wpDirAuth

Installing should be a piece of cake and take fewer than ten minutes, provided you know your directory server(s) information, and that your blog is allowed to connect and bind to it/them. Please refer to your friendly neighbourhood LDAP sysadmin for more information. Or use a LDAP browser (e.g. Apache Directory Studio) to test/research what your specific connections settings need to be.

1. Upload the wpDirAuth directory to the /wp-content/plugins/ directory.
2. Login to your WordPress instance as an admin user.
3. Activate the plugin through the 'Plugins' menu in WordPress.
4. Go to the wpDirAuth menu found in the WordPress Settings section.
5. Enter your directory server(s) information, Bind DN + password and set your preferences. You should now be able to login as a directory user.

1.10.7

• Bug fix: Corrects an issue with parameter order with implode() for users on PHP v8.0 and above. Apologies for two updates in one day. Big shoutout to https://www.forumsys.com/ for providing a publicly accessible LDAP instance for testing purposes.

1.10.6

• Bug Fix: Reset Password button was showing up in ad-authenticated users' profile due to a removed global variable, that was removed starting at WordPress v6. Huge shout-out to user @silsbyc for assisting me in troubleshooting this one.

1.10.5

• Bug Fix: LDAP properties for first/last name were reversed. Credit to @mradojevic for catching that.

1.10.4

• Bug Fix: In multisite, when adding a user from the network admin panel, generated email would always link to https instead of the adhering to the option Require SSL Login.

1.10.3.

• minor bug fix. Was missing user id when removing old password

1.10.2

• fix bug where array of properties passed to ldap_search was in the wrong format.

1.10.1

• Added filter wpdirauth_ldap_user_keys
• removed call to deprecated function force_ssl_login()

1.9.4

• Correction to fix incompatibility with a couple of other plugins

1.9.3

• Action/Filter hooks now available. Documentation: http://www.gilzow.com/_wpdirauth/hooks/
• Cookie time-out. The authentication cookie's time-out can now be set in the settings panel. Time entered shoudl be in hours. Default is still one hour.
• Added PHP 5.2.X support (broken in previous versions), but this will likely be the last version that supports PHP versions less than 5.3
• CSS Changes in the settings area
• Fixed bug from 1.8.1 that allowed certain AD-authed users to still authenticate when directory authentication was disabled

1.8.1

• I had forgotten that wp-login.php, for some odd reason, triggers the login/authenticate functions/filters when a user arrives to the page via GET method, even when the action parameter isn't set. This was causing wpDirAuth to generate a WP_Error object when a user initially visited the page. If you were using another plugin that records login failures (e.g. anti Brute Force) this would result in two failed attempts for every single actual failed attempt. Or if you are monitoring for failed attempts (e.g. Sucuri, iThemes Security) then you would receive false warnings of a failed login attempt using an "Unknown" username.
• Fix more typos
• Clean up the README cuz goodness it was a mess

1.8.0

• wpDirAuth now uses the authenticate filter hook instead of overriding wp_authenticate() in pluggable.php. This should increase its compatibility with other plugins that hook authenticate. HOWEVER, if you have another plugin that overrides wp_authenticate and doesn't apply the authenticate filter, wpDirAuth will not work.
• Changed the Settings menu name from Directory Auth. to wpDirAuth
• Removed a possible XSS / Redirection vulnerability if SSL Required was set to true in wpDirAuth, the user visited the non-ssl'ed version of a site and an attacker injected/spoofed the HTTP_HOST header.
• Prevent direct file access
• Fixed a couple of typos
• Updated license to GPLv2 or later
• Changed the Safe Mode error messages to better explain the issues

1.7.17

• bugfix - a local user account on systems using PHP version < 5.3.9 would fail authentication, even if correct password was used. Many thanks to @tommcgee for helping me track this one down.

1.7.16

• minor bugfixes that were causing PHP warning errors in specific situations.

1.7.15

• let's try this again. filter wpdirauth_filterquery will pass THREE parameters: current AD filter, the account filter as set in the wpDirAuth settings and the username of the person attempting to authenticate. Callback function must pass back a valid AD filter.

1.7.14

• Why no 1.7.13? Because I'm superstitious.
• Added hookable filter wpdirauth_filterquery. Will pass 2 parameters: the current AD filter and the username of the person attempting to authenticate. Callback function must pass back a valid AD filter.
• v4.4.2 of wordpress changed some of the roles & caps. Role create_users no longer allows admins who do not posses super-admin privilege in a multisite to see the wpDirAuth add user menu item when in a site. changed the cap to add_users, but will continue to research

1.7.12 missed an instance of split (deprecated php function). 1.7.11 Adding stripslashes_deep because wordpress. 1.7.10 Bug fixes and minor clean-up 1.7.9

• The plugin no longer automatically creates accounts for directory-authenticated users who log into the site. You can enable this behavior in the plugin settings, but it is no longer the default behavior.
• Not sure why but I never set the plugin up to block Directory-Authenticated users from attempting to use the wordpress builtin password reset tool. It can't actually change the password, but it definitely caused confusion among users. wpDirAuth now blocks directory-authenticated users from using the password reset tool.
• Removed a bunch of deprecated function calls.
• Cleaned up some of the debugging messages.

1.7.6 Corrected situation where a new authenticated user logging into a child site in a multisite network was added to the parent site, instead of the child site where they initiated the login. Also, somewhere along the way, I reintroduced a bug that when using authentication groups, the plugin would fail to redirect a successfully logged in user. 1.7.5

• PLEASE NOTE Beta testers of the 1.7.X branch prior to version 1.7.5, you will need to deactivate wpdirauth before you updgrade to this latest version. Once you have installed and network activated the plugin, it will copy your options from their previous location to the sitemeta table. You will only need to do this once. This will also work for anyone who was using the 1.6.X branch or older and plans on using it in MULTISITE mode.
• MULTISITE support, bug fixes, security enhancements

1.6.1

• Corrected a bug that would prevent user profiles from successfully being found. Thanks go to jgiangrande for identifying the problem area.

1.6.0

• Added Add Dir Auth User to Admin User menu. Now able to pre-add Directory Authenticated users and assign roles where previously users would have to log in first, and then have an admin change their role.

1.5.2

• Added ability to limit logins to specific AD groups. Fixed a bug that produced an incorrect filter when using a single Authentication Group

1.5.1

• Remove default password nag for wpdirauth accounts