Fitting LDAP to Wordpress-mu
One of the major bits of infrastructure for the new CETIS websites is a Wordpress-mu based blog server. The point of this being that everyone in the organisation gets to have their own blogs and thereby feed the general production of cetis news through what they write in said blogs. Look I’m doing it now! Enough with the meta-blogging though. The serious technical challenge was to integrate Wordpress-mu with our LDAP directory so as to give staff rights to sign on using their standard password and create as many blogs as they each fancy. Wordpress of course doesn’t quite do this out of the box but I’m not the first person to try this.
It being a small world, Alistair Young from UHI made this plugin for Wordpress 1.5 Pat Cavit took it onward somewhat and then William Gray did some some more work taking it to 1.5.2. Of course this is all single-user Wordpress, a year-old (Wordpress is up to version 2 now) - and inevitably mu is slightly different again….
These efforts now seem to have coalesced into a single WPMU plugin - available at:
http://wpmudev.org/project/WPMU-LDAP-Authentication-Plug-in
I’s suggest that people start with that stuff.
So I took some code - I think it was Pat Cavit’s and started working. As with many system integration projects I started out being hopeful that it would just work. It didn’t. Then I thought perhaps there was a nice clean way it could be hooked in. I couldn’t see one. Then I thought I’ll just step myself through the code and hack it into place. This approach paid off and we now have a working installation.
And it works a treat. CETIS staff can now go to blogs.cetis.ac.uk and sign themselves up. A user entry is created in the wordpress database - used for keeping profile information and so that the rest of the tables have a user id number to key to - but the password is always queried from the directory. With this done, the user can create as many blogs as they jolly well like. Pretty good if you ask me.
The modified files are:
wp-signup.php
wp-includes/wpmu-functions.php
wp-includes/functions.php
wp-includes/registration.php
wp-content/mu-plugins/pluggable.php
wp-admin/menu.phpAnd some new files added:
wp-content/mu-plugins/ldap.php
wp-content/mu-plugins/ldap/……
Once the dust has settled on on the servers and everything here at CETIS is properly behaving I’ll spend some time re-factoring and trying to get my work in line with the likes of Alistair, Pat et al. for both WP2 and WPmu.
MEANWHILE due to popular demand here is a zip file of the work I have done so far:
LDAP_MOD.zip
From a wider point of view having this kind of plugin available should be a boon to system administrators of organisations large and small looking for a nice reliable blogging solution which they can roll out to a whole bunch of users without having to create yet another authentication nightmare. Great!
Could you share your code for another UK university looking to switch to WordPress, or is it system-specific? I’ve been aware of the other plugins but would love to see one that works with current versions.
Hi,
have you had any luck creating a plugin for wpmu and LDAP. I’m in the process of implementing wordpress for a number of people. A requirement is LDAP auth. If I can’t get it going I’ll have to use the single user wordpress, which isn’t ideal in my situation.
Thanks,
Tim
Are you planning to make your modifications available to the public? I am integrating Wordpress MU as an internal educational staff blogging platform and your LDAP modifications would be very welcome.
Do you know if it is possible to make this work over a secure connection? I can’t find anything about this in the code or documentation.
Very cool. We are leveraging Wordpress as a CMS in several projects, and it occured to us that LDAP integration would be a big plus. I’ve just stumbled across your blog entry, so I haven’t had time to review any conversations/updates to this post, but it sounds like it went smoothly.
Argh.. it’s like a bad tease. You have LDAP working, but left out *how* you got it working. :(
I think that constitutes a decent amount of interest! I had better release the recipe!
Hi,
I downloaded the ldap plugin from the wordpress-mu dev site and unpacked it into the mu-plugins dir but it didn’t work… I had to patch 1 line in ldap/ldap_core.php to get it to work…
line 171
# if (($this->connection_handle) && ($this->dn)) { Modified by RH
if (($this->connection_handle)) {
The plugin is at
http://wpmudev.org/project/WPMU-LDAP-Authentication-Plug-in
Ruairi
Thanks for the pointer Ruairi. I’ll have to download that version from WPMUDEV - and see if there is anything I can contribute back.
Hi,
Me again, it was actually at line 132 (first line of search function) I think it may be as I am using anonymous bind/searching so the first search on the uid has to find the users dn…
Ruairi
Hi, I’ve just tried installing wordpress mu 1.2.1 and the version 1.0.0_2
of the ldap plugin on apache 2.2.4 and PHP 5.2.4 (Windows Server 2003 +
Active Directory), and straight after installing the files I get the
following when I try to go to any pages in wordpress:
Dock()) { return LDAP_ERROR_CONNECTION; } // Set up the search stuff
$attributes_to_get = array (”fullName”, “mail”, “givenName”, “sn”,
“phone”); if (get_site_option(’ldapLinuxWindows’)) { //Linux
[SNIP]
Tarik - sorry but this really isn’t the place for that kind of thing… Hope you figured it out in the end :-)
Hi,
is it possible to integrate Wordpress with LDAP?
if yes,
please specify the steps followed….
Thanks in advance
“is it possible to integrate Wordpress with LDAP?”… so you are basically asking if PHP can interface with LDAP. I know many other languages can (CF, ASP, .NET) integrate with LDAP in real-time. Pretty cool stuff when you start to think about the corporate applications. But I don’t know if PHP can. I would also be interested in this answer if anyone can offer some help.
Justin: PHP itself has no problem with LDAP integration (provided you have the relevant modules installed!) the problems I’m discussing here are more around taking existing apps which use their own user store in MySQL (or whatever) and modifying them to work with external authentication providers…
Ajay: this post is SPECIFICALLY about wordpress-mu - for vanilla wordpress please see the main wordpress plugins directory.
Generally speaking I’d say these efforts are starting to come together with other identity management solutions spanning OpenID, OAuth, LDAP, SSO etc etc and associated plugins for a range of web-applications to enable all these services with appropriate levels of security, access control and so forth. Solutions like Atlassian’s Crowd is one possibility - but in the PHP space I’ve not seen anything which quite lives up to my current dreams. I’ll be busy then…