Today I had to login into one of my WP powered weblogs, running the wpDirAuth 1.3 plugin which I wrote about in this previous post. Surprisingly, it returned me the error message “No directory server available for authentication”. No change was made in the last few days in my infrastructure, and I soon discovered that all user accounts in my Active Directory were able to succesfully authenticate with the only exception of mine!
A few minutes have been necessary to understand that the problem was lying in the password I changed yesterday, which was including an apostrophe (‘). It seems that the function parsing this variable in WordPress automatically puts a backslash (\) escape character before the apostrophe, in order to pass it correctly to the builtin authentication function. The matter was the way the ldap_bind() PHP function was sending the password to my domain controllers, including the unnecessary (in this case) escape character.
I’m not a developer, but I think I resolved this issue, simply by adding the line in bold to the wpDirAuth_bindTest() function in the file wpDirAuth.php:
function wpDirAuth_bindTest(&$connection, &$username, &$password)
{
   $password = strtr($password, array(“\'”=>”‘”));
   if ( ($isBound = @ldap_bind($connection, $username, $password)) === false ) {
     // @see wpLDAP comment at http://ashay.org/?page_id=133#comment-558
     $isBound = @ldap_bind($connection,”uid=$username,$baseDn”, $password);
   }
   return $isBound;
}
Since the returned error message was also incorrect (it should be a “check credentials” warning, not a “server unreacheable” error), I’ve also included the change suggested by Clint in the last part of his message “I have a bug fix for 1.3…“.
I’ve also succesfully tested this modified wpDirAuth plugin against different Active Directory instances on WordPress 2.6 and I’ve genereted two patch to upgrade from both 1.2 and 1.3 version. Here are the links:
If you prefer to use directly the 1.4 release I’ve also prepeared a pre-patched copy that you can download it here.
Since that’s not my job, I’m not sure to have done a good thing by defining this as the new 1.4 release, and I’ll be glad to receive any suggestion about it.
In any off your testing have you used the Require SSL Login option. After upgrading to 2.6, Site Admin only works under https. Clicking on the Site Admin link after going back to View Site puts you in an endless loop asking for the login again. With older versions only the Login used https.
I never tested that option. I’ve just activated it and it seems not to work with WP 2.6. I’m investigating the effectiveness of the Admin SSL plugin instead.
Hi Andrew,
You guys have done some great work.
Have you or Adam tried to get these (1.3, 1.4) updates put into the SVN under the offical dev site?
http://plugins.trac.wordpress.org/browser/wpdirauth/
I have a patch to 1.3 to add TLS support, not sure where to put it. (I just found your 1.4 patch today).
Hi Sean, thanks for your appreciation. I’ve no access to the repository, neither I plan to request a login, both because my work keeps me too busy and because… well, coding is not my work, actually! 🙂
If you or any other DEV guy out there has the ability to do that, I’ll be proud to give this little contribution to the plugin development.
I think that authentication integration with the most used directory services is a key feature of WordPress, and it’s surely the first one whom corporate IT admins would look for, when planning to give a blog to each employee by using its MU version.
These might be the next goals, IMO:
Obviously, anyone is free to grab these little lines of code from this site and commit them to the WordPress Plugins SVN repository, and to tell me whatever more I can do to support this plugin’s development!
Tank U so mush =8- D
It just works!
Hi!
Thank you for the update. It work perfect, but I have a problem, It didn’t disable the “lost password” link on login page. Do you know how to solve it?
Thanks
Obviously this is a “look-only” problem, since there is no chance to workaround the directory service security policies through the WordPress password recovery function. I don’t know how to disable a WP function using a plugin, so I suggest you to comment out or remove the lines containing the link “Lost your password” in the file wp-login.php
It’s pretty trivial, and even “error-proof” if you make a program do the job for you. For example, you can type this text in your command line:
% sed ‘/Lost your password/d’ wp-login.php
Pingback: Delta Phi
Pingback: Andrew’s personal weblog» Blog Archive » wpDirAuth versions
thank for your sharing
🙂
I’m not working with WP 2.7, when I try to login it shows me this error message:
Directory Login Error:
wpDirAuth config error: No directory server available for authentication, OR pre-binding credentials denied.
I try to hack the code and add a custom connection string “uid=username,ou=people,dc=domain,dc=com” which has worked but now I have the followed message:
Directory Login Error: Could not authenticate user. Please check your credentials. [user_xpto]
Any hints?
Sorry to bother, I actually fixed my issue by editing the line
“elseif ($userID = wp_create_user($userLogin, $password, $userEmail)) {” by adding the users_can_register option verification like this =
“elseif (($userID = wp_create_user($userLogin, $password, $userEmail)) && ( get_option(‘users_can_register’) ) ) {”
Hope this helps other users