clifgriffin / simple-ldap-login Goto Github PK

We assign users an email address on our domain, but use their original email address on Wordpress. Is it possible to allow authentication against both email addresses? Something like:

1. Given <[email protected]>
And <username> is in LDAP
Then succeed

2. Given <[email protected]>
And <[email protected]> is in Wordpress
Then succeed

In addition to the regular logic for Simple LDAP Login:

3. Given <username>
And <username> is in LDAP
Or <username> is in Wordpress
Then succeed

We currently handle scenarios 2 & 3. Is supporting scenario 1 possible (even if it means dropping scenario 3)?

• If I set just one server, for instance, [email protected], it works.
• if I set just one server, for instance, 172.16.35.10, it works
• if I set two (or more) servers separated by a semicolon, for instance, [email protected];172.16.35.10, IT DOES NOT WORK (ok, names mixed with numbers are difficult to understand, right?)
• but (this is really terrible), if I put two servers separated by a semicolon, for instance, 172.16.35.10;172.16.35.11 IT DOES NOT WORK EITHER.

please tell me, installed the plugin. Login by ad works. But no data is saved in the WordPress profile. Only mail as login

http://joxi.ru/BA0x401HpwnkqA

http://joxi.ru/Vm6Nbx9Hv0aJPm

http://joxi.ru/KAx15obSKqPOzr

In both Chrome or Firefox, always get this error message at first sign in attempt:
ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.

But then you just try to sign in again and it works fine.

Can the code be changed so instead of displaying that message, it takes what you entered for username and password and just does the second submission automatically, because in my experience sign in always works as long as that error message is flagged and on the screen.

The full error is: Simple LDAP Login: Simple LDAP Login could not authenticate your credentials. The security settings do not permit trying the WordPress user database as a fallback.
I have hosted 2 servers one for Ldap and One for Wordpress. The firewall allow all traffic to these servers.
My simple-ldap settings are: https://s3.ap-south-1.amazonaws.com/cloudtransfer123/simpleldapsettings.png
Here i have used test.com for test purposes on LDAP server too.
My Ldap user settings: https://s3.ap-south-1.amazonaws.com/cloudtransfer123/user.png
https://s3.ap-south-1.amazonaws.com/cloudtransfer123/user1.png

Apologies if I missed this, but if it's not possible to do authenticated that would be very useful - our LDAP server does not allow anonymous binds at all.

Hello,

I cannot seem to figure out how to activate this plugin for just a few pages of our website (http://bei.brighamandwomens.org/). Instead of requiring a login to get into the entire site, I was hoping to implement it on just a few pages. Would you be able to provide me with the steps to do so? I have filled out the settings for the plugin but now can't figure out how to include it on specific pages.

Please let me know! Thanks so much.

Steps to reproduce:

1. Create the following DNs in an OpenLDAP directory:

   • DN: cn=group1,ou=groups,dc=example,dc=com
   • DN: uid=usera,ou=subdomain,dc=example,dc=com
   • add usera to group1 (appears as member attribute)

2. Set the following Simple LDAP Login settings:

   • Base DN: ou=subdomain,dc=example,dc=com
   • Required groups: group1
   • Group Base DN: ou=groups,dc=example,dc=com
   • LDAP Login Attribute: uid
   • LDAP Group Attribute: cn

3. Attempt to log in as usera

What should happen:

Login is successful.

What happens instead:

Login fails with "Your LDAP credentials are correct, but you are not in an authorized LDAP group."

Is there a syntax issue here?

Notes:

• If I remove the setting "Required groups: group1", the login succeeds.
• If I remove the setting "Group Base DN", login fails with the same error message.

Hello,

I am trying to integrate LDAP-for-Plex (https://github.com/hjone72/LDAP-for-Plex) into your plugin.

It is a very simple LDAP server that pulls users from Plex Media Server. I have it running on my server, but i'm having trouble filling out the fields within your plugin.

The only information i'm given from LDAP-for-Plex is the following:

LDAP URL: ldap://localhost:2389/ou=users,o=plex.tv
LDAP Search Filter: (cn={0})

Not sure if that helps at all, just would like some guidance if possible.

Wordpress 4.9.1
Simple LDAP Login 1.6.0

When reviewing my debug logs for an unrelated issue, I saw this message multiple times:

PHP Notice:  Undefined variable: version in /var/www/html/puri.sm/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on line 54

Some bugs are fixed in master branch, but no new version on Wordpress.
So I can't rely on wpackagist... And as you don't have a composer.json, I can't just include your plugin via composer either.

Thanks

Please make a new release as the latest 1.6.0 still suffers from the syntax error fixed in e3084c8

This is a feature request. It would be useful to be able to set the role the user should have in the LDAP directory.

Are there any network specific requirements (i.e. NAT rules, ACL's, or port requirements) that I should be aware of, in order to get this plugin to work? Also, my WP site is hosted with a 3rd party host.. Will this cause any issues with getting the plugin to work?

Hi !
I was using an old Active Directory plugin and using yours after the upgrade of my wordpress. My users are registered with there 'cn' as login username.

I got a wierd issue :

• If i set Account suffix to @blabla.com: my already existing users can still login as "user" or as "[email protected]". My freelance user ([email protected]) can not log in with either "freelance" nor "[email protected]"
• If i do not set Account suffix: my already existing users can not log anymore with "user" and an error appears with "[email protected]": Simple LDAP Login Error: LDAP credentials are correct and user creation is allowed but an error occurred creating the user in WordPress. Actual error: Sorry this email address is already used (translated). If the user does not exist, it will be created with its mail adresse as login username. My freelance user can not log with "freelance" but can with "[email protected]".

Is it normal that the Account Suffix get this influence over the login process ?

Thank you very much !

Lately I've been seeing the following warning on a test server with WP_DEBUG turned on:

Warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in [...]/wp-content/plugins/simple-ldap-login/includes/adLDAP.php on line 2687

I'm unable to log in because the warning causes the headers to abort.

Turning off WP_DEBUG_DISPLAY allows me to log in, but I would prefer to know that my LDAP plugin wasn't throwing deprecation warnings.

I am using WSO2IS as LDAP and user/login works nice with your plugin but not able to map user attributes as First Name, Email, etc no matter the value I choose in the config form. Any clue?

Hi, before all : great thanks for your plugin it's a must have.
It will be so nice to implement a function that permit in the tab Advanced in the extraordinary section :

• To check a box to asserved WP roles with AD/LDAP group membership
  -> If this box is checked the role of the user in WP will be defined by the AD / LDAP user belonging to the group
• Below you offered us to mapp the 5 five basics WP roles with five AD/LDAP different groups
  -> Thus if a user is part of a group he will get the role related to this group

but... I have a dream...
Best regards and thanks for all

The display name is not set when a user is created with LDAP.

I'm trying to map the data coming from Active Directory but I'm having difficulties.

Could someone share debug code to help me?

@robisonweb

I had a user unable to log in to his WordPress sites after he changed his password to something that contained a single quote ('). He changed his password to something without the offending character, and he was able to log in.

Here's the scenario:

• We have legacy users using Wordpress-based authentication
• We want to migrate them to LDAP-based authentication, with minimal manual intervention. Something like:

If credentials not in LDAP
And credentials in Wordpress
Then re-create credentials in LDAP
And login is successful

After installing simple-ldap-login, how do we get legacy users onto the LDAP database? Or is this not supported by this plugin?

If this plugin is installed as an mu-plugin on a multisite network, it doesn't get recognized as being a network install and instead treats it as an active plugin on each individual site on the network(s).

At first glance, this looks like it's because it uses is_plugin_active_for_network() to check, but that function returns false for mu-plugins (apparently because they can't be "activated").

Could use is_multisite() and get_mu_plugins() to check this status when necessary.

Hello when I download the plugin I get the following error

Fatal error: Uncaught exception 'adLDAPException' with message 'No LDAP support for PHP. See: http://www.php.net/ldap' in /home/content/p3pnexwpnas13_data01/10/3032010/html/wp-content/plugins/simple-ldap-login/includes/adLDAP.php:338 Stack trace: #0 /home/content/p3pnexwpnas13_data01/10/3032010/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php(34): adLDAP->__construct(Array) #1 /home/content/p3pnexwpnas13_data01/10/3032010/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php(61): SimpleLDAPLogin->__construct() #2 /home/content/p3pnexwpnas13_data01/10/3032010/html/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php(563): SimpleLDAPLogin::getInstance() #3 /home/content/p3pnexwpnas13_data01/10/3032010/html/wp-admin/includes/plugin.php(1934): include('/home/content/p...') #4 /home/content/p3pnexwpnas13_data01/10/3032010/html/wp-admin/plugins.php(164): plugin_sandbox_scrape('simple-ldap-log...') #5 {main} thrown in /home/content/p3pnexwpnas13_data01/10/3032010/html/wp-content/plugins/simple-ldap-login/includes/adLDAP.php on line 338

Hi,
On all simple-ldap-login versions pre-1.6.0 (example 1.5.5) on wordpress multi-site installation, ldap preferences was setup on a per-site way: every site got his simple-ldap-login preferences.
On all our wp multisite installtions, upgrading to simple-ldap-login v 1.6.0 broke every login: nobody is unable to login, and simple-ldap-login's preferences are empty.
To make it works i need to go on the master site (the first site of a network installation), re-setup simple-ldap-login preferences, then it works.
But this got some drawbaks:

• i can't setup simple-ldap-login on a per-site basis, on every subsite there isn't the "Simple LDAP Login" on the "Settings" menu. That was a simple-ldap-login feature that diffentiate it from other similar plugin (= active-directory-integration)
• simple-ldap-login's one click upgrade will broke a lot of multi-site installations

Could you revert to simple-ldap-login per site-setup?

Regards

Hi Cliff,

Got WordPress running on v4.5.2. According to the details tab on the Simple LDAP plugin installed in WP, I get the following info:
Version: 1.6.0
Author: Clif Griffin Development Inc.
Last Updated: 2 months ago
Requires WordPress Version: 3.4 or higher
Compatible up to: 4.5.0 ----------------------------------> so this is not compatible on the current version I use ---version 4.5.2?

SimpleLDAP version 1.6.0 seems to be the latest version. Is that right?

What do you suggest I do since Sinple LDPA has never been tested on this WP version?

Thanks

We're experiencing issues while configuring the plugin. In our opinion we used the correct settings, and we tried the settings on a different machine as well with a ldap test tool.

But somehow, the plugin won't let us connect using ad credentials at our wordpress website.

Can I find any log files which will help me out?

Thanks in advance!

I installed this plugin to our wordpress blog site, after configuring this plugin I'm not able to login to my site getting http error 500. Any suggestions how to resolve this issue or how to remove the plugin so that I can reinstall it again.

Steps to reproduce:

1. Create the following DNs in an OpenLDAP directory:

   • DN: uid=usera,ou=sub1,dc=example,dc=com
   • DN: uid=userb,ou=sub2,dc=example,dc=com

2. Set the following Simple LDAP Login settings:

   • Base DN: dc=example,dc=com
   • Search Sub OUs: Yes

3. Attempt to log in as usera, then as userb

What should happen:

Login is successful for both users.

What happens instead:

Login fails for both users.

Notes:

• If I set "Base DN" to "ou=sub1,dc=example,dc=com", then usera can log in.
• If I set it to "ou=sub2...", then userb can log in.

Hi,
I use your plugin on several WP wites.
But, in a specific case, I need to use the restriction on group membership with a non-standard LDAP attribute.
To be clear: is it possible to customize the attribute containing groups (here instead of 'memberOf' the LDAP provide 'groupMemberOf') ?
This could be an interesting development in the administration interface to customize this attribute.
Regards,
Yvan

Subject says all, see pull request #62 for fix. Tested on PHP 7.4.12 but should work all the way back to before PHP 5.1 (2008) when the deprecation warning was initially intended.

I'm using a simple-ldap-login with an Active Directory that has some strange records.

On function authenticate of adLDAP.php I had to put a custom code:

    // Bind as the user        
    $ret = true;
    $this->_bind = @ldap_bind($this->_conn, $username . $this->_account_suffix, $password);
    // custom code - begin
    if (!$this->_bind) {
        if ($username === 'rodrigo.davila') {
            $this->_bind = @ldap_bind($this->_conn, "rodrigo d'avila" . $this->_account_suffix, $password);
            if (!$this->_bind) $this->_bind = @ldap_bind($this->_conn, "rodrigo.d'avila" . $this->_account_suffix, $password);
            if (!$this->_bind) $this->_bind = @ldap_bind($this->_conn, "rodrigo davila" . $this->_account_suffix, $password);
        } else if ($username === 'suzane.santana') {
            $this->_bind = @ldap_bind($this->_conn, "suzane sant'ana" . $this->_account_suffix, $password);
            if (!$this->_bind) $this->_bind = @ldap_bind($this->_conn, "suzane.sant'ana" . $this->_account_suffix, $password);
            if (!$this->_bind) $this->_bind = @ldap_bind($this->_conn, "suzane santana" . $this->_account_suffix, $password);
        } else {
            $this->_bind = @ldap_bind($this->_conn, str_replace('.',' ',$username) . $this->_account_suffix, $password);
        }
    }
    // custom code - end
    if (!$this->_bind){ $ret = false; }

Some users has a "dot" between their username, like "thiago.negri" and other users have a space, like "clifton griffin". Other users has an apostrophe on their name, like "rodrigo.d'avila".

The Active Directory installation has no standard/default on how to handle these.

To make it as painless as possible to login into the site, I retry the authentication with different combinations before forbidding the login request.

As I've changed the code of the plugin directly, I'm aware that I have to redo this custom logic on updates. -- I just got bitten when updating for the newest version. :)

I would appreciate If you could add a hook at that point so I can add my custom retry-magic to it.

Thanks!

I already use Simple LDAP to authenticate with AD, but I would like to register a new user, he does not save the password in the database.

Could someone help me?

[ ] 'Robison

I've been using SimpleLDAP (simply) for years. But it hasn't been tested or updated in quite some time. I began ("proactively") looking for an alternative, only to find not many good (simple) options.

Then in running updates (on dev, thankfully) I received what I was trying to avoid ...

Fatal error: Uncaught Error: Call to undefined function ldap_connect() in /data/blogs/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php:368 Stack trace: #0 /data/blogs/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php(300): SimpleLDAPLogin->ldap_auth() #1 /data/blogs/wp-includes/class-wp-hook.php(287): SimpleLDAPLogin->authenticate() #2 /data/blogs/wp-includes/plugin.php(206): WP_Hook->apply_filters() #3 /data/blogs/wp-includes/pluggable.php(549): apply_filters() #4 /data/blogs/wp-includes/user.php(95): wp_authenticate() #5 /data/blogs/wp-login.php(1248): wp_signon() #6 {main} thrown in /data/blogs/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php on line 368

Any thoughts on this? Or continued maintenance of the plugin?

Thank you kindly. It's served us well.

When i try to login, i got : Simple LDAP Login could not authenticate your credentials. The security settings do not permit trying the WordPress user database as a fallback.

On my LDAP server (Debian 9, OpenLDAP 2.4.44) when I add a users to a group, the group gets new attributes "member: uid=user1,ou=example,ou=com" and "member: uid=user2,ou=example,ou=com"

The user does not get a "memberOf" attribute.

Is there a specific OpenLDAP schema I should be using? Or would SLL need to be enhanced to support this alternate group notation (seems similar to a comment by @phyrog in #15 )?