrect password error”.

    The plugin is activated site-wide, and still does not work

  33. Dietmar says

    Maybe useful for others (1.3.0.3): If you use OpenLDAP and created your entries with DN “cn=…,ou=…,o=…” be sure to change following line in Simple-LDAP-Login.php:

    define (‘LOGIN’, ‘uid’);

    to

    define (‘LOGIN’, ‘cn’);

    Maybe this should be a configuration option?

  34. says

    I was able to patch this plugin to make it work with my company’s Domino server. Basically, use the OpenLDAP mode and make the following code changes:

    In Simple-LDAP-Login.php, find every
    $ldapbind = @ldap_bind($ldap, LOGIN .’=’ . $username . ‘,’ . BASE_DN, $password);
    and change it to
    $ldapbind = @ldap_bind($ldap, $username, $password);

    And in Simple-LDAP-Login.php find every
    $result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’ [...]
    and change it to
    $result = ldap_search($ldap, $ldapconfig['basedn'], ‘uid=’ . $username);

    YMMV.

    If enough people badger me, maybe I’ll fork the plugin, strip out the Active Directory stuff and just call it “Domino LDAP login” or something like that, and publish the fork.

  35. Colleen says

    Is is possible to change the LDAP password from within WordPress? If I use the profile page it seems to only change the local user password.

  36. Barry says

    Should this work if I install php and then install php-ldap.i686 instead of compiling php with ldap support? According to the package descriptions, the php-ldap packages are supposed to add ldap support to php. I ask because I am unfamiliar with compiling.

  37. Kevin says

    I have configured the plug-in (v1.3.0.3) to work with our Active Directory, however some accounts are able to login and others are not. In testing the accounts that do not work using the Test Settings, I get the message “Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership”. Is there anyway to debug why one account would work and another won’t? I’m assuming it’s a permissions setting within AD, but not sure what it would be. My Sys Admin says there should be no difference between accounts, is there a way to debug the call to get additional details on what the issue is?

    • Kevin says

      Oh, I forgot to mention. I am not limiting access to any specifc AD group. If you can authenticate to AD, it should create the account in WordPress and allow the person in.

  38. Barry says

    This wouldn’t work for our Active Directory because it does not use a Bind User for authenticating to AD. If this does not work for you you should try the Active Directory plugin, I did get it to work.

    • says

      A bind user wouldn’t matter for simple authentication. If you’re using group membership, it will try to bind with the user that’s logging in (I think).

      Is your directory configured to prevent this? (I can’t imagine why this would be true…just asking)

      • Barry says

        I think it is default behavior in a Windows domain. I first thought it would bind using the user login also, but that wasn’t the case. At least I couldn’t get it to work. I got a clue when a vendor setting up a different Linux application needed a bind login for there app to do the same. Thx.

          • Carlos says

            I am using Version 1.3.0.3, and have a problem when new blogs get created, the LDAP configuration is empty, and it has to be manually configured. The problem arises when the user needs to login from the blog’s own login page, it does not recognize the LDAP credentials, and gives me an “Incorrect password error”.

            The plugin is activated site-wide, and still does not work

  39. unicast says

    Hi! I’m tryin to authenticate via LDAP and got some troubles with my LDAP-tree with many ou-containers.
    In example, i have containers ou=dev,ou=users,dc=examble and dc=com, ou=test,ou=users,dc=examble,dc=com
    BASE_DN ou=users,dc=examble,dc=com
    And authentication fails…
    Here is small patch:

    case “directory_ol”:
    //OpenLDAP create all
    $ldap = ldap_connect(LDAP_HOST, LDAP_PORT)
    or die(“Can’t connect to LDAP server.”);
    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION);
    $ureturn=@ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ‘sn’, ‘givenname’, ‘mail’));
    $uent=@ldap_first_entry($ldap, $ureturn);
    $bn=@ldap_get_dn($ldap, $uent);
    $ldapbind = @ldap_bind($ldap, $bn, $password);
    if ($ldapbind == true)

    case “directory_ol”:
    //OpenLDAP create based on group
    $ldap = ldap_connect(LDAP_HOST, LDAP_PORT)
    or die(“Can’t connect to LDAP server.”);
    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION);
    $ureturn=@ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ‘sn’, ‘givenname’, ‘mail’));
    $uent=@ldap_first_entry($ldap, $ureturn);
    $bn=@ldap_get_dn($ldap, $uent);
    $ldapbind = @ldap_bind($ldap, $bn, $password);
    //$ldapbind = @ldap_bind($ldap, LOGIN .’=’ . $username . ‘,’ . BASE_DN, $password);
    if ($ldapbind == true)

  40. Tony Power says

    Hi Clifton, Using the plugin with OpenLDAP, its working fine, WordPress is authenticating against our directory. I have a question about adding some extra functionality to the plugin though, maybe you’ve taken a look at this already. We’re setting up single sign on for a number of things, but initial registration of a user will happen in WordPress. I’d like for WordPress to add an entry to the LDAP directory when a new user is created rather than the other way around. Any ideas? Cheers

    • says

      Hi Tony,
      Unfortunately, creating LDAP object is a different ballgame and not something I intend to include.

      If you are familiar with PHP, I encourage you to take a swing at it yourself. The WordPress plugin model is very simple and I think you could make a lot of progress quickly.

      If you have any questions, I’ll do my best to answer them.

      Clif

        • Daniel says

          Great plugin! I get an error each time I (or user) tries to get into the dashboard even though they are logged in. “ERROR: The username field is empty.” Any help would be much appreciated. Cheers, Dan

          • Daniel says

            Still get this error and I have raised a ticket but get an error when I try to view that too! Any help on this would be great as its causing some fuss with our users. Cheers, Dan

          • says

            Hi Clif,
            Why is it that the settings don’t ask for the ldap server? Is it assuming localhost? Is it guessing it based on the Base DN and/or Domain Controller?

            Thanks,
            Amir

          • says

            Nevermind – Controller=Server – I misunderstoond the Domain Contoller settings that someone had put in place earlier. Still, I can’t log in because my manager username is a different DN than the Base DN…

          • says

            Hi Clifton,
            I’ve been using your plug-in and it has been working great except for the last 3 months.

            It seems I’m having the same issue as James and Daniel so I’m interested in reading what you shared with them to resolve their issues.

  41. says

    Hi Clif,
    Looks like you’ve been getting a few spams lately. If you’re not already using it I recommend WP-HashCash – this is completely invisible to anyone using a normal browser to add a comment as long as they have javascript enabled, but prevents bots (which generally don’t have js) from adding comments. You can configure it to just put failures in the Moderation queue in case of false positives – I don’t know what the false pos rate is because I don’t get many genuine comments on my sites *sniff* but it has successfully stopped every single spam attempt.

  42. Rods says

    Hi clif,

    The users created by ldap plugin doesn´t sync with buddypress. How can I do this?
    At this moment all my users doesn´t have an entry in the wp_bp_xprofile_data table.

    • Ian Altgilbers says

      I believe the problem is with user_nicename. The buddypress and this plugin have differing views on what that field should be.

      I change this plugin to set the user_nicename to be the same as username and buddypress sprang back to life.

    • Uwe Willenbacher says

      Hey there, I just installed Version 1.5.5and it the “Required Groups” still does not work? Any idea what I am doing wrong, how to troubleshoot this. I would like to implement this feature, but each time I enter an exiting LDAP Group in the “Required Groups” fields my my login fails (yes, I am part of the necessary group and yes, I tried the Long name, the short name as well as the group ID – same result with all three…

  43. Rods says

    Hi Clifton, I´m using Simple LDAP with BuddyPress. The authentication goes fine, but the new user created by the plugin doesn´t get an entry in the xprofile’s tables. How can I managed that, since without this, the activity replies doesn´t show properly?

    Thank´s in advance.

  44. Benjamin says

    I’ve made additions to plugin which allow for connecting through an LDAP proxy with an intermediate user name (required in some environments). Is there a way to get this code to you for possible inclusion in the next version of Simple LDAP?

    • says

      Hi Benjamin,
      Thanks for your contribution.

      At this point I’m not spending any development time on this plugin. I have too many other profitable projects I’m managing.

      I do plan to eventually make changes to this plugin, but I think that will mostly be a setup where users can contribute their own various versions of the plugin for others to use.

      Feel free to e-mail me a copy of your changes and I’ll attempt to include them when I make these changes. (Hopefully in the next month or two)

      Clif

  45. James says

    Hi Clifton,
    Does the plugin work on WP 3.0? For the account suffix, if i dunt have suffix, would the plugin still work? Thank you!

    james

  46. Bertrand says

    Is there a possibility to bind non anonymously to the ldap server in simpleldap?

    It is common with Active Directory to deny anonymous bind if security is an issue.

    Thanks. B.

  47. Chuck Thompson says

    Do you have time to look this over and tell me if you think Simple LDAP Login for WordPress will accomplish my goals? I am a complete amateur and not at all skilled in this sort of thing, but if I use your product I will donate. After reviewing what follows please tell me whether you think Simple LDAP will do the trick and also give me an opinion on whether you think a complete amateur will be able to administer it.

    What I’m trying to accomplish is this:
    There are a number of sites to consider – all on the same server.

    The MAIN SITE and all the WordPress SUB-SITES will be WordPress 3.0.
    All registered users will be members of the MAIN SITE.
    Some users will be members of one or more of the WordPress SUB-SITES.
    All registered users of the MAIN SITE will have access to a forum hosted on the PhpBB3 site. PhpBB3 uses MySQL.
    All registered users of the MAIN SITE will have access to the eFront Learning site. eFront uses MySQL. http://www.efrontlearning.net/
    Membership only on the MAIN SITE will give users access to the MAIN SITE, the eFront site and the PhpBB3 site only.
    Membership in any of the SUB-SITES will give users access to that particular SUB-SITE and the MAIN SITE, the eFront Site and the PhpBB3 site.

    I hope I’ve given you everything necessary to advise me, but if you have any questions please do not hesitate to ask and I will get back to you as soon as I can.

    • says

      Hi Chuck,
      Sorry for my belated response.

      This plugin can only help you with logging users in. I’m not sure what the plugin schema is for subsites in WP3.0, but I think you can enable the plugin with a different set of settings. So, for instance, you could have it enabled for the main site with a different role and group requirement than for subsites.

      As for providing access to all of the other things, the plugin can’t help there out of the box.

      I’m available for hire if you need a developer to provide some of these changes, so feel free to e-mail me.

      And, let me know if you have any questions.
      Clif

  48. says

    Is it possible to authenticate and create WordPress accounts for users in several groups? For example, I have three groups: Students, Faculty, and Staff. I would like to give Faculty and Staff the ability to login, but not Students. I tried separating groups with commas, but it doesn’t seem to be working.
    *starts looking through the code*

    • says

      Not as configured, but I think you should be able to figure out how to make that happen. Especially in version 1.4…should be easy to loop through.

      But, that being said, you still would need to come up with a way to make the permissions different which would be a whole different animal.

        • Ashish Upadhyay says

          I have downloaded the Simple LDAP login 1.3 plug-in and uploaded into wordpress plug-in directory, then activate this plug in.

          I have specified the host name of the LDAP server (i.e. IP addrees of the server)

          After doing this when I test the settings, it will show me the following error.

          Fatal error: Call to undefined function ldap_connect() in C:xampphtdocswordpresswp-contentpluginssimple-ldap-loginadLDAP.php on line 157

          Is any body can suggest? I have Domino directory and I want to authenticate user form the Domino directory using LDAP.

          Are the settings specified above mandatory? because
          I have tried it with and with out specifying setting, in both the cases I got the same error.

          Please help.

          Thank you
          Ashish

  49. Oliver Seeliger says

    Hi Clif,

    I’ve finally made it to set up all the options correctly. I’m using the Advanced Option ” Create WordPress account for anyone who successfully authenticates against LDAP. ” and when I try to log in an error comes up saying ” Catchable fatal error: Object of class WP_Error could not be converted to string in /var/www/sevencs-intranet-wordpress/wp-includes/formatting.php on line 2772 ”

    When I set up the user name manually before I log in everything works as it should.

    Any idea?

    Thank you.

    I’ am using WP3

      • Oliver Seeliger says

        Hi again,

        I investigated a bit by myself and found out that the error occurred because *sigh* I had the email address already registered. But, anyway, in this the return value of sll_authenticate() is of type object WP_Error and this raises the fatal error.

        The function wp_insert_user() returns an array containing a useful error message and I think you should pass this message to the frontend.

        So, I got it working for me now and I must say it’s an awesome plugin. Great work.

      • says

        Hi Clif,

        First, great plugin. Exactly what I need, and it’s going to be a lifesaver.

        I wanted to say that I’m running into the same problem as Oliver, though I’m not sure why. I’m a newbie to LDAP, and I don’t even have the email schema installed — but it still appears to pop up. I’m going to investigate as well, but displaying the error messages as Oliver says below would be great. Thanks a ton for everything so far!

        • says

          Tim,
          I’m still working on a solution to this problem.

          It’s due to a change in the way WordPress’s user creation functions work in WP3.0. I have successfully increased the level of error reporting, but without a firm solution to this problem I am reluctant to release a new version.

          Thanks for your patience,
          Clif

    • Gilad Aharoni says

      Thanks, Oliver, for pointing me in the right direction!

      Since, when creating users in my LDAP server, I do not assign any emails to them, I was getting this exact same error after creating the first user, as all the following users were trying to be created with the same email (blank). The solution was to create a string-randomizing function in Simple-LDAP-Login.php, and use it to replace both instances of:
      'user_email' => $userinfo[0][mail][0],
      with:
      'user_email' => genRandomEmail(),

      The wordpress admin can then change the email address if they want to.

      The randomizing string function:


      function genRandomEmail() {
      $length = 10;
      $characters = ’0123456789abcdefghijklmnopqrstuvwxyz’;
      $string = '';
      for ($p = 0; $p < $length; $p++) {
      $string .= $characters[mt_rand(0, strlen($characters))];
      }
      $string = $string."@ChangeMe.com";
      return $string;
      }

      Got this function from:
      http://www.lost-in-code.com/programming/php-code/php-random-string-with-numbers-and-letters/

      All seems to work great now. Would still be helpful if the plugin could display the WP_Error, though.

  50. Jordan says

    Hi there! I’m running into an error right on activation:

    “Plugin could not be activated because it triggered a fatal error.

    Fatal error: Uncaught exception ‘adLDAPException’ with message ‘No LDAP support for PHP. See: http://www.php.net/ldap‘ in /home/MYDIR/public_html/wp-content/plugins/simple-ldap-login/adLDAP.php:338 Stack trace: #0 /home/MYDIR/public_html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php(60): adLDAP->__construct(Array) #1 /home/MYDIR/public_html/wp-admin/plugins.php(158): include(‘/home/MYDIR/pub…’) #2 /home/MYDIR/public_html/wp-admin/plugins.php(160): plugin_sandbox_scrape(‘simple-ldap-log…’) #3 {main} thrown in /home/MYDIR/public_html/wp-content/plugins/simple-ldap-login/adLDAP.php on line 338″

    Any thoughts?

  51. says

    Warning: ldap_search() [function.ldap-search]: Search: No such object in C:inetpubwwwrootwordpresswp-contentpluginssimple-ldap-loginadLDAP.php on line 970

    Warning: ldap_get_entries() expects parameter 2 to be resource, boolean given in C:inetpubwwwrootwordpresswp-contentpluginssimple-ldap-loginadLDAP.php on line 971

    Catchable fatal error: Object of class WP_Error could not be converted to string in C:inetpubwwwrootwordpresswp-includesformatting.php on line 2772

    • says

      This seems to indicate the presence of enabled LDAP module — but I still get above errors

      LDAP Support enabled
      RCS Version $Id: ldap.c 293036 2010-01-03 09:23:27Z sebastian $
      Total Links 0/unlimited
      API Version 3001
      Vendor Name OpenLDAP
      Vendor Version 20319

  52. Olivier Roger says

    Hello,

    I installed and used your plugin with ease.
    I only encountered a single problem which seems strange to me since the documentation says explicitly the opposite.

    When I enable the plugin, I cannot log with the local ‘admin’ user anymore. I got the message saying the LDAP plugin is enabled.

    Any reason for this ? Anybody experienced the same behavior ?

    Thanks in advance !

    • says

      Olivier,
      That is my fault completely. I removed this function because I felt that most people weren’t naming their admin accounts admin and that it probably wasn’t helping anyone.

      Do you need this feature?

      Clif

      • Olivier Roger says

        Clif,
        I see your point.
        Still, I think it is a nice feature since not everybody can/want to have a admin user in LDAP for that.

        What would be great would be to have an option to enable this behavior and, eventually, being able to select the user(s) it applies to in the settings. In my case I only need it for ‘admin’.

        Olivier

  53. Gustavo Campos says

    Hey Clifton!

    Nice work with the plugin, sounds awesome, but I can’t make it work.

    It’s all installed and configured fine, but the users never logon. I enabled Kerberos logging on my Windows 2008 R2 server, and for every request I receive a KDC_ERR_ETYPE_NOTSUPP.

    Microsoft documentation says that it means the client doesn’t have the appropriate Crypthography type and/or key. I already authenticate some sites within this same server, using apache’s mod_auth_kerb.

    I don’t know what else should I check, any help would be much appreciated!

    And keep up the really good work!

    • says

      Hello there!
      Everything beautiful, just a question. Every time I set up a new blog, I have to re-configure the plugin in that blog backend.

      Is there any way to propagate the main blog settings, to all newly created ones?

      Regards,

      Francesco

      • says

        Hello, I got the answer to my question (see above). It’s a plugin called YD-Network-Wide-Options.

        Now I’m trying to let the users login with their email address (not only username). Any idea about how to do it!?!

  54. Scott says

    I know i have LDAP configured correctly.
    I feel confident I have PHP setup right for LDAP.
    I turned on debug, and got this during my test auth against AD (along with my failure):

    Notice: Undefined property: WP_Error::$ID in C:wampwwwwp-contentpluginssimple-ldap-loginSimple-LDAP-Login-Admin.php on line 119

  55. Eric says

    Pretty new to WP. I have a multi-site setup with WP 3.0.1. I do not get the “settings” option on my plugin page. I do get an edit option but some pages (e.g. Simple-LDAP-Login-Admin.php) are “inactive”. Any idea what I’m doing wrong?

    • Ryan says

      Is Open LDAP the same as Open Directory? I teach at a high school and have two Xserves that have learned to setup them up over the last couple of years. One is open directory master so the students can authenticate to the network. The other is the Web server for the class page and school newspaper. The sites are running on WP3.0. I want to give the students WP blogs and just base it off their lab logins through open directory. However, it isn’t working, so I wasn’t sure if openLDAP is different from Open Directory. I don’t want to hand create 200 accounts every year. :(

  56. Will says

    Hello. Great plugin! But fyi, the space you add to user_nicename breaks the author page links. So I flipped

    ‘user_nicename’ => $userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0]

    to

    ‘user_nicename’ => $userinfo[0][givenname][0] . $userinfo[0][sn][0]

    and then the links worked fine.

    thanks again.

  57. says

    How do i set up the TLS. My Site works fine but we are in the mist of eliminating onon-secure LDAP authentication. I have to use TLS. I checked the TLS option but our told me the following one to indicate the attempt to start TLS, one to indicate whether the attempt was successful, and one to indicate which cipher was negotiated.

    Please advice.

  58. says

    How do I set up the TLS setting? My Site works fine currently however my company is in the mist of eliminating unsecure LDAP authentication. I have to use TLS. I checked the TLS option but it does not work as our Admin told me the following: It didn’t work. If it it was secure, you should see the following lines in the transaction, one to indicate the attempt to start TLS, one to indicate whether the attempt was successful, and one to indicate which cipher was negotiated. Is there any other setting that I need to do. Open LDAP has been configured on the server correctly with the security certificate.

    Please Help and advice.
    Kindest Regards
    Bejal

      • says

        No I am not getting an error and funny enough the authentication works however according to our LDAP administrators, the connection is not secured even though TLS is checked in the plug-in setup. He stated that is the TLS was successful he would be able to see if it started, if it was successful and if the cipher was negotiated. So my question to you is apart from checking the TLS checkmark do we have to configure something else on the server etc. We have Open ldap configured 100% with the security certificate.

        Please advice.

    • JesseJohnson says

      The auto-creation of accounts does not seem to work… If I prebuild the user in WP it works great for authentication. Otherwise the user is just displayed the following error:

      Notice: Use of undefined constant givenname – assumed ‘givenname’ in
      /var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
      line 353

      Notice: Use of undefined constant sn – assumed ‘sn’ in
      /var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
      line 353

      Notice: Use of undefined constant mail – assumed ‘mail’ in
      /var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
      line 354

      Notice: Use of undefined constant givenname – assumed ‘givenname’ in
      /var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
      line 356

      Notice: Use of undefined constant sn – assumed ‘sn’ in
      /var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
      line 357

      Am I missing something?

      • Troy says

        Just installed this module & having troubles getting it to work. In drupal i just specify o=xxx for the base dn and the uid for the UserName attribute and it works. Can i do something similar with this module?

  59. Bob says

    Hi,

    I am trying to use the TLS feature of the simple LDAP plugin and getting the following error.

    Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Connect error in /opt/fedex/webapps/data/dev/wp-content/plugins/simple-ldap-login/adLDAP.php on line 372

    Please help.
    Thanks

    • Michael O'Keeffe says

      Hi Clifton,

      We installed this plugin, but some users in our environment are members of lots of groups – when unpacked, one of our users is a member of 722 groups.

      This causes issues with one of your functions running into the PHP memory allocation limit (set at 128mb, though we’ve now lifted it to 256mb).

      Function definition: public function recursive_groups(group) at line 756 of includesadLDAP.php

      I didn’t want to mess with the plugin’s code myself, but have you considered using the LDAP recursive filter? This should be faster than recursing inside PHP, and saves execution time on the webserver.

      We use this elsewhere;

      $filter = ‘(memberof:1.2.840.113556.1.4.1941:=’.$groupToFind.’)’;
      $search = ldap_search($this->connection, $userDN, $filter, array(‘dn’), 1);
      $items = ldap_get_entries($this->connection, $search);

      Just a suggestion – thanks for the great plugin.

        • htc123 says

          Hi Clifton,

          Good morning. I am new to use ldap. Could I ask you a question on ldap plugin please?

          Basically what I need to do is to use ldap plugin to authenticate a user that is belong to a group called Group1 and pass the credential of Group1 to WordPress for authentication. Is this possible to do in ldap plugin?

          E.g.
          User1 ID login to system. He/she belongs to Group1 group. ldap then pass Group1/password (Not User1) to WordPress to login.

          Your help is greatly appreciated.

          • clifgriffin says

            That isn’t possible with my plugin. It would take a large amount of changes to get there…if it is even possible!

  60. Rutger says

    Great plugin, compliments!
    I configured it, and users can login with their LDAP-account.
    One question: do users need to login manually (type their username and password)? Because in my situation they do. I can’t find out if this plugin can/should login users automatically.

  61. Pat J says

    Hi,

    I love the Simple LDAP login plugin. It’s been immensely helpful.

    I’m in a situation, though, where I need to authenticate users that may be in one of several DNs. Is there any way to do this, currently, or am I going to have to modify the plugin?

    • says

      I have a Dual LDAP Login plugin that can bridge between 2 domains. Would this be sufficient?

      It isn’t published in the plugin directory, so let me know if you need it. You can e-mail me if you like. clifgriffin[at]gmail.

  62. Jim T says

    For the good of the order I thought I share my success with using Simple LDAP Login with my Mac OS X Server 10.6 OpenDirectory setup. All that was needed in addition to the documented information on the plugin’s setup page was to prepend the Base DN with CN=users

    Thanks for the plugin, Clifton!

    • Jim T says

      I should add that users log in with their shortname, not their Full Name. The user is defined as “Clifton Griffin” with a shortname of “cliftongriffin” — so logging in at the WordPress login page will not work as “Clifton Griffin” but will work as “cliftongriffin”

      The code would have to consult the LDAP database to find the shortname associated with that full name… at present it doesn’t do that.

  63. Kaz says

    Hi, Great plugin, works really well against our Novell edirectory.

    Slight problem for us though is that we have users in several containers at the same level eg. ou=IT and ou=TREAS. Users who do not exist in the IT container have an alias object in the IT container.

    If we set the base dn to point to the IT container, users with an alias in that container don’t get an error message when logging in but are left at the login screen as if login has failed (ie they do not get the invalid username or password error).
    If we set the base dn to the parent container of the IT and TREAS containers, then nobody can login. Users from the IT container who have previously logged in, get an “incorrect password” error. Users who exist in the IT or TREAS subcontainers who have not previously logged in to WordPress get an “invalid username” message.

    It seems like the ldap is not searching subcontainers???
    Would you also be expecting it to work with aliases?
    Thanks

    • says

      Hi Kaz,
      I’ve seen this issue a couple of times before but haven’t found a solid reason/solution.

      Have you tried pointing to just the parent OU that contains both of these child OUs? (if one exists)

      • Kaz says

        Hi Cliff, Yes if I point the base dn to the parent container, nobody can login. I think the ldap is not searching subcontainers. Thanks

        • clifgriffin says

          I would like to figure this issue out eventually, but I don’t have much of a way to test (and very little time for personal development these days).

          Let me know if you found a solution.

        • Clifton Griffin says

          I would like to figure this issue out eventually, but I don’t have much of a way to test (and very little time for personal development these days).

          Let me know if you found a solution.

  64. Vince Thyng says

    I was able to get the plug in working well with an active directory and am trying to change it over to a corporate Tivoli directory server. Since it isn’t working, I’d like to see the commands that are being sent. Is there a log? I haven’t found a way to turn one on for PHP LDAP, and don’t see anything in the apache logs.

    • clifgriffin says

      I don’t know how to do that either. I developed the non-AD LDAP code pretty much blind as I don’t have a test server.

      I would suggest using WireShark or something similar.

    • Clifton Griffin says

      I don’t know how to do that either. I developed the non-AD LDAP code pretty much blind as I don’t have a test server.

      I would suggest using WireShark or something similar.

  65. Mike says

    I was wondering if it is possible to use ldap filters. For example I have a filter something like (&(|(urpsaffiliation=FAC)(urpsaffiliation=STF))(|(urpsemployeestatus=A) (urpsemployeestatus=L) WHRE CAN I PLACE THIS?

    • says

      I installed Simple LDAP Authentication and configured it properly. Now I cannot log into my site. When I go to the wp-login.php page all I get is a white screen.

      • Clifton Griffin says

        I’m thinking that maybe you have the wrong version of PHP installed or something (PHP 5 is required). In any rate, you can rename the folder to “deactivate” the plugin. Once it is deactivated, you can rename it back to the original name.

        Let me know if you find any specific errors in the logs and I’ll see if I can help you.

    • Clifton Griffin says

      I’m not extremely familiar with LDAP filters, sorry. If you look at the code, it’s pretty simple so I think if you know what you want to do you can figure it out. Good luck!

  66. says

    I love the plug-in! Thanks!

    I’m using P2 theme and when I click an author to view their posts it gives me a 404 page. The url has the persons full name in it so I even tried modifying it to first initial last name and that failed too. Should an author page get created when someone logs in the first time? How can I fix this? Thank you!

    • clifgriffin says

      I’m not sure, Matthew. I can’t really think of anyway this would break because of something the plugin does…unless it sets one of the profile values in such a way that breaks it?

      Have you been able to find anything?

    • Clifton Griffin says

      I’m not sure, Matthew. I can’t really think of anyway this would break because of something the plugin does…unless it sets one of the profile values in such a way that breaks it?

      Have you been able to find anything?

  67. James says

    Great plug-in. I have it running on my website currently. One question though. I used to be able to change the author of a page or post, but now only I show up in the available authors list. Any ideas on how to get that functionality back?

    THANKS!

    • clifgriffin says

      I can’t think of anything that would affect this functionality. My hooks begin and end with the login process.

      Sorry! :)

  68. James says

    Great plug-in. I have it running on my website currently. One question though. I used to be able to change the author of a page or post, but now only I show up in the available authors list. Any ideas on how to get that functionality back?

    THANKS!

  69. mmihelic says

    If I understand the process correctly, the plugin uses an unauthenticated bind to search for the user and then tries to authenticate using the user record it found with the password that was provided by the user.
    Would it not be better to have an option to provide the DN structure? This way you could authenticate the user directly without having to do a search first. I would spare you the time for one bind+search and would make the plugin work with setups that do not allow unauthenticated searches.

  70. mmihelic says

    If I understand the process correctly, the plugin uses an unauthenticated bind to search for the user and then tries to authenticate using the user record it found with the password that was provided by the user.
    Would it not be better to have an option to provide the DN structure? This way you could authenticate the user directly without having to do a search first. I would spare you the time for one bind+search and would make the plugin work with setups that do not allow unauthenticated searches.

    • Dellantre says

      Hi,

      I love this plugin. But i have a little big problem. User can enter any password to login. When i did test setting, it also succeed even my password was different in ldap server.

      How to fix this.

      • Clifton Griffin says

        Craptacular.

        I patched some things based on user contribution, but didn’t have a great way to test. I’ll roll back some of yesterday’s changes.

    • Clifton Griffin says

      This came from a user contribution. I pushed the updates in kind of a rush…your logic makes perfect sense and I should have used more critical thinking.

      I’m going to rollback that portion.

  71. Dellantre says

    Hi,

    I love this plugin. But i have a little big problem. User can enter any password to login. When i did test setting, it also succeed even my password was different in ldap server.

    How to fix this.

    • clifgriffin says

      Craptacular.

      I patched some things based on user contribution, but didn’t have a great way to test. I’ll roll back some of yesterday’s changes.

  72. alex says

    I’ve been running this plugin for some time and it’s amazing. We just figured out that single quotes and double quotes in PW’s are causing failed logins but it appears that the problem exists in adLDAP.php. Has anybody else run into this problem and come up with a fix?

  73. Josh says

    Great plugin very easy to use and setup. do you know of anyway to add integrated/NTLM authentication to this plugin in addition to forms auth?

  74. says

    ———————————-this is my root openLDAP——————————-
    # root, People, politel.edu
    dn: uid=root,ou=People,dc=politel,dc=edu
    uid: root
    cn: root
    objectClass: account
    objectClass: posixAccount
    objectClass: top
    objectClass: shadowAccount
    userPassword:: e2NyeXB0fSQxJFliTTVrcmxhJE1GRXd2emVvN2FpU3V1MjdiNzFrdy8=
    shadowLastChange: 15046
    shadowMin: 0
    shadowMax: 99999
    shadowWarning: 7
    loginShell: /bin/bash
    uidNumber: 0
    gidNumber: 0
    homeDirectory: /root
    gecos: root

    ————————–this is my drupal config———————-
    account suffix : @politel.edu
    LDAP login attribute : uid
    base DN : dc=politel,dc=edu
    Domanin Controller : ldap.politel.edu

    when i try to connect with admin ldap. it’s return:
    Test Results:
    Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.

    OMG, this error message make me crazy.

  75. Guest says

    Is there a way to use this plugin with a Multisite? I’d like to configure it once for all users and not allow them the option of even seeing the settings.

  76. Optimaximal says

    I’m confused as to how ‘Create WordPress account for users in specified AD group:’ works.

    I’ve entered ‘Intranet_User’ in the field (which has an analogous security group in AD populated with a few users for testing) but users cannot log in with their AD credentials unless I use the ‘auth against AD’ catch-all option.

    Is it something obvious, like I need to put the link to the group as a DN? Other Ideas?

    • clifgriffin says

      You should be able to use just the name of the group. It is supposed to check group membership with no more information. I would make sure it is spelled exactly the same, including case.

      Other than that, I’m not sure. Is there anything different about the group?

      • Optimaximal says

        It is like for like. I’ve even tried trimming its name (both the Group Name & Pre-Win2000 Name) down to just ‘Intranet’ in case the underscore was introducing an issue – no dice. It’s a global security group in a OU higher up the tree than the actual users, so inheritance shouldn’t be an issue.

        It’s not a problem – the ‘Auth against AD’ option works and suits our purpose, as ‘Auth against Group’ would only of really been any use if you could control multiple roles against multiple groups (possible future development? :))

  77. Anonymous says

    I’m confused as to how ‘Create WordPress account for users in specified AD group:’ works.

    I’ve entered ‘Intranet_User’ in the field (which has an analogous security group in AD populated with a few users for testing) but users cannot log in with their AD credentials unless I use the ‘auth against AD’ catch-all option.

    Is it something obvious, like I need to put the link to the group as a DN? Other Ideas?

    • clifgriffin says

      You should be able to use just the name of the group. It is supposed to check group membership with no more information. I would make sure it is spelled exactly the same, including case.

      Other than that, I’m not sure. Is there anything different about the group?

      • Anonymous says

        It is like for like. I’ve even tried trimming its name (both the Group Name & Pre-Win2000 Name) down to just ‘Intranet’ in case the underscore was introducing an issue – no dice. It’s a global security group in a OU higher up the tree than the actual users, so inheritance shouldn’t be an issue.

        It’s not a problem – the ‘Auth against AD’ option works and suits our purpose, as ‘Auth against Group’ would only of really been any use if you could control multiple roles against multiple groups (possible future development? :))

      • Robert Conard says

        I had Simple LDAP 1.4.0.1 working fine on WP 3.1.1, I upgraded Simple LDAP to version 1.4.0.4 and it worked fine. I then upgrade WP to 3.1.2 and now Simple LDAP is broken. I get an error when testing Simple LDAP with settings that worked before the upgrade. The error is:

        Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership

        I haven’t changed my credentials and they are correct. I have verified that the combination of WP 3.1.2 and Simple LDAP 1.4.0.4 don’t seem to work for my configuration. I can downgrade my Simple LDAP from 1.4.04 to 1.4.01 and it works fine with WP 3.1.2.

        • Clifton Griffin says

          Robert,
          Thanks for reporting this.

          Do you use AD or some other LDAP install?

          I made a very small change in 1.4.0.4 that only effects account creation so
          I would suspect the error crept in between 1.4.0.1 and 1.4.0.3. I’ll do a
          diff and see if I can find likely suspects. In the meantime, I’d suggest
          using the older version.

          I apologize for the inconvenience!
          Clif

          • Diamnd says

            Hi, I’m trying to create WordPress Account for users in Specified AD Group and allways give the following message:

            Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.

            Anybody knows how to do it? Is needed to insert an specific reference or only the name of the AD Group?

            Thanks!

          • Clifton Griffin says

            Just the name should work.

            Do you get that message when actually trying to login? (The test settings
            panel isn’t bullet proof)

          • Diamnd says

            That message is from the test settings panel… but it works fine if I select “Create WordPress account for anyone who successfully authenticates against LDAP” option…

          • clifgriffin says

            So do you get the same error when you try logging in with group setting on?

            The best way to do this is to try it in a separate browser. That way you
            don’t accidentally lock yourself out. Let me know what you find.

          • Diamnd says

            That message is from the test settings panel… but it works fine if I select “Create WordPress account for anyone who successfully authenticates against LDAP” option…

          • Clifton Griffin says

            So do you get the same error when you try logging in with group setting on?

            The best way to do this is to try it in a separate browser. That way you
            don’t accidentally lock yourself out. Let me know what you find.

          • Simonjday says

            Hi

            Are there any known issues with the plugin and WP 3.2  as i would like to upgrade my site to WP 3.2 and use your ldap login plugin a lot

            Thanks

          • Clifton Griffin says

            I have not tested it. I will say WordPress is very good at maintaining
            compatibility across versions so I would be pretty surprise of there were
            issues.

            I have seen no compatibility issues with other plugins as of yet.

            I welcome feedback as I don’t have a great way to test.

          • David Rogers says

            I have just installed a new version of WP and upgraded it to latest version. Installed Simple LDAP login 1.4.0.01. I am using AD to authenicate and create WP users. I have set my base DN to be DC=bhs,DC=local and can log in with my account which is in this context. I have users who are in other contexts coming off this base DN, like ou=staff,DC=bhs,DC=local. These users are not able to log in either through the test panel or on the site itself. Will this plugin search subcontexts? If not, how do I specify multiple contexts? Separating with ; does not seem to work.
            I am surprised that I do not need to specify a username and password for authentication with this as I do with other LDAP authentication systems.

        • Leandro Fontenla says

          Hi Clif,

          Plugin is login fine but i have the following problem, when i set in the Advanced settings to search for a specific group (in this case SYSADMIN) i get this error:

          Warning
          : ldap_search() [
          function.ldap-search
          ]: Search: Bad search filter in
          /mnt/opt/apache-2.2.14/htdocs/wp.www.site.com/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
          on line
          226

          Warning
          : ldap_get_entries() expects parameter 2 to be resource, boolean given in
          /mnt/opt/apache-2.2.14/htdocs/wp.www.site.com/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
          on line
          227

          But the real problem is when i look into openldap logs and i get this:

          May 12 17:10:22 ldap slapd[12539]: conn=2889 fd=74 ACCEPT from IP=10.193.102.66:47644 (IP=0.0.0.0:389)

          May 12 17:10:22 ldap slapd[12539]: connection_get(74)

          May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 BIND dn=”uid=user,ou=People,dc=site,dc=com” method=128

          May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “uid=lfontenla,ou=people,dc=site,dc=com”

          May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”

          May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “uid=lfontenla,ou=people,dc=site,dc=com”

          May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “cn=sysadmin,ou=policies,dc=site,dc=com”

          May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”

          May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “cn=sysadmin,ou=policies,dc=site,dc=com”

          May 12 17:10:22 ldap slapd[12539]: ==> bdb_bind: dn: uid=lfontenla,ou=People,dc=site,dc=com

          May 12 17:10:22 ldap slapd[12539]: => access_allowed: result not in cache (userPassword)

          May 12 17:10:22 ldap slapd[12539]: => access_allowed: auth access to “uid=lfontenla,ou=People,dc=site,dc=com” “userPassword” requested

          May 12 17:10:22 ldap slapd[12539]: => acl_get: [1] attr userPassword

          May 12 17:10:22 ldap slapd[12539]: => acl_mask: access to entry “uid=lfontenla,ou=People,dc=site,dc=com”, attr “userPassword” requested

          May 12 17:10:22 ldap slapd[12539]: => acl_mask: to value by “”, (=0)

          May 12 17:10:22 ldap slapd[12539]: <= check a_dn_pat: self

          May 12 17:10:22 ldap slapd[12539]: <= check a_dn_pat: anonymous

          May 12 17:10:22 ldap slapd[12539]: <= acl_mask: [2] applying auth(=xd) (stop)

          May 12 17:10:22 ldap slapd[12539]: slap_access_allowed: auth access granted by auth(=xd)

          May 12 17:10:22 ldap slapd[12539]: => access_allowed: auth access granted by auth(=xd)

          May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 BIND dn=”uid=lfontenla,ou=People,dc=site,dc=com” mech=SIMPLE ssf=0

          May 12 17:10:22 ldap slapd[12539]: send_ldap_result: err=0 matched=”” text=””

          May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “uid=lfontenla,ou=people,dc=site,dc=com”

          May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”

          May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “uid=lfontenla,ou=people,dc=site,dc=com”

          May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 RESULT tag=97 err=0 text=

          May 12 17:10:22 ldap slapd[12539]: connection_get(74)

          May 12 17:10:22 ldap slapd[12539]: conn=2889 op=1 UNBIND

          May 12 17:10:22 ldap slapd[12539]: conn=2889 fd=74 closed

          Looking closer the plugin is searching in “cn=sysadmin,ou=policies,dc=site,dc=com”.

          Do you know how to force the plugin search to a specific search ???

          Thanks in advance,

  78. Prasannapsp says

    Fatal error: Uncaught exception ‘adLDAPException’ with message ‘No LDAP support for PHP. See: http://www.php.net/ldap‘ in C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginadLDAP.php:338 Stack trace: #0 C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginSimple-LDAP-Login.php(60): adLDAP->__construct(Array) #1 C:xampphtdocscosmicblogwp-adminplugins.php(108): include(‘C:xampphtdocs…’) #2 {main} thrown in C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginadLDAP.php on line 338

  79. Prasannapsp says

    Fatal error: Uncaught exception ‘adLDAPException’ with message ‘No LDAP support for PHP. See: http://www.php.net/ldap‘ in C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginadLDAP.php:338 Stack trace: #0 C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginSimple-LDAP-Login.php(60): adLDAP->__construct(Array) #1 C:xampphtdocscosmicblogwp-adminplugins.php(108): include(‘C:xampphtdocs…’) #2 {main} thrown in C:xampphtdocscosmicblogwp-contentpluginssimple-ldap-loginadLDAP.php on line 338

  80. Robert Conard says

    I had Simple LDAP 1.4.0.1 working fine on WP 3.1.1, I upgraded Simple LDAP to version 1.4.0.4 and it worked fine. I then upgrade WP to 3.1.2 and now Simple LDAP is broken. I get an error when testing Simple LDAP with settings that worked before the upgrade. The error is:

    Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership

    I haven’t changed my credentials and they are correct. I have verified that the combination of WP 3.1.2 and Simple LDAP 1.4.0.4 don’t seem to work for my configuration. I can downgrade my Simple LDAP from 1.4.04 to 1.4.01 and it works fine with WP 3.1.2.

    • clifgriffin says

      Robert,
      Thanks for reporting this.

      Do you use AD or some other LDAP install?

      I made a very small change in 1.4.0.4 that only effects account creation so
      I would suspect the error crept in between 1.4.0.1 and 1.4.0.3. I’ll do a
      diff and see if I can find likely suspects. In the meantime, I’d suggest
      using the older version.

      I apologize for the inconvenience!
      Clif

  81. Leandro Fontenla says

    Hi Clif,

    Plugin is login fine but i have the following problem, when i set in the Advanced settings to search for a specific group (in this case SYSADMIN) i get this error:

    Warning
    : ldap_search() [
    function.ldap-search
    ]: Search: Bad search filter in
    /mnt/opt/apache-2.2.14/htdocs/wp.www.site.com/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
    on line
    226

    Warning
    : ldap_get_entries() expects parameter 2 to be resource, boolean given in
    /mnt/opt/apache-2.2.14/htdocs/wp.www.site.com/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
    on line
    227

    But the real problem is when i look into openldap logs and i get this:

    May 12 17:10:22 ldap slapd[12539]: conn=2889 fd=74 ACCEPT from IP=10.193.102.66:47644 (IP=0.0.0.0:389)

    May 12 17:10:22 ldap slapd[12539]: connection_get(74)

    May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 BIND dn=”uid=user,ou=People,dc=site,dc=com” method=128

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “uid=lfontenla,ou=people,dc=site,dc=com”

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “uid=lfontenla,ou=people,dc=site,dc=com”

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “cn=sysadmin,ou=policies,dc=site,dc=com”

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “cn=sysadmin,ou=policies,dc=site,dc=com”

    May 12 17:10:22 ldap slapd[12539]: ==> bdb_bind: dn: uid=lfontenla,ou=People,dc=site,dc=com

    May 12 17:10:22 ldap slapd[12539]: => access_allowed: result not in cache (userPassword)

    May 12 17:10:22 ldap slapd[12539]: => access_allowed: auth access to “uid=lfontenla,ou=People,dc=site,dc=com” “userPassword” requested

    May 12 17:10:22 ldap slapd[12539]: => acl_get: [1] attr userPassword

    May 12 17:10:22 ldap slapd[12539]: => acl_mask: access to entry “uid=lfontenla,ou=People,dc=site,dc=com”, attr “userPassword” requested

    May 12 17:10:22 ldap slapd[12539]: => acl_mask: to value by “”, (=0)

    May 12 17:10:22 ldap slapd[12539]: <= check a_dn_pat: self

    May 12 17:10:22 ldap slapd[12539]: <= check a_dn_pat: anonymous

    May 12 17:10:22 ldap slapd[12539]: <= acl_mask: [2] applying auth(=xd) (stop)

    May 12 17:10:22 ldap slapd[12539]: slap_access_allowed: auth access granted by auth(=xd)

    May 12 17:10:22 ldap slapd[12539]: => access_allowed: auth access granted by auth(=xd)

    May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 BIND dn=”uid=lfontenla,ou=People,dc=site,dc=com” mech=SIMPLE ssf=0

    May 12 17:10:22 ldap slapd[12539]: send_ldap_result: err=0 matched=”” text=””

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: ndn: “uid=lfontenla,ou=people,dc=site,dc=com”

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: oc: “(null)”, at: “(null)”

    May 12 17:10:22 ldap slapd[12539]: => bdb_entry_get: found entry: “uid=lfontenla,ou=people,dc=site,dc=com”

    May 12 17:10:22 ldap slapd[12539]: conn=2889 op=0 RESULT tag=97 err=0 text=

    May 12 17:10:22 ldap slapd[12539]: connection_get(74)

    May 12 17:10:22 ldap slapd[12539]: conn=2889 op=1 UNBIND

    May 12 17:10:22 ldap slapd[12539]: conn=2889 fd=74 closed

    Looking closer the plugin is searching in “cn=sysadmin,ou=policies,dc=site,dc=com”.

    Do you know how to force the plugin search to a specific search ???

    Thanks in advance,

  82. Diamnd says

    Hi, I’m trying to create WordPress Account for users in Specified AD Group and allways give the following message:

    Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.

    Anybody knows how to do it? Is needed to insert an specific reference or only the name of the AD Group?

    Thanks!

  83. Simonjday says

    Hi

    Are there any known issues with the plugin and WP 3.2  as i would like to upgrade my site to WP 3.2 and use your ldap login plugin a lot

    Thanks

    • clifgriffin says

      I have not tested it. I will say WordPress is very good at maintaining
      compatibility across versions so I would be pretty surprise of there were
      issues.

      I have seen no compatibility issues with other plugins as of yet.

      I welcome feedback as I don’t have a great way to test.

  84. David Rogers says

    I have just installed a new version of WP and upgraded it to latest version. Installed Simple LDAP login 1.4.0.01. I am using AD to authenicate and create WP users. I have set my base DN to be DC=bhs,DC=local and can log in with my account which is in this context. I have users who are in other contexts coming off this base DN, like ou=staff,DC=bhs,DC=local. These users are not able to log in either through the test panel or on the site itself. Will this plugin search subcontexts? If not, how do I specify multiple contexts? Separating with ; does not seem to work.
    I am surprised that I do not need to specify a username and password for authentication with this as I do with other LDAP authentication systems.

  85. svrooij says

    Really like your plugin.

    I’m developing a plugin that with use wordpress with single sign on behind microsoft isa server. This will use your plugin for authentication, and an this new plugin to get every user logged in.

    More on this soon….

  86. says

    Really like your plugin.

    I’m developing a plugin that with use wordpress with single sign on behind microsoft isa server. This will use your plugin for authentication, and an this new plugin to get every user logged in.

    More on this soon….

    • Francisco says

      Dear Clif: I communicate from Tierra del Fuego, Ushuaia, Argentina, use your plugin for the intranet of the Government of the province is working great and we are grateful. my question would be:
      how to make once logged rather than redirect you to the back end will be redirected to the front end.
      thank you very much for your time.

      • Francisco says

        Dear Clif: I communicate from Tierra del Fuego, Ushuaia, Argentina, use your plugin for the intranet of the Government of the province is working great and we are grateful. my question would be:
        how to make once logged rather than redirect you to the back end will be redirected to the front end.
        thank you very much for your time.

  87. Francisco says

    Dear Clif: I communicate from Tierra del Fuego, Ushuaia, Argentina, use your plugin for the intranet of the Government of the province is working great and we are grateful. my question would be:
    how to make once logged rather than redirect you to the back end will be redirected to the front end.
    thank you very much for your time.

  88. says

    Is it possible to have the LDAP department field come into a custom field I created in the wordpress user table?

    I have added the user_market into the wp_insert_user statement, but it doesn’t seem to be filling out the field in the table, you got any thoughts?
    function sll_create_wp_user($username)
    {
    global $ldap, $adldap;
    $result = 0;

    switch(get_option(‘simpleldap_directory_type’))
    {
    case “directory_ad”:
    $userinfo = $adldap->user_info($username, array(“samaccountname”,”givenname”,”sn”,”mail”,”department”));
    //Create WP account
    $userData = array(
    ‘user_pass’     => microtime(),
    ‘user_login’    => $userinfo[0][samaccountname][0],
    ‘user_nicename’ => sanitize_title($userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0]),
    ‘user_email’    => $userinfo[0][mail][0],
    ‘user_market’ => $userinfo[0][department][0],
    ‘display_name’  => $userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0],
    ‘first_name’    => $userinfo[0][givenname][0],
    ‘last_name’     => $userinfo[0][sn][0],
    ‘role’ => strtolower(get_option(‘simpleldap_account_type’))
    );

    $result = wp_insert_user($userData); 
    break;

    case “directory_ol”:
    if($ldap == null) {return false;}
    $result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ‘sn’, ‘givenname’, ‘mail’, ‘department’));
    $ldapuser = ldap_get_entries($ldap, $result);

    if ($ldapuser['count'] == 1) {
    //Create user using wp standard include
    $userData = array(
    ‘user_pass’     => microtime(),
    ‘user_login’    => $ldapuser[0][LOGIN][0],
    ‘user_nicename’ => sanitize_title($ldapuser[0]['givenname'][0].’ ‘.$ldapuser[0]['sn'][0]),
    ‘user_email’    => $ldapuser[0]['mail'][0],
    ‘user_market’ => $ldapuser[0]['department'][0],
    ‘display_name’  => $ldapuser[0]['givenname'][0].’ ‘.$ldapuser[0]['sn'][0],
    ‘first_name’    => $ldapuser[0]['givenname'][0],
    ‘last_name’     => $ldapuser[0]['sn'][0],
    ‘role’ => strtolower(get_option(‘simpleldap_account_type’))
    );

    //Get ID of new user

    $result = wp_insert_user($userData);
    }
    break;
    }

    return $result;
    }

  89. says

    Is it possible to have the LDAP department field come into a custom field I created in the wordpress user table?

    I have added the user_market into the wp_insert_user statement, but it doesn’t seem to be filling out the field in the table, you got any thoughts?
    function sll_create_wp_user($username)
    {
    global $ldap, $adldap;
    $result = 0;

    switch(get_option(‘simpleldap_directory_type’))
    {
    case “directory_ad”:
    $userinfo = $adldap->user_info($username, array(“samaccountname”,”givenname”,”sn”,”mail”,”department”));
    //Create WP account
    $userData = array(
    ‘user_pass’     => microtime(),
    ‘user_login’    => $userinfo[0][samaccountname][0],
    ‘user_nicename’ => sanitize_title($userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0]),
    ‘user_email’    => $userinfo[0][mail][0],
    ‘user_market’ => $userinfo[0][department][0],
    ‘display_name’  => $userinfo[0][givenname][0] .’ ‘.$userinfo[0][sn][0],
    ‘first_name’    => $userinfo[0][givenname][0],
    ‘last_name’     => $userinfo[0][sn][0],
    ‘role’ => strtolower(get_option(‘simpleldap_account_type’))
    );

    $result = wp_insert_user($userData); 
    break;

    case “directory_ol”:
    if($ldap == null) {return false;}
    $result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(LOGIN, ‘sn’, ‘givenname’, ‘mail’, ‘department’));
    $ldapuser = ldap_get_entries($ldap, $result);

    if ($ldapuser['count'] == 1) {
    //Create user using wp standard include
    $userData = array(
    ‘user_pass’     => microtime(),
    ‘user_login’    => $ldapuser[0][LOGIN][0],
    ‘user_nicename’ => sanitize_title($ldapuser[0]['givenname'][0].’ ‘.$ldapuser[0]['sn'][0]),
    ‘user_email’    => $ldapuser[0]['mail'][0],
    ‘user_market’ => $ldapuser[0]['department'][0],
    ‘display_name’  => $ldapuser[0]['givenname'][0].’ ‘.$ldapuser[0]['sn'][0],
    ‘first_name’    => $ldapuser[0]['givenname'][0],
    ‘last_name’     => $ldapuser[0]['sn'][0],
    ‘role’ => strtolower(get_option(‘simpleldap_account_type’))
    );

    //Get ID of new user

    $result = wp_insert_user($userData);
    }
    break;
    }

    return $result;
    }

        • clifgriffin says

          I have never heard of such a technique…and I’m nearly positive it isn’t designed to work that way.

          I know there are ways to add information to a user’s profile but I’m not personally familiar with them. From your modification, it looks like you have the right idea though and it shouldn’t be too hard to do once you find the correct method.

          • says

            and im just trying to bounce ideas off you, but how would you have gone about it? if you needed to capture the department of a new user…would you try and store it in the wp_usermeta table instead?

        • Clifton Griffin says

          I have never heard of such a technique…and I’m nearly positive it isn’t designed to work that way.

          I know there are ways to add information to a user’s profile but I’m not personally familiar with them. From your modification, it looks like you have the right idea though and it shouldn’t be too hard to do once you find the correct method.

          • says

            and im just trying to bounce ideas off you, but how would you have gone about it? if you needed to capture the department of a new user…would you try and store it in the wp_usermeta table instead?

          • Victor Gatnicki says

            Hi,

            I found a little bit of a bug with OpenLDAP. In file Simple-LDAP-Login.php if the LDAP search returns more than 1 item in the sll_create_wp_user method ADD USER fails.

            To fix this change: 
            if ($ldapuser['count'] == 1) {
            TO
            if ($ldapuser['count'] > 0) {

  90. Victor Gatnicki says

    Hi,

    I found a little bit of a bug with OpenLDAP. In file Simple-LDAP-Login.php if the LDAP search returns more than 1 item in the sll_create_wp_user method ADD USER fails.

    To fix this change: 
    if ($ldapuser['count'] == 1) {
    TO
    if ($ldapuser['count'] > 0) {

  91. says

    I  use your plugin. Is great but  i have the following urgent questions:

    *  I want to connect ala SSO against MS AD with my PC (Windows 7 Login) without the  need to  login in word press too. this is a overhead which my userns in the intranet not want.  Option 1:

    Authenticate WordPress users against LDAP. I will create the accounts in
    wordpress myself. (default)
    does not provide this functionality SSO.  how is this possibly?
    * how can i make user ldap login happend automatically without
    the need to login in wordpress  twice.  windows login account name should be used and connect automaticall. 
    * Can i connect automatically to LDAP without the neccisarity to  create a wordpress account too. is connecting againt LDAP and only using the account data from MS AD not enough . or is it neccessary to create a wordpress account too?
    * do you know an other plugin solution which solves my SSO problems?

    thx for your answer
    Chris
    from Austria, Linz

  92. Subversive says

    Hi, I’m having trouble getting the plugin to activate. I get the error: “Fatal error: Cannot redeclare class adLDAPException in
    C:inetpubwwwrootmysitewp-contentpluginssimple-ldap-loginadLDAP.php
    on line 2411″

    If I comment out that line, then I get the same error, but on a different line. If I comment out that line, then the error changes completely, it seems I’m just digging deeper. Would appreciate any suggestions. Thanks.

  93. Subversive says

    Hi, I’m having trouble getting the plugin to activate. I get the error: “Fatal error: Cannot redeclare class adLDAPException in
    C:inetpubwwwrootmysitewp-contentpluginssimple-ldap-loginadLDAP.php
    on line 2411″

    If I comment out that line, then I get the same error, but on a different line. If I comment out that line, then the error changes completely, it seems I’m just digging deeper. Would appreciate any suggestions. Thanks.

  94. todopoj says

    Hey Clif,
    Your plugins works really well with WP3.2.1 with just one exception.
    Once the plugin is activated it gets the users from AD just fine. But, then, none of the original wp users are able to log in.

    Keep getting this error:
    Simple LDAP Login Error: adLDAP may have errored. Message: Invalid credentials

    No shake either, like that for invalid credentials.

    Help is deeply appreciated.

  95. todopoj says

    Hey Clif,
    Your plugins works really well with WP3.2.1 with just one exception.
    Once the plugin is activated it gets the users from AD just fine. But, then, none of the original wp users are able to log in.

    Keep getting this error:
    Simple LDAP Login Error: adLDAP may have errored. Message: Invalid credentials

    No shake either, like that for invalid credentials.

    Help is deeply appreciated.

          • Hois Christian says

            i installed the plugin  and when i wanted to login i got the error:
            Test Results:
            Failure. Your settings do not seem to work yet or the
            credentials are either wrong or have insufficient group membership.

            i marked: LOW Mode as mentioned in other comments but it doesnt work.
            BUT: i have an simple LDAP_TEST.php script which works fine . there LDAP PHO Module works fine.
            why not your plugin. 

            please help
            Christian

          • Clifton Griffin says

            Hi Christian,

            Open another browser and try logging in. Set it to high security mode first. You should get a better error message.

            Clif

          • clifgriffin says

            In the plugin settings, set it to use High Security mode.

            Then, open a different browser. If you usually use IE9, open Chrome or Firefox. Then try logging in. See if it gives you a different error.
            The test form in the settings doesn’t always give great errors.

          • Clifton Griffin says

            In the plugin settings, set it to use High Security mode.

            Then, open a different browser. If you usually use IE9, open Chrome or Firefox. Then try logging in. See if it gives you a different error.
            The test form in the settings doesn’t always give great errors.

  96. Hois Christian says

    i installed the plugin  and when i wanted to login i got the error:
    Test Results:
    Failure. Your settings do not seem to work yet or the
    credentials are either wrong or have insufficient group membership.

    i marked: LOW Mode as mentioned in other comments but it doesnt work.
    BUT: i have an simple LDAP_TEST.php script which works fine . there LDAP PHO Module works fine.
    why not your plugin. 

    please help
    Christian

  97. Hois Christian says

    i tested it in crome  and set  plugin mode =  HIGH.
    same error :
    Failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership.

  98. says

    Hi

    Thx for your Tipp . now it works fine.

    One Question: I  want that all automatically created User accounts do not have the option “show admin menu” under the personal settings enabled. how can i control this?  can you give me a tipp how WordPress control this and where you rely on this settings and how can i overrule the default role settings of an user profile settings?

    thx su much for your tips and comments.

    Nice greatings from Austria
    Chris

  99. Lnlau says

    Hi guys,

    Does anyone know if this plugin work with AD LDS?
    I encountered failure. Your settings do not seem to work yet or the credentials are either wrong or have insufficient group membership when I tried to test out.
    Please help.

  100. Kevin says

    Latest update causing weird issues where admin logins using IE and Safari show blank white screens or Error 500.  Chrome seems to work fine.  

      • Clifton Griffin says

        Hi Kevin,

        The admin account only has problems in Chrome?

        Also, did you upgrade from 1.4.0.4?

        Sorry you’re having problems!
        Clif

        • Kevin says

          I thought it was just the admin account but I have staff now reporting issues on my sub blogs.  They are using IE.  When the issues started, last night after I updated to the latest version, IE and safari would not login using the local admin account.  Chrome would work.  I disabled the plugin and everything started working.  

          I reloaded the plugin from scratch and that did not solve the issue.  I thought I was fine though because Chrome worked.  Now even Chrome doesn’t work.  Not sure what I’m going to do now.  

  101. Adam says

    We were having problems with users who had a password that included a single quote.  It seems there is a need for:
    $password = stripslashes($password); in the authenticate function. 

    • Ian says

      I came here to make the same comment… single quote, double quote, and backslash all cause trouble.

  102. Phil says

    I was able to get your plugin without much effort, thanks! I had one quick question: If I change the password for an AD user that already exists in wordpress, is there a way to automatically update the wordpress password on a new login? thanks!

      • Clifton Griffin says

        Hi Joe,

        It isn’t possible at the moment. I believe it selects the Domain Controller randomly.

        I think it could probably be accomplished without a ton of effort, but it would definitely take a lot of testing. Unfortunately, I’m not setup to implement such a change at the moment.

        Clif

  103. Chris says

    I am getting an error.
    Simple LDAP Login Error: LDAP credentials
    are correct and user creation is allowed but an error occurred creating the user
    in WordPress. Actual WordPress error: Cannot create a user with an empty login
    name.Everything works ok if I manually add the network id to the users id. What is causing it not to pass the username? I suspect it’s a setting on the AD server

    • clifgriffin says

      Elvina,

      This is the first I’ve heard of this. The call to add the options page requires a level 10 user. This is a deprecated way of adding an options page, but it still works.

      You sure this this happening? How are you accessing the page from the subscriber role?

      Clif

      • elvina says

        Hi Cliff,
        I had it set up so that everyone needed to login to view our site, LDAP users were made subscribers. When they logged in, the wordpress dashboard shows them their profile and your plugin settings page. (using wordpress 3.2)

        i changed this line
        function simpleldap_admin_actions()
        {
            add_options_page(“Simple LDAP Login”, “Simple LDAP Login”, 10, “simple-ldap-login”, “simpleldap_menu”);

        }

        to:

        function simpleldap_admin_actions()
        {
            add_options_page(“Simple LDAP Login”, “Simple LDAP Login”, ‘install_plugins’, “simple-ldap-login”, “simpleldap_menu”);

        }
        and now it doesn’t show.

        cheers

  104. msuzer says

    Hi all,

    I used the plugin today for my wordpress blog against OpenLDAP. I want to contribute as I solved some problems for my installation.first: in openLDAP setups, usually, BASE_DN looks like: ou=users,dc=example,dc=com, so if someone miss ou part, it will not work.second: once you add ou=users, then the group authentication will fail. then you have to tweak the code in the main php file as: //$result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(‘cn’));
    $result = ldap_search($ldap, “ou=groups,dc=example,dc=com”, “memberuid=$username”, array(‘cn’));please note another change as “memberuid=$username”.I am not an expert, but these changes may hopefully help someone to make the setup work. And Clif may find these suggestions helpful to update the plugin.
    Thanks to Clif for this handy plugin.

  105. Cariberecord says

    Saludos, este pluing funciona como SSO, es decir que al registrarme en mi pagina me registre también en otro servidor? hay alguna documentación al respecto?  gracias. 

  106. Tony says

     Is there any way to automatically create all LDAP users in wordpress without them having to log in first? Maybe a script that would add users who aren’t already added and remove users who are no longer in LDAP?

  107. Tony says

     Is there any way to automatically create all LDAP users in wordpress without them having to log in first? Maybe a script that would add users who aren’t already added and remove users who are no longer in LDAP?

  108. Anonymous says

    Help!  I updated to  1.4.0.5.1 and the AD stuff works fine but I can’t log in as a local admin.  I need to log in as a local wordpress admin so I can access more options within wordpress for administration.  All the AD authenticated users can only write posts and read their drafts.

    Luckily I ran this on my wptest directory and database.  Its not affecting production, but I need a plan for when I do decide to upgrade production.

    The username should be admin and I put in the proper password and get:
    Simple LDAP Login Error: adLDAP may have errored. Message: Invalid credentials 

    • clifgriffin says

      I e-mailed you.

      For others: The simplest way to disable a plugin when you can’t get into WordPress Admin is to rename the plugin directory in wp-content/plugins/.
      Simple LDAP Login allows the user account with user ID 0 to login without going through LDAP. That account should always be the original admin account setup (though admin may not be the username obviously).

    • Clifton Griffin says

      I e-mailed you.

      For others: The simplest way to disable a plugin when you can’t get into WordPress Admin is to rename the plugin directory in wp-content/plugins/.
      Simple LDAP Login allows the user account with user ID 0 to login without going through LDAP. That account should always be the original admin account setup (though admin may not be the username obviously).

  109. xeiran says

    Great plugin, 1.4.0.5.1 even works with the latest 3.4.1 WordPress.  That said, login is still manual, even if authenticated against AD.  About a year ago Maartin Balliauw used your code to come up with a limited way to do single sign-on based on your code (only works if using IE), and posted his code on his blog at http://blog.maartenballiauw.be/post/2011/05/04/Wordpress-auto-sign-on-with-IIS7-and-a-plugin.aspx.

    Don’t know the social protocols to this, but would it be possible to integrate his code into yours?  His code works great, but when it creates a new user it simply fills in all the user fields with $username, as opposed to your code which goes to more trouble to fill in first and last name and such.  It would be great to see the functionality of both in the same plugin, especially since one is based on the other.

  110. xeiran says

    Great plugin, 1.4.0.5.1 even works with the latest 3.4.1 WordPress.  That said, login is still manual, even if authenticated against AD.  About a year ago Maartin Balliauw used your code to come up with a limited way to do single sign-on based on your code (only works if using IE), and posted his code on his blog at http://blog.maartenballiauw.be/post/2011/05/04/Wordpress-auto-sign-on-with-IIS7-and-a-plugin.aspx.

    Don’t know the social protocols to this, but would it be possible to integrate his code into yours?  His code works great, but when it creates a new user it simply fills in all the user fields with $username, as opposed to your code which goes to more trouble to fill in first and last name and such.  It would be great to see the functionality of both in the same plugin, especially since one is based on the other.

  111. Jurgen Weber says

    I could use some help. I am using wp 3.4.1 and ldap login 1.4.0.1. Using OpenLDAP.

    I have the correct settings, as far as I can tell but it does not auth. 

    Firstly, what is the account suffix option? is that just an AD thing?

    I need the login attribute to be uid, but as far as I can tell with my bad php it does not search for uid?

    $result = ldap_search($ldap, BASE_DN, ‘(‘ . LOGIN . ‘=’ . $username . ‘)’, array(‘cn’)); $ldapgroups = ldap_get_entries($ldap, $result);

    What is the ldapgroups? I do not want it to check any groups. Just search the base dn for the uid, if it is successful, it logs in.

    Thanks

  112. Wrobinson says

    Hello I tried to add your plugin to my WordPress site by it does not work? I am hosting my site on bluehost.com, but not on a dedicated server or IP address. Does your plugin need to be able to use the hosting companies port 389. Is there a command I can use to test if it is my hosting company. LDAP is working for all our other services.

    • Wrobinson says

      Here is the error:

      Fatal error: Uncaught exception ‘adLDAPException’ with message
      ‘No LDAP support for PHP. See: http://www.php.net/ldap‘ in
      /homepages/42/d404026612/htdocs/staging/wp-content/plugins/simple-ldap-login/adLDAP.php:338
      Stack
      trace:
      #0
      /homepages/42/d404026612/htdocs/staging/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php(60):
      adLDAP->__construct(Array)
      #1 /homepages/42/d404026612/htdocs/staging/wp-admin/plugins.php(142):
      include(‘/homepages/42/d…’)
      #2 /homepages/42/d404026612/htdocs/staging/wp-admin/plugins.php(144):
      plugin_sandbox_scrape(‘simple-ldap-log…’)
      #3
      /homepages/42/d404026612/htdocs/staging/wp-admin/network/plugins.php(16):
      require(‘/homepages/42/d…’)
      #4 {main}
      thrown in /homepages/42/d404026612/htdocs/staging/wp-content/plugins/simple-ldap-login/adLDAP.php on line 338

    • Wrobinson says

      Here is the error:

      Fatal error: Uncaught exception ‘adLDAPException’ with message
      ‘No LDAP support for PHP. See: http://www.php.net/ldap‘ in
      /homepages/42/d404026612/htdocs/staging/wp-content/plugins/simple-ldap-login/adLDAP.php:338
      Stack
      trace:
      #0
      /homepages/42/d404026612/htdocs/staging/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php(60):
      adLDAP->__construct(Array)
      #1 /homepages/42/d404026612/htdocs/staging/wp-admin/plugins.php(142):
      include(‘/homepages/42/d…’)
      #2 /homepages/42/d404026612/htdocs/staging/wp-admin/plugins.php(144):
      plugin_sandbox_scrape(‘simple-ldap-log…’)
      #3
      /homepages/42/d404026612/htdocs/staging/wp-admin/network/plugins.php(16):
      require(‘/homepages/42/d…’)
      #4 {main}
      thrown in /homepages/42/d404026612/htdocs/staging/wp-content/plugins/simple-ldap-login/adLDAP.php on line 338

      • BrettM says

        As your error message says, LDAP support is not enabled in your particular version of PHP, and it must be in order for this to work.  If this is a windows server you can have your hosting company enable it by adding “extension=php_ldap.dll” to the bottom of the php.ini file.  If it is a linux distro, PHP must be compiled with LDAP enabled.

        • Wrobinson says

           The hosting environment is a LAMP. How do I compile PHP with LDAP enabled? Is this something I would do or the hosting company would have to?

  113. Tony says

    When you are on the “Users” page of a single site or in the multisite network admin (where you can browse through all of your users) and you click the “Add New” button at the top of this page, it redirects you to user-new.php which is the standard wordpress ‘add new user’ page.

    I feel that button should send you to the Simple LDAP plugin page instead so that site admins don’t accidentally add local WP users to their site. Any way to change where that “Add New” button directs you?

    The rest of the “Add User” buttons on the menu bar send you to the correct Simple LDAP add user page so I think this may be a bug/oversight.

    Thanks for the great plugin!

  114. Vanavah says

    I am looking to buy a plugin that would allow me to authenticate and auto-login users into word press by passing the login credentials.  Does your plugin do that?

  115. Obloochi says

    I have one ladp server configured ans i have added 10 users. I am using sample ldap login plugin for logging in to wordpress. What i am trying to do is, i need only 5 out of 10 users to login to the wordpress. Other 5 won’t be having access to wordpress. How can i achieve this?
    thanks in advance….

     

  116. Anonymous says

    I want to now get this to work with secure ldap.  We moved domain controllers to 2008 R2 and now through group policy want to enforce secure ldap binds first (refuse cleartext).  Clear text ldap binds are a security concern because they are susceptible to replay attacks.  We want to go ldaps (secured).  Domain trust certificate is installed via domain autoenrollment and I think I need to install a certificate on the wordpress box as part of this. I tried simply using the Use TLS checkbox in this plugin but it just hangs.  I was reading here how to get Apache to work with ldap and further down is Configuring secure LDAP : LDAPS http://www.frank4dd.com/howto/apache/apache-ldap-active-directory.htm  I did verify secure LDAP is working on our servers through a Microsoft resource utility ldp.exe.  Secure LDAP uses port 636 or 3269.

    Thanks for any input you may have!

  117. cypherstream says

    I want to now get this to work with secure ldap.  We moved domain controllers to 2008 R2 and now through group policy want to enforce secure ldap binds first (refuse cleartext).  Clear text ldap binds are a security concern because they are susceptible to replay attacks.  We want to go ldaps (secured).  Domain trust certificate is installed via domain autoenrollment and I think I need to install a certificate on the wordpress box as part of this. I tried simply using the Use TLS checkbox in this plugin but it just hangs.  I was reading here how to get Apache to work with ldap and further down is Configuring secure LDAP : LDAPS http://www.frank4dd.com/howto/apache/apache-ldap-active-directory.htm  I did verify secure LDAP is working on our servers through a Microsoft resource utility ldp.exe.  Secure LDAP uses port 636 or 3269.

    Thanks for any input you may have!

  118. phearism says

    I’ve just installed php 5.3.24 with ldap enabled (this is confirmed through phpinfo and I’ve checked in php.ini). I’ve then installed wordpress 3.5.1 (windows 2008). Both fresh installations.

    The issue is when trying to activate simple ldap login I’m still getting the ‘no ldap support for php’ error.

    After seeing a post about IIS being funny I have copied libeay32.dll and ssleay32.dll from c:/php into windows/system32 and restarted IIS. I’ve also checked PHPRC is in the environmental variables and pointing to the right place.

    Any ideas why it wont recognise that ldap is enabled? Have I missed something?

    Thanks in advance for any help and advice!

    • clifgriffin says

      I’m not sure. It’s possible that adLDAP needs to be updated to work with PHP 5.3, though I’d assume I’d have heard more issues if this were the case. Please let me know if you find a solution.

    • clifgriffin says

      I’m not sure. It’s possible that adLDAP needs to be updated to work with PHP 5.3, though I’d assume I’d have heard more issues if this were the case. Please let me know if you find a solution.

  119. says

    Hi all,
    i’ve fixed problem with authentication.
    the problem is solved with change authentication level from 2 to 3 in the files.
    maybe it’s best pratice have this possibility setting in the admin interface in next release.

      • says

        it’s simple, i’ve changed in all files where’re present from: define (‘LDAP_VERSION’, 2); to define (‘LDAP_VERSION’, 3);
        But it’s more simple for non-coders people have this params in configuration options where you’ve a test form.

      • says

        it’s simple, i’ve changed in all files where’re present from: define (‘LDAP_VERSION’, 2); to define (‘LDAP_VERSION’, 3);
        But it’s more simple for non-coders people have this params in configuration options where you’ve a test form.

  120. says

    Hi all,
    i’ve fixed problem with authentication.
    the problem is solved with change authentication level from 2 to 3 in the files.
    maybe it’s best pratice have this possibility setting in the admin interface in next release.

  121. pesinet says

    ADLPS authentication problem with AD in the cloud through Federation Services.

    I am facing the problem when I try to authenticate againts AD on the cloud. We have a federation services company in the middle, they sent me all the parameter but still is not working. Any idea if this plugin works with federation services?

  122. pesinet says

    ADLPS authentication problem with AD in the cloud through Federation Services.

    I am facing the problem when I try to authenticate againts AD on the cloud. We have a federation services company in the middle, they sent me all the parameter but still is not working. Any idea if this plugin works with federation services?

    • clifgriffin says

      Thanks for the updates, ellenm1. I really need to rewrite this plugin from the groundup. This is one of the first plugins I wrote, and it shows!

    • clifgriffin says

      Thanks for the updates, ellenm1. I really need to rewrite this plugin from the groundup. This is one of the first plugins I wrote, and it shows!

  123. Nikki Brown says

    I want to integrate AD to our wordpress site using this simple ldap login plugin. However, our wordpress site is located at hostgator and not at our physical site. Will we be able to use this plugin? Or does the wordpress site and LDAP server need to be located on the same physical network?

    • clifgriffin says

      Your web server must be able to talk directly to your LDAP server on the appropriate ports. It doesn’t matter if they are on the same physical network.
      However, I’d hazard a guess that your network security team will not be in favor of opening up your LDAP servers to Hostgator.

      Clifton Griffin
      WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)

      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

    • clifgriffin says

      Your web server must be able to talk directly to your LDAP server on the appropriate ports. It doesn’t matter if they are on the same physical network.
      However, I’d hazard a guess that your network security team will not be in favor of opening up your LDAP servers to Hostgator.

      Clifton Griffin
      WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)

      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

  124. Matt says

    Im getting this error when activating plugin. I’m almost 99% sure everything is enabled and ready to go. Any thoughts?

    Warning:
    require_once(C:inetpubwwwroot/wp-content/pluginspluginssimpleLDAPupdate_for_WP3.5simple-ldap-loginadLDAP.php):
    failed to open stream: No such file or directory in
    C:inetpubwwwrootwp-contentpluginssimpleLDAPupdate_for_WP3.5Simple-LDAP-Login.php
    on line 10
    Fatal error: require_once(): Failed opening required
    ‘C:inetpubwwwroot/wp-content/pluginspluginssimpleLDAPupdate_for_WP3.5simple-ldap-loginadLDAP.php’
    (include_path=’.;C:phppear’) in
    C:inetpubwwwrootwp-contentpluginssimpleLDAPupdate_for_WP3.5Simple-LDAP-Login.php
    on line 10

  125. Matt says

    Im getting this error when activating plugin. I’m almost 99% sure everything is enabled and ready to go. Any thoughts?

    Warning:
    require_once(C:inetpubwwwroot/wp-content/pluginspluginssimpleLDAPupdate_for_WP3.5simple-ldap-loginadLDAP.php):
    failed to open stream: No such file or directory in
    C:inetpubwwwrootwp-contentpluginssimpleLDAPupdate_for_WP3.5Simple-LDAP-Login.php
    on line 10
    Fatal error: require_once(): Failed opening required
    ‘C:inetpubwwwroot/wp-content/pluginspluginssimpleLDAPupdate_for_WP3.5simple-ldap-loginadLDAP.php’
    (include_path=’.;C:phppear’) in
    C:inetpubwwwrootwp-contentpluginssimpleLDAPupdate_for_WP3.5Simple-LDAP-Login.php
    on line 10

  126. says

    The upgrade from 1.4 to 1.5 broke the plugin for me. I had to roll it back. This is what my php log shows…
    PHP Warning: array_rand() expects parameter 1 to be array, string given in C:inetpubblogwp-contentpluginssimple-ldap-loginincludesadLDAP.php on line 2294

    • clifgriffin says

      Thanks for letting me know. Can you tell me the error message you received? —
      Sent from Mailbox for iPhone

      • says

        I updated my original post, but this is what my php log says…

        PHP Warning: array_rand() expects parameter 1 to be array, string given in C:inetpubblogwp-contentpluginssimple-ldap-loginincludesadLDAP.php on line 2294

        • clifgriffin says

          Very odd. It’s using the same version of adLDAP. I’ll investigate in the morning! —
          Sent from Mailbox for iPhone

  127. Uwe Willenbacher says

    So I updated today from version 1.4.0.5.1 to your latest version 1.5.1 and it broke my login:( Even restoring the older plugin made no difference after the upgrade – somehow the only thing that brought me “back to live” was a drop DB and restore DB:( You mentioned to “test before upgrade – how could I do that? I am more then happy to help out fixing this but I am not sure how since all I have is my production environment. I am using WordPress 3.5.2 on a Mac (Lion) server. My PHP version is 5.3.15 and no, there was nothing written to the Apache error log:(

    Cheers,

    - Uwe Willenbacher

    • clifgriffin says

      Hi Uwe,

      Really sorry it broke your site. This comment made me realize it wasn’t very wise to clean up the old settings on activation of the new version since that makes rollbacks harder.
      I’m working on a couple of bug fixes now…I’ll release a 1.5.2 that won’t blow away the 1.4.0.5.1 settings so it should be much easier to test.
      Kind regards,
      Clif

      Clifton Griffin
      WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)

      That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

  128. Alberto Ingrao says

    Hi, i’ve updated your plugin via worpress update and the users can’t login into the blog (1.5.2 plugin version).

    When i reinstall version 1.4.0.1 the users can login.

    the error message is: invalid password

  129. ellenm1 says

    1.52 is not working for me: in all settings fields I get “Notice: Undefined variable: thix in E:wpwpwp-contentpluginssimple-ldap-loginSimple-LDAP-Login.php, repeated many times, followed by the old, stored settings follow. I can still login as an existing LDAP user, but I’m going to roll this back.

    • HK Qoo says

      I turned on DEBUG and see:

      Notice: Undefined variable: thix in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: Trying to get property of non-object in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: Undefined variable: thix in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: Trying to get property of non-object in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: Undefined variable: thix in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: Trying to get property of non-object in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: wp_enqueue_script was called incorrectly. Scripts and styles should not be registered or enqueued until the wp_enqueue_scripts, admin_enqueue_scripts, or login_enqueue_scripts hooks. Please see Debugging in WordPress for more information. (This message was added in version 3.3.) in /var/www/html/wp-includes/functions.php on line 3012

    • HK Qoo says

      I turned on DEBUG and see:

      Notice: Undefined variable: thix in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: Trying to get property of non-object in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: Undefined variable: thix in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: Trying to get property of non-object in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: Undefined variable: thix in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: Trying to get property of non-object in
      /var/www/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
      on line 156

      Notice: wp_enqueue_script was called incorrectly. Scripts and styles should not be registered or enqueued until the wp_enqueue_scripts, admin_enqueue_scripts, or login_enqueue_scripts hooks. Please see Debugging in WordPress for more information. (This message was added in version 3.3.) in /var/www/html/wp-includes/functions.php on line 3012

  130. Uwe Willenbacher says

    I just created my first user with the simple LDAP plugin version 1.5.2 and realized that the LDAP information (Username, FName, LName and email address) does NOT get populated in the WordPress account….that could be a potentially big problem and I wonder how I can troubleshoot that? BTW: I just noticed you posted version 1.5.3 – might that fix the problem and is it compatible with openLDAP?

  131. Uwe Willenbacher says

    version 1.4 works -> 1.5.x does not. Again, this is using openLDAP running on Mac OS not Directory Service

  132. pkirill says

    Hi – I just installed 1.53 and it connects to AD just fine. However when creating WP user accounts, only the username (sAMAccountname) is brought over. Is there simple fix to bring over the email, first and last as well? I have installed on a WP 3.6 installation that is running on an internal Windows/IIS server.

  133. pkirill says

    Hi – I just installed 1.53 and it connects to AD just fine. However when creating WP user accounts, only the username (sAMAccountname) is brought over. Is there simple fix to bring over the email, first and last as well? I have installed on a WP 3.6 installation that is running on an internal Windows/IIS server.

  134. Franck says

    Hi. First of all, thanks for this nice plugin. I have just upgraded to 1.5.4 and wanted to turn group filtering on but it didn’t work. Checking the code quickly in Simple-LDAP-Login.php it seems that in the case of OpenLDAP group filtering is made on cn:
    ldap_search($this->ldap, $this->get_setting(‘base_dn’), ‘(‘ . $this->get_setting(‘ol_login’) . ‘=’ . $username . ‘)’, array(‘cn’));
    $user_groups[] .= $ldapgroups[$i]['cn'][0];

    This is rather strange since the common name should contain the user name, and actually if i put my complete name in the Required Groups config field I can authenticate, add a typo and it fails.
    On a “standard” OpenLDAP I think group filtering should be made either à la Unix on the gidNumber or checking for the user’s dn being a member in a groupOfNames.
    Cheers.

  135. Franck says

    Hi. First of all, thanks for this nice plugin. I have just upgraded to 1.5.4 and wanted to turn group filtering on but it didn’t work. Checking the code quickly in Simple-LDAP-Login.php it seems that in the case of OpenLDAP group filtering is made on cn:
    ldap_search($this->ldap, $this->get_setting(‘base_dn’), ‘(‘ . $this->get_setting(‘ol_login’) . ‘=’ . $username . ‘)’, array(‘cn’));
    $user_groups[] .= $ldapgroups[$i]['cn'][0];

    This is rather strange since the common name should contain the user name, and actually if i put my complete name in the Required Groups config field I can authenticate, add a typo and it fails.
    On a “standard” OpenLDAP I think group filtering should be made either à la Unix on the gidNumber or checking for the user’s dn being a member in a groupOfNames.
    Cheers.

  136. Uwe Willenbacher says

    Hey there,

    I just upgraded to the latest version 1.5.4 and indeed, my earlier problems seem fixed – Thank you! However, I think I found another problem to the plugin: I am about to add the requirement to belong to a specific LDAP group for a login to work, however, that does not seem to function. Any idea why that might be?

    Do I need to add any specific syntax to the “Required Groups” field or am I just to add the name or the shortname for that group?

    Thanks in advance,

    - Uwe

    P.S.: I agree with the previous post: Nice plugin – Thanks a bunch for all your hard work…

    P.P.S.: I amy be the only one on this, but I do miss the simple username password LDAP query/verification to check if the configuration is correct and a given user actually exists…maybe that could be a feature to be added back by “choice”, i.e. a hidden div if you want to hide it?

  137. RK says

    Hi, Thanks for the plugin, but I noticed that the user information like name and email are not populating when the account is automatically created. I have version 1.5.4.

  138. JesseJohnson says

    The auto-creation of accounts does not seem to work… If I prebuild the user in WP it works great for authentication. Otherwise the user is just displayed the following error:

    Notice: Use of undefined constant givenname – assumed ‘givenname’ in
    /var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
    line 353

    Notice: Use of undefined constant sn – assumed ‘sn’ in
    /var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
    line 353

    Notice: Use of undefined constant mail – assumed ‘mail’ in
    /var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
    line 354

    Notice: Use of undefined constant givenname – assumed ‘givenname’ in
    /var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
    line 356

    Notice: Use of undefined constant sn – assumed ‘sn’ in
    /var/www/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on
    line 357

    Am I missing something?

  139. Troy says

    Just installed this module & having troubles getting it to work. In drupal i just specify o=xxx for the base dn and the uid for the UserName attribute and it works. Can i do something similar with this module?

  140. John says

    Thanks for developing this plugin. I’d like to get it to work on my site.

    I installed the plugin and set the Base DN to dc=mycompany,dc=com, which matches the base setting in ldap.conf. But when I try to log in to WordPress using credentials that are stored in LDAP, the login is rejected. Here is the connection in my LDAP logs:

    Oct 16 10:28:23 myserver slapd[16063]: conn=310610 fd=42 ACCEPT from IP=127.0.0.1:60487 (IP=0.0.0.0:389)
    Oct 16 10:28:23 myserver slapd[16063]: conn=310610 op=0 do_bind: invalid dn (=john.lastname,dc=mycompany,dc=com)
    Oct 16 10:28:23 myserver slapd[16063]: conn=310610 op=0 RESULT tag=97 err=34 text=invalid DN
    Oct 16 10:28:23 myserver slapd[16063]: conn=310610 op=1 UNBIND
    Oct 16 10:28:23 myserver slapd[16063]: conn=310610 fd=42 closed

    When I use an LDAP browser I can verify that the user does exist at cn=john.lastname,ou=people,dc=mycompany,dc=com

    Can you tell me what I’m doing wrong? Thanks in advance.

  141. Uwe Willenbacher says

    Hey there, I just installed Version 1.5.5and it the “Required Groups” still does not work? Any idea what I am doing wrong, how to troubleshoot this. I would like to implement this feature, but each time I enter an exiting LDAP Group in the “Required Groups” fields my my login fails (yes, I am part of the necessary group and yes, I tried the Long name, the short name as well as the group ID – same result with all three…

  142. Martin says

    Hi, got a question.. in plugin configuration there is a notice : Do not specify an OU here. …. Question: where should i specify OU and other stuff? Thanks

  143. Luca Beltrame says

    I assume it only works with anonymous binds? Because I’ve disabled them, and thus nothing seems quite to work. How to debug the authentication process?

    • clifgriffin says

      Any actions it take that require authentication use the user info at the time they are logging in. So, if it can’t bind, it will fail. If it can bind, it will check their group membership and other requirements to determine if login proceeds.

      This model leverages the fact that all users in an LDAP system should be able to access these basic things and prevents us from having to do independent authentication.

      The best way to debug is to use two browsers. You should get helpful error messages that will point you in the right direction.

  144. Luca Beltrame says

    I assume it only works with anonymous binds? Because I’ve disabled them, and thus nothing seems quite to work. How to debug the authentication process?

    • clifgriffin says

      Any actions it take that require authentication use the user info at the time they are logging in. So, if it can’t bind, it will fail. If it can bind, it will check their group membership and other requirements to determine if login proceeds.

      This model leverages the fact that all users in an LDAP system should be able to access these basic things and prevents us from having to do independent authentication.

      The best way to debug is to use two browsers. You should get helpful error messages that will point you in the right direction.

  145. Michael O'Keeffe says

    Hi Clifton,

    We installed this plugin, but some users in our environment are members of lots of groups – when unpacked, one of our users is a member of 722 groups.

    This causes issues with one of your functions running into the PHP memory allocation limit (set at 128mb, though we’ve now lifted it to 256mb).

    Function definition: public function recursive_groups(group) at line 756 of includesadLDAP.php

    I didn’t want to mess with the plugin’s code myself, but have you considered using the LDAP recursive filter? This should be faster than recursing inside PHP, and saves execution time on the webserver.

    We use this elsewhere;

    $filter = ‘(memberof:1.2.840.113556.1.4.1941:=’.$groupToFind.’)’;
    $search = ldap_search($this->connection, $userDN, $filter, array(‘dn’), 1);
    $items = ldap_get_entries($this->connection, $search);

    Just a suggestion – thanks for the great plugin.

  146. htc123 says

    Hi Clifton,

    Good morning. I am new to use ldap. Could I ask you a question on ldap plugin please?

    Basically what I need to do is to use ldap plugin to authenticate a user that is belong to a group called Group1 and pass the credential of Group1 to WordPress for authentication. Is this possible to do in ldap plugin?

    E.g.
    User1 ID login to system. He/she belongs to Group1 group. ldap then pass Group1/password (Not User1) to WordPress to login.

    Your help is greatly appreciated.

  147. Maximilian Pecha says

    Hey Clifton

    We are using a wordpress site with your LDAP plugin for our company’s intranet site. At the moment we are faceing problems with users that have special chracters in their passwords – they can’t login to the wordpress site. Is there any possibilty to fix that issue?
    Thanks a lot!

  148. Maximilian Pecha says

    Hey Clifton

    We are using a wordpress site with your LDAP plugin for our company’s intranet site. At the moment we are faceing problems with users that have special chracters in their passwords – they can’t login to the wordpress site. Is there any possibilty to fix that issue?
    Thanks a lot!

  149. John says

    Hi Clifton,

    Great, simple, plugin! The only problem that I’ve had with it is that users generated with the Simple LDAP Login plugin have user_nicename values with a space, which breaks the WordPress author link. Changing the space to a hyphen or changing the user_nicename value to match the user_login fixes this problem. It would be great if this could be looked at for a next release.
    Thanks!

  150. jimS says

    Hi,
    first i must say that i am new to ldap “things” and i came around to your plugin.
    we want to connect wordpress with our ldap server.

    if i understand correctly we are using special user for binding. Here are some details.

    server = “192.168.11.1″
    identity = “cn=root,dc=mailusers,dc=com”
    password = test
    basedn = “dc=mailusers,dc=com”
    filter = “(&(title=wp)(uid=%{User-Name}))”

    So i am asking you if it’s possible to connect wp with your plugin to openldap with above settings?

    Thank you very much.

  151. Tobias says

    Hello there… Just to let you know: I’d really like the TLS feature to be implemented. We have our open ldap servers set up to only accept encrypted connections.

    Anyway, thanks for your hard work.

  152. says

    Hi

    I have just installed word press 3 on Windows server 2008 32 bit Machine with My Sql ,IIS and PHP 5 with ldap and mysql.

    I have done the procedure described by you for installing simple ldap login by placing it in wp-content and under settings i also done.

    i have several queries,
    does this work for windows server 2008 32 bit Active Directory
    i need to enter domain details in adldap.php and simple-ldap-login.php.
    once i successful the ldap users can post comment only if they login using their username and password.
    I’m very helpful if u reply on my email id

  153. lexter-groove says

    Hello the It service at the company i work for requires the following info to access the LDAP directory (OpenLDAP) but the settings page of the plugin doesn’t have the sane label for every field and some fields are missing like a password…

    Can you help me with the making a link between the seetings if the plugin and the one required by openladap of my company…

    Ldap: ldapauth.company.com

    Base DN : ou=PersonCompany,o=sqli,c=com

    User DN : uid=authappli,o=companyi,c=com

    Port : 389

    password : ******

  154. Ian Altgilbers says

    We have a similar restriction for users who have “private” LDAP entries… Those entries are only discoverable if the plugin makes an authenticated bind before doing its user search. I hacked the code and hardcoded the password to make it work for us.
    Unfortunately, it seems to have broken as a multi-site plugin… Older versions used to work with WPMU, but the current version only seems to work on the “root blog” in a Network Install.

    Ian

  155. clifgriffin says

    I’m thinking that maybe you have the wrong version of PHP installed or something (PHP 5 is required). In any rate, you can rename the folder to “deactivate” the plugin. Once it is deactivated, you can rename it back to the original name.

    Let me know if you find any specific errors in the logs and I’ll see if I can help you.

  156. clifgriffin says

    I’m not extremely familiar with LDAP filters, sorry. If you look at the code, it’s pretty simple so I think if you know what you want to do you can figure it out. Good luck!

  157. says

    The upgrade from 1.4 to 1.5 broke the plugin for me. I had to roll it back. This is what my php log shows…
    PHP Warning: array_rand() expects parameter 1 to be array, string given in C:inetpubblogwp-contentpluginssimple-ldap-loginincludesadLDAP.php on line 2294

  158. clifgriffin says

    Thanks for letting me know. Can you tell me the error message you received? —
    Sent from Mailbox for iPhone

  159. says

    I updated my original post, but this is what my php log says…

    PHP Warning: array_rand() expects parameter 1 to be array, string given in C:inetpubblogwp-contentpluginssimple-ldap-loginincludesadLDAP.php on line 2294

  160. clifgriffin says

    Very odd. It’s using the same version of adLDAP. I’ll investigate in the morning! —
    Sent from Mailbox for iPhone

  161. Uwe Willenbacher says

    So I updated today from version 1.4.0.5.1 to your latest version 1.5.1 and it broke my login:( Even restoring the older plugin made no difference after the upgrade – somehow the only thing that brought me “back to live” was a drop DB and restore DB:( You mentioned to “test before upgrade – how could I do that? I am more then happy to help out fixing this but I am not sure how since all I have is my production environment. I am using WordPress 3.5.2 on a Mac (Lion) server. My PHP version is 5.3.15 and no, there was nothing written to the Apache error log:(

    Cheers,

    - Uwe Willenbacher

  162. clifgriffin says

    Hi Uwe,

    Really sorry it broke your site. This comment made me realize it wasn’t very wise to clean up the old settings on activation of the new version since that makes rollbacks harder.
    I’m working on a couple of bug fixes now…I’ll release a 1.5.2 that won’t blow away the 1.4.0.5.1 settings so it should be much easier to test.
    Kind regards,
    Clif

    Clifton Griffin
    WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)

    That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

  163. clifgriffin says

    I just uploaded version 1.5.2 with several bug fixes. Please let me know if it works for you if you have a chance to test it. And please relay all error messages if it does not work.
    Thanks!

    Clifton Griffin
    WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)

    That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

  164. Uwe Willenbacher says

    So I just updated and I seem to be able to log in:) I have to say that I do miss the little test box (username/password) with “instant” result… Anyhow, I did find one, visual, bug: I have a completely “locked down” site and when the user hits the login page the (reddish) LDAP error page immediately shows: “Simple LDAP Login could not authenticate your credential…” Yes, I have the “High security mode” enabled…

  165. clifgriffin says

    Hi Uwe,

    I’ve heard one other complaint on that. Very odd!

    I’ll take a look and see what I can figure out. Thanks for getting back with me.
    Kind regards,
    Clif

    Clifton Griffin
    WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)

    That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

  166. clifgriffin says

    Hi Uwe,

    I’ve heard one other complaint on that. Very odd!

    I’ll take a look and see what I can figure out. Thanks for getting back with me.
    Kind regards,
    Clif

    Clifton Griffin
    WordPress Consultant / Shopp (http://mbsy.co/b6jG) Expert | clifgriffin@gmail.com (mailto:clifgriffin@gmail.com) | 434.229.2474 | @clifgriffin (http://twitter.com/clifgriffin)

    That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

  167. Alberto Ingrao says

    Hi, i’ve updated your plugin via worpress update and the users can’t login into the blog (1.5.2 plugin version).

    When i reinstall version 1.4.0.1 the users can login.

    the error message is: invalid password

  168. ellenm1 says

    1.52 is not working for me: in all settings fields I get “Notice: Undefined variable: thix in E:wpwpwp-contentpluginssimple-ldap-loginSimple-LDAP-Login.php, repeated many times, followed by the old, stored settings follow. I can still login as an existing LDAP user, but I’m going to roll this back.

  169. Uwe Willenbacher says

    I just created my first user with the simple LDAP plugin version 1.5.2 and realized that the LDAP information (Username, FName, LName and email address) does NOT get populated in the WordPress account….that could be a potentially big problem and I wonder how I can troubleshoot that? BTW: I just noticed you posted version 1.5.3 – might that fix the problem and is it compatible with openLDAP?

  170. clifgriffin says

    Hi Uwe,

    I’ll see what I can find out. Thanks for your patience.

    Clif

    Clifton Griffin
    WordPress Consultant | Shopp Core Contributor | http://cgd.io | @clifgriffin (http://twitter.com/clifgriffin)

    That’s the difference between me and the rest of the world! Happiness isn’t good enough for me! I demand euphoria! – Calvin and Hobbes

  171. Uwe Willenbacher says

    version 1.4 works -> 1.5.x does not. Again, this is using openLDAP running on Mac OS not Directory Service

  172. John says

    Thanks for developing this plugin. I’d like to get it to work on my site.

    I installed the plugin and set the Base DN to dc=mycompany,dc=com, which matches the base setting in ldap.conf. But when I try to log in to WordPress using credentials that are stored in LDAP, the login is rejected. Here is the connection in my LDAP logs:

    Oct 16 10:28:23 myserver slapd[16063]: conn=310610 fd=42 ACCEPT from IP=127.0.0.1:60487 (IP=0.0.0.0:389)
    Oct 16 10:28:23 myserver slapd[16063]: conn=310610 op=0 do_bind: invalid dn (=john.lastname,dc=mycompany,dc=com)
    Oct 16 10:28:23 myserver slapd[16063]: conn=310610 op=0 RESULT tag=97 err=34 text=invalid DN
    Oct 16 10:28:23 myserver slapd[16063]: conn=310610 op=1 UNBIND
    Oct 16 10:28:23 myserver slapd[16063]: conn=310610 fd=42 closed

    When I use an LDAP browser I can verify that the user does exist at cn=john.lastname,ou=people,dc=mycompany,dc=com

    Can you tell me what I’m doing wrong? Thanks in advance.

Trackbacks

Leave a Reply