andreas.heigl.org

This is a plugin that allows you use your LDAP to authenticate and authorise users to access your wordpress web-log.

Installation should be as simple as instalaltion of every wordpress-plugin. Simply unzip the downloaded file, put it into your wordpress-installations plugins-folder and activate it.

After activation you can configure the plugin via the options-panel.

How does the plugin work?

Well, as a matter of fact it is rather simple. The plugin verifies, that the user seeking authentification can bind to the LDAP using the provided password.

If that is so, the user is either created or updated in the wordpress-user-database. This update includes the provided password (so the wordpress can authenticate users even without the LDAP), the users name according to the authLDAP-preferences and the status of the user depending on the groups-settings of the authLDAP-preferences

 Writing this plugin would not have been as easy as it has been, without the wounderfull plugin of Alistair Young from http://www.weblogs.uhi.ac.uk/sm00ay/?p=45

Configuration

Usage Settings

Enable Authentication via LDAP

Whether you want to enable authLdap for login or not

debug authLdap

When you have problems with authentication via LDAP you can enable a debugging mode here.

Server Settings

LDAP Uri

This is the URI where your ldap-backend can be reached. More information are actually on the Configuration page

Filter

This is the real McCoy! The filter you define here specifies how a user will be found. Before applying the filter a %s will be replaced with the given username. This means, when a user logs in using ‘foobar’ as username the following happens:

uid=%s

check for any LDAP-Entry that has an attribute ‘uid’ with value ‘foobar’

(&(objectclass=posixAccout)((!(uid=%s)(mail=%s)))

check for any LDAP-Entry that has an attribute ‘objectclass’ with value ‘posixAccout’ and either a UID- or a mail-attribute with value ‘foobar’

This filter is rather powerfull if used wisely.

Creating Users

Name-Attribute

Which Attribute from the LDAP contains the Full or the First name of the user trying to log in. This defaults to name

Second Name Attribute

If the above Name-Attribute only contains the First Name of the user you can here specify an Attribute that contains the second name.
This field is empty by default

User-ID Attribute

This field will be used as login-name for wordpress. Please give the Attribute, that is used to identify the user. This should be the same as you used in the above Filter-Option.
This field defaults to uid

Mail Attribute

Which Attribute holds the eMail-Address of the user?
If more than one eMail-Address are stored in the LDAP, only the first given is used
This field defaults to mail

Web-Attribute

If your users have a personal page (URI) stored in the LDAP, it can be provided here.
This field is empty by default

User-Groups for Roles

Group-Attribute

This is the attribute that defines the Group-ID that can be matched against the Groups defined further down
This field defaults to gidNumber.

Group-Filter

Here you can add the filter for selecting groups for the currentlly logged in user
The Filter should contain the string %s which will be replaced by the login-name of the currently logged in

Tags: auth, ldap, wordpresss