Great plugin – really saved a tonne of time on our MU installation, using Active Directory; many thanks.

We’d love to try out SSO as well – I can’t understand the reference to “Windows Authentication” needs to be activated in the “wp-login.php” – there’s no reference to this in wp-login.php .

Is it a complex piece of custom coding that is required, rather than a simple ‘switch’ to enable somewhere in wp-login.php?

cheers!

Hi Aaron!

Yes exactly. We added the LDAP plugin into an existing WPMU installation after the fact. The user in question does have LDAP set as his authentication, but it doesn’t validate unless he uses his old password from his local user settings. Also, this person is an Admin (if that makes a difference?)

We have LDAP authentication enabled on site wide, and have turned on the ‘auto create WMPU accounts’. Because of the latest issue where LDAP isn’t working, I have also had to turn on ‘create local users’ because otherwise it locks me out too.

Since sending the initial message, I’ve done some digging and noted that someone else had an issue where the authentication used a different Search DN or User DN than the users were on. Example: The account I am using to connect with (and verify the LDAP) is a non-expiring Service Account (OU=Service Accounts), but the users are all using expiring user accounts (OU=Users). Could this in fact be my issue? Do I need to use a user account and not a service account?

Thanks again for all your help and hard work!

- Nicole

If they are new users, is the plugin configured to auto create users from ldap?

I am not a developer, (I’m a designer) so any help you can give me in relatively easy tech-speak would be much appreciated!

Ajdin :I get LDAP Connection Test: Successful! message when testing but users cannot login. I’m using the same username/password to login as set in LDAP Options. I’m using TikiWiki with LDAP and that works fine. No PHP errors in error log, server log nothing as well. DebugOn() is set but still no output. Show PHP error is off in php ini but log errors is on. Running Linux AD on Windows.

I wrongly set LDAP Type to Linux instead of Windows but also had to make some changes to Attributes. CDould not find equivalent to Mac Address in my attrib list but that didn’t seam to matter. From Linux you can use this command to check attribs (ldap on windows requires authentication)
ldapsearch -h your.ldap.server.com -D “CN=Firstname Surname (username),OU=Something1,DC=Somethin2,DC=Something3,DC=Something4″ -x -W -A -b “CN=Firstname Surname (username),OU=Something1,DC=Somethin2,DC=Something3,DC=Something4″ > somefile.txt