authLdap Plugin
Use your existing LDAP flexible as authentication backend for WordPress
Use your existing LDAP as authentication-backend for your wordpress!
So what are the differences to other WordPress-LDAP-Authentication-Plugins?
- Flexible: You are totaly free in which LDAP-backend to use. Due to the extensive configuration you can freely decide how to do the authentication of your users. It simply depends on your filters
- Independent: As soon as a user logs in, it is added/updated to the WordPress’ user-database to allow wordpress to always use the correct data. You only have to administer your users once.
- Failsafe: Due to the users being created in WordPress’ User-database they can also log in when the LDAP-backend currently is gone.
- Role-Aware: You can map WordPress’ roles to values of an existing LDAP-attribute.
For more Information on the configuration have a look at https://github.com/heiglandreas/authLdap
Installation
- Upload the extracted folder
authLdap
to the /wp-content/plugins/
directory - Activate the plugin through the ‘Plugins’ menu in WordPress
- Configure the Plugin via the ‘authLdap’-Configuration-Page.
FAQ
Where can I find more Informations about the plugin? Go to https://github.com/heiglandreas/authLdap
Where can I report issues with the plugin? Please use the issuetracker at https://github.com/heiglandreas/authLdap/issues
Where can I report sensitive security issues with the plugin? In essence: Report a security vulnerability at https://github.com/heiglandreas/authLdap/security/advisories/new
Please see https://github.com/heiglandreas/authLdap/blob/master/SECURITY.md for more details
Changelog
2.6.2
- Fix issue with Groups not being updated on existing accounts (see https://github.com/heiglandreas/authLdap/issues/250 for details)
2.6.0
- Fix reducing assigned WordPress roles to single role on login when WordPress roles shall be kept
- Add Behavioural testing and first 3 scenarios
2.5.9
- Adds information about security-contacts
- Addresses CVE-2023-41655
2.5.8
- Fix regression from 2.5.7
2.5.7
- Fix regressions from 2.5.4
- Fix CI system
2.5.4
2.5.3
- Fix issue with broken role-assignement in combination with WooCommerce
- Fix spelling issue
- Allow DN as role-definition
2.5.0
- Ignore the order of capabilities to tell the role. In addition the filter
editable_roles
can be used to limit the roles
2.4.11
- Fix issue with running on PHP8.1
2.4.9
- Improve group-assignement UI
2.4.8
- Make textfields in settings-page wider
2.4.7
- Replace deprecated function
- Fix undefined index
- Add filter for retrieving other params at login (authLdap_filter_attributes)
- Add do_action after successfull login (authLdap_login_successful)
2.4.0
- Allow to use environment variables for LDAP-URI configuration
2.3.0
- Allow to not overwrite existing WordPress-Users with LDAP-Users as that can be a security issue.
2.1.0
- Add search-base for groups. This might come in handy for multisite-instances
2.0.0
- This new release adds Multi-Site support. It will no longer be possible to use this plugin just in one subsite of a multisite installation!
- Adds a warning screen to the config-section when no LDAPextension could be found
- Fixes an issue with the max-length of the username
1.5.1
- Fixes an issue with escaped backslashes and quotes
1.5.0
- Allows parts of the LDAP-URI to be URLEncoded
- Drops support for PHP 5.4
1.4.20
- Allows multiple LDAP-servers to be queried (given that they use the same attributes)
- Fixes issue with URL-Encoded informations (see https://github.com/heiglandreas/authLdap/issues/108)
1.4.19
1.4.14
- Update to showing password-fields check (thanks to @chaplina)
1.4.13
- Removed generation of default email-address (thanks to @henryk)
- Fixes password-hashing when caching passwords (thanks to @litinoveweedle)
- Removes the possibility to reset a password for LDAP-based users (thanks to @chaplina)
- Removes the password-change-Email from 4.3 on (thanks to @litinoveweedle)
- Fixes double authentication-attempt (that resulted in failed authentication) (thanks to @litinoveweedle)
1.4.10
- Cleanup by removing deprecated code
- Fixes issues with undefined variables
- Enables internal option-versioning
- Setting users nickname initially to the realname instead of the uid
- Fixes display of password-change possibility in users profile-page
1.4.9
- Fixed an issue with changing display name on every login
- Use proper way of looking up user-roles in setups w/o DB-prefix
1.4.8
1.4.7
- Use default user to retrieve group menberships and not logging in user.
- return the UID from the LDAP instead of the value given by the user
- remove unnecessary checkbox
- Adds a testsuite
- Fixes PSR2 violations
[…]
1.2.1
- Fixed an issue with group-ids
- Moved the code to GitHub (https://github.com/heiglandreas/authLdap)
1.1.0
- Changed the login-process. Now users that are not allowed to login due to
missing group-memberships are not created within your blog as was the standard
until Version 1.0.3 – Thanks to [email protected] - Changed the default mail-address that is created when no mail-address can be
retrieved from the LDAP from [email protected] to [email protected] so that
a new user can be created even though the mail address already exists in your
blog – Also thanks to [email protected] - Added support for WordPress-Table-prefixes as the capabilities of a user
are interlany stored in a field that is named “$tablePrefix_capabilities” –
again thanks to [email protected] and also to sim0n of silicium.mine.nu