authLdap

May 18, 2024

authLdap Plugin

Use your existing LDAP flexible as authentication backend for WordPress

Use your existing LDAP as authentication-backend for your wordpress!

So what are the differences to other WordPress-LDAP-Authentication-Plugins?

  • Flexible: You are totaly free in which LDAP-backend to use. Due to the extensive configuration you can freely decide how to do the authentication of your users. It simply depends on your filters
  • Independent: As soon as a user logs in, it is added/updated to the WordPress’ user-database to allow wordpress to always use the correct data. You only have to administer your users once.
  • Failsafe: Due to the users being created in WordPress’ User-database they can also log in when the LDAP-backend currently is gone.
  • Role-Aware: You can map WordPress’ roles to values of an existing LDAP-attribute.

For more Information on the configuration have a look at https://github.com/heiglandreas/authLdap

Installation

  1. Upload the extracted folder authLdap to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Configure the Plugin via the ‘authLdap’-Configuration-Page.

FAQ

Where can I find more Informations about the plugin?

Go to https://github.com/heiglandreas/authLdap

Where can I report issues with the plugin?

Please use the issuetracker at https://github.com/heiglandreas/authLdap/issues

Where can I report sensitive security issues with the plugin?

In essence: Report a security vulnerability at https://github.com/heiglandreas/authLdap/security/advisories/new

Please see https://github.com/heiglandreas/authLdap/blob/master/SECURITY.md for more details

Changelog

2.6.2

  • Fix issue with Groups not being updated on existing accounts (see https://github.com/heiglandreas/authLdap/issues/250 for details)

2.6.0

  • Fix reducing assigned WordPress roles to single role on login when WordPress roles shall be kept
  • Add Behavioural testing and first 3 scenarios

2.5.9

  • Adds information about security-contacts
  • Addresses CVE-2023-41655

2.5.8

  • Fix regression from 2.5.7

2.5.7

  • Fix regressions from 2.5.4
  • Fix CI system

2.5.4

  • Update Tested up to

2.5.3

  • Fix issue with broken role-assignement in combination with WooCommerce
  • Fix spelling issue
  • Allow DN as role-definition

2.5.0

  • Ignore the order of capabilities to tell the role. In addition the filter editable_roles can be used to limit the roles

2.4.11

  • Fix issue with running on PHP8.1

2.4.9

  • Improve group-assignement UI

2.4.8

  • Make textfields in settings-page wider

2.4.7

  • Replace deprecated function
  • Fix undefined index
  • Add filter for retrieving other params at login (authLdap_filter_attributes)
  • Add do_action after successfull login (authLdap_login_successful)

2.4.0

  • Allow to use environment variables for LDAP-URI configuration

2.3.0

  • Allow to not overwrite existing WordPress-Users with LDAP-Users as that can be a security issue.

2.1.0

  • Add search-base for groups. This might come in handy for multisite-instances

2.0.0

  • This new release adds Multi-Site support. It will no longer be possible to use this plugin just in one subsite of a multisite installation!
  • Adds a warning screen to the config-section when no LDAPextension could be found
  • Fixes an issue with the max-length of the username

1.5.1

  • Fixes an issue with escaped backslashes and quotes

1.5.0

  • Allows parts of the LDAP-URI to be URLEncoded
  • Drops support for PHP 5.4

1.4.20

  • Allows multiple LDAP-servers to be queried (given that they use the same attributes)
  • Fixes issue with URL-Encoded informations (see https://github.com/heiglandreas/authLdap/issues/108)

1.4.19

  • Adds support for TLS

1.4.14

  • Update to showing password-fields check (thanks to @chaplina)

1.4.13

  • Removed generation of default email-address (thanks to @henryk)
  • Fixes password-hashing when caching passwords (thanks to @litinoveweedle)
  • Removes the possibility to reset a password for LDAP-based users (thanks to @chaplina)
  • Removes the password-change-Email from 4.3 on (thanks to @litinoveweedle)
  • Fixes double authentication-attempt (that resulted in failed authentication) (thanks to @litinoveweedle)

1.4.10

  • Cleanup by removing deprecated code
  • Fixes issues with undefined variables
  • Enables internal option-versioning
  • Setting users nickname initially to the realname instead of the uid
  • Fixes display of password-change possibility in users profile-page

1.4.9

  • Fixed an issue with changing display name on every login
  • Use proper way of looking up user-roles in setups w/o DB-prefix

1.4.8

  • Updated version string

1.4.7

  • Use default user to retrieve group menberships and not logging in user.
  • return the UID from the LDAP instead of the value given by the user
  • remove unnecessary checkbox
  • Adds a testsuite
  • Fixes PSR2 violations

[…]

1.2.1

  • Fixed an issue with group-ids
  • Moved the code to GitHub (https://github.com/heiglandreas/authLdap)

1.1.0

  • Changed the login-process. Now users that are not allowed to login due to
    missing group-memberships are not created within your blog as was the standard
    until Version 1.0.3 – Thanks to [email protected]
  • Changed the default mail-address that is created when no mail-address can be
    retrieved from the LDAP from [email protected] to [email protected] so that
    a new user can be created even though the mail address already exists in your
    blog – Also thanks to [email protected]
  • Added support for WordPress-Table-prefixes as the capabilities of a user
    are interlany stored in a field that is named “$tablePrefix_capabilities” –
    again thanks to [email protected] and also to sim0n of silicium.mine.nu

Details

  • Version: 2.6.2
  • Active installations: 6,000
  • WordPress Version: 2.5.0
  • Tested up to: 6.5.0
  • PHP Version: 7.4

Ratings


5 Stars
4 Stars
3 Stars
2 Stars
1 Stars