fabacab / wp-ldap Goto Github PK
View Code? Open in Web Editor NEW:busts_in_silhouette::office: Manage your LDAP DIT using your WordPress Dashboard.
Home Page: https://wordpress.org/plugins/wp-ldap/
License: GNU General Public License v3.0
:busts_in_silhouette::office: Manage your LDAP DIT using your WordPress Dashboard.
Home Page: https://wordpress.org/plugins/wp-ldap/
License: GNU General Public License v3.0
If a user was created before wp-ldap is activated, the user is never update because it was never created in ldap.
profile_update should create the missing LDAP entry.
Please find the updated code
$sb = self::getSearchBaseDN();
$LDAP->setBaseDN( $sb );
$search_results = $LDAP->search(
'(&(objectClass=inetOrgPerson)(uid=' . API::escape_filter( $WP_User->user_login ) . '))'
);
if ( 1 > count( $search_results ) ) {
$LDAP_User = new \WP_LDAP\User();
$LDAP_User->setWordPressUser( get_userdata( $user_id ) );
$LDAP->add(
$LDAP_User->getEntityDN( $sb ),
apply_filters( self::prefix . 'user_to_entity' , $LDAP_User->wp2entity() )
);
} else {
$LDAP->modify(
$LDAP_User->getEntityDN( $sb ),
apply_filters( self::prefix . 'user_to_entity', $LDAP_User->wp2entity() )
);
}
PHP Warning: ldap_modify(): Modify: No such object in [WORDPRESS_ROOT]/wp-content/plugins/wp-ldap/includes/class-wp-ldap-api.php on line 189
Warning: ldap_modify(): Modify: No such object in [WORDPRESS_ROOT]/wp-content/plugins/wp-ldap/includes/class-wp-ldap-api.php on line 189
The LDAP entry should be deleted when the WP user is deleted.
I'd like to outline what needs to get done to install what's needed on the server. In the case we use Debian with Apache. Maybe we can work together on this?
As of now, I believe that a user that is created in WordPress can/will create a user on NextCloud, probably can work with Piwik too. However that is an individual account without specific access to anything that may be shared. Maybe we can outline some use cases to plan for.
Since we are working with a WordPress multisite, and in some cases multinetwork, users may be administrators or editors of one or multiple website. Maybe there's a way to define this and say if xyz role also add access to a group in NextCloud and can view that sites analytics in Piwik, for example. However, subscribers would just be a user across applications with no additional group associations.
Looking at NextCloud specifically users management also has groups, how can we tie into this? Initial thought is Site Admin is Admin of a group of that site and editors maybe users with access.
What's the best way to outline this?
It is possible to hijack a user's account by registering the same username as one that has been deleted by a Super Admin. Imagine the following scenario:
The second human to register the same username ("UserA") is now in control over any SSO-linked accounts using the given username because those other applications (Nextcloud, for instance), will be searching the LDAP DIT and will find a matching record. As password resets are sync'ed from the WordPress DB to the LDAP DIT, this second registration effectively re-sets the account password as well, obviating the need to crack the original user's password hash.
This situation arises only if a Super Admin manually removes the WordPress user record from WordPress's database, as otherwise WordPress will not permit a registration using the existing username, but this isn't that far-fetched of a possibility.
One clear mitigation is to embed the auto-incrementing user ID that the MySQL database generates as part of the wp_users
table into the LDAP DN, so that when (3) happens in the timeline above, the LDAP entity associated with this second human's registration will be distinct from the first human's registration, despite both users having the same uid
value in the LDAP DIT (i.e., user_login
on the WordPress side).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.