WordPress MU

Hey Everyone...

I'm a new user looking to install WPMU in a university environment for our faculty/staff. One of the requirements is LDAP support, so I was happy to find the LDAP module over at wpmudev.org. I installed wmpu 1.2.1 and then installed the latest ldap module and it does not seem to work. I get lots of "junk" (i.e. lots of PHP code, etc.) at the top of the screens and cannot login.

What I'm wondering is this: can anyone confirm that version 1.0.0 of the LDAP Auth Plugin (http://wpmudevorg.wordpress.com/project/WPMU-LDAP-Authentication-Plug-in) works with version 1.2.1 of WordPress MU?

I can't confirm it works but I can confirm that my college has said in order to continue using WPMU it must have LDAP features similar to Drupal. I've had a WPMU instance up since August of 05 and it finally has traction at my institution with about 100 blogs and I would hate to see us have to switch to Drupal just for LDAP. I think Drupal's blogging features are no where near as good.

I would love to help but I don't know the first thing about LDAP. (I host mostly soccer moms) Sorry.

davidctaylor

On my site, WPMU 1.2.1 and LDAP module, you described, are works well.

But I don't know, what happend at your site. Here is a record,
to install LDAP module to WPMU 1.2.1 tree.

------------------------
o fetch archive

cd /path/to/wpmu
cd wp-content/mu-plugins/
wget http://wpmudevorg.wordpress.com/download/1900471714_wordpressmu_1.0.803-ldap_auth-1.0.0.zip

o backup exists pluggable.php file

mv -i pluggable.php pluggable.php.mu-1.2.1.orig

o extract archive

unzip 1900471714_wordpressmu_1.0.803-ldap_auth-1.0.0.zip

o error correction

cp -pi ldap_auth.php ldap_auth.php.orig
vi ldap_auth.php
diff ldap_auth.php.orig ldap_auth.php
26c26
< echo "<link rel='stylesheet' href='" . get_settings('siteurl') . "/wp-content/plugins/ldap_auth.css' media='screen' type='text/css' />";
---
> echo "<link rel='stylesheet' href='" . get_settings('siteurl') . "/wp-content/mu-plugins/ldap_auth.css' media='screen' type='text/css' />";

------------------------

David, I am getting the same performance. I did a fresh install and installed the plugin as Hasegawa... The college I work at is also requiring LDAP integration on blogs.

I posted about a similar problem here I don't get any error messages, but get kicked back to the login screen. Did you ever find a resolution to your problem?

Hi I'm also looking to implement this LDAP plugin (version 1.0.803) with Wordpressmu 1.2.1

Can anyone confirm the folder where the plugin should be placed...

The instructions for the LDAP plugin say to place it in the folder ../mu-plugins/ which is where I have it.

I'm able to get to the plugin configuration form as expected

However, I've noticed that in my Apache (v 2.2.0) error log I see the following messages

File does not exist: ../blogs/wp-content/plugins/ldap_auth.css, referer: http://mydevserver.com/blogs/wp-admin/edit.php

which seems to imply that the LDAP .css file needs to be in the ../plugins/ folder rather than the ../mu-plugins/ folder, unless I'm missing something

any ideas?

kind regards

OK

I think I can see the problem as described in my post above

as the poster says here
see post: dubaidan: Posted 2007-04-22 12:42:42
http://wpmudevorg.wordpress.com/project/WPMU-LDAP-Authentication-Plug-in

we need to amend the section below in ldap_auth.php

add_action('admin_head', 'ldap_addcss');
function ldap_addcss() {
echo "<link rel='stylesheet' href='" . get_settings('siteurl') . "/wp-content/plugins/ldap_auth.css' media='screen' type='text/css' />";
}

and change /wp-content/plugins/ to /wp-content/mu-plugins/

I'll be changing this shortly...I'll let you know if it fixes the issue

It should - basically, there are several legacy things related to WP that were never updated when the plugin was adapted for WPMU. Things like this, where the CSS directory is (now) wrong, and showing LDAP options panel as a sub-menu of Options, despite that the configuration is site-wide.

It's one of those things I've changed in my local copy as well, but have yet to upload.

-sean

Thanks for the update Sean, I'm about to test this out on my development server

Are you able to send me examples of how to populate the LDAP parameters shown on the config screen. I'm pretty much on my own at the moment as our local LDAP experts aren't available right now

I'm looking to get an example of what I need to enter for the various parameters for this plugin

I've been using an application called SoftErra LDAP browser to test things out and I'm able to connect to LDAP and bring back the LDAP tree. I've previously managed to get the parameters I need from my LDAP team to get SoftErra working, but would like an example to know how to populate the parameters for the LDAP plugin. I'm sure I almost there.

I've just uninstalled the LDAP plugin whilst I test some other Wordpress features so can't get to the config screen right now, but if you have the plugin you'll be able to see the config properties

any help would be much appreciated

Kind Regards

Yeah - the documentation is unfortunately rather sparse. Volunteers and all. :)

I'm still learning it all myself, and I am, unfortunately, not an LDAP expert, so this may be off... But here's how I understand it:

LDAP Server Address: The IP / name of the LDAP server without the protocol (e.g., "ldap.example.com", NOT "ldap://ldap.example.com")

LDAP Server Port: The port # (an integer)

Search DN: The DN in which to search. "DC=a,DC=b,DC=c,DC=d", for example. It appears to recurse into subgroups.

User DN: The DN to use for searching, if your server does not allow anonymous searching. You might be able to leave this blank, but I'm not sure.

Password: The password for the User DN account.

Linux or Windows LDAP: Type of the LDAP server. I believe "Windows LDAP" refers to Active Directory.

Auto Create Local Accounts: Whether or not to create WPMU users (and blogs!) when a user authenticates with LDAP credentials.

Enable LDAP? Whether or not to override the base WPMU wp_login method with one that allows for LDAP authentication.

Unfortunately, it does not appear to complain very clearly if it cannot connect to the LDAP server, but, once it's set up, you should rarely (if ever) need to change it.

-sean
http://www.thecodelife.net

Thanks sean, this is vey useful

To be fair, most of it looks fairly self-explanatory but you never know, and it surely sucks if you can't get it working cause you made an assumption about a property!

The bit that I wasn't previously clear about was the User DN/Search DN parameters

I'm going to try this out and see how I get on. I'm aware, through reading the posts here: http://wpmudevorg.wordpress.com/project/WPMU-LDAP-Authentication-Plug- that some that have tried this have got a "white screen of death"....so I'll just have to "suck it and see"!

Thanks for your help Sean

I've goth the LDAP plugin working now on my development instance

What a GodSend!

I've been looking at the .php source code in ldap_auth.php

I'm looking to see if I can make a change so that when a new user logs in for the first time
they don't get their own blog set-up but just an account

I can see that the code in ldap_auth.php is where I need to be looking

As an aside, I'm awaiting a change request outstanding with our network team to make a DNS
change for our server to enable wildcard DNS resolution. This will allow us to have blog urls such as
abcde.myserver.com/blogs for individual users

I've already got wildcard DNS working on a pre-development WPMU instance which is hosted outside of our network,
so I know I can get this bit working ok.

it appears that the ldap_auth.php code I need to change is in the lines here

//Because WPMU has a bug in the create blog function we need this code
//To prevent errors with the wpmu_create_blog function. See Ticket #184
$result = $wpdb->query( "CREATE TABLE wp_" . $user_id . "_options (option_id bigint(20) NOT NULL auto_increment, blog_id int(11) NOT NULL default 0, option_name varchar(64) NOT NULL default '', option_can_override enum('Y','N') NOT NULL default 'Y', option_type int(11) NOT NULL default 1, option_value longtext NOT NULL, option_width int(11) NOT NULL default 20, option_height int(11) NOT NULL default 8, option_description tinytext NOT NULL, option_admin_level int(11) NOT NULL default 1, autoload enum('yes','no') NOT NULL default 'yes', PRIMARY KEY (option_id,blog_id,option_name), KEY option_name (option_name)) ENGINE=MyISAM DEFAULT CHARSET=utf8;" );

//Create and update the users blog.
$meta = apply_filters('signup_create_blog_meta', array ('lang_id' => 'en', 'public' => 0));
$blog_id = wpmu_create_blog($newdomain, $path, $username . "'s blog", $user_id, $meta);
do_action('wpmu_activate_blog', $blog_id, $user_id, $password, $username . "'s blog", $meta);

//Must recreated the login object for our shiny NEW users.
$login = get_userdatabylogin($username);

//Setup redirection to users home directory.
if (!strpos($_REQUEST['redirect_to'], $username)) {
$_REQUEST['redirect_to'] = $username . "/" . $_REQUEST['redirect_to'];
}

I've made a few attempts already but get "user does not have permission to view this page" messages.

I suspect this may be due to us not having wildcard DNS set-up just yet, so once this bit is set, I'll try again.

In the mean time I'm interested in knowing if anyone has already tried this type of mod and what their experiences
have been with this

I'm close (but no cigar just yet!)...

Well, I'm not 100% sure, but I think that a user must have a blog in order to see the WP Dashboard, to which, you'll notice, a new user is forwarded when logging in.

So essentially, a user must have a blog in order to access their profile and whatnot. (I think this is the case, but someone may correct me).

This is one of those behaviors I was going to change to be a configuration option later... let it be configurable for the auto-creation of blogs as well as user accounts in the LDAP site-wide settings.

For now, I'm still bundling up the changes I've made to the plugin.

-sean

Thanks again for the response sean.

I'm still chasing my WPMU server DNS change request!

Once, I've got "wildcard" DNS in place on my server url, I'll be able to fully test new user activation using the LDAP plugin.

now, off topic:

By the way, I'm really loving this software.....

I've been going "plug-in" crazy!

This week I demoed the current build to our user group at work and they were "blown away".

Straight away, they asked for forum capability, live chat and polls!

An hour later we have forum capability courtesy of the "rs-discuss" plugin.

I've been experimenting with the "shoutbox/wordspew" live chat plugin too. Unfortunately there's a problem
with it (I'm using rudd-o's version 2.4 code fork) in that it works fine with WP but doesn't seem to get to/execute the
database "write" routines when committing messages to the database in WPMU (v 1.2.1)

I've done a little research but have come up with blanks...most threads on the shoutbox/wordspew plugin end with "it just doesn't work" with WPMU

I had an email exchange with the author a few hours ago, so I'm working on making code changes to get this plugin working with WPMU...but that's another story!

I also understand that there's another WPMU code fork for this plugin called TagBoard (by Jared Bangs), but the install files are currently offline while the author rewrites the source, so no luck there...

I'll see how I get on...

I'm still reseraching for the poll plugin. I've seen a few options just need to weigh them up against eachother...

back on topic:

Thanks again for the help here with the LDAP piece

sean, I'm interested in your code changes/improvements for this plugin.

Maybe you could just post a list of what you have so far, or maybe do a quick "examdiff"
on the source to pull out your changes

My company has a nightmare with single sign on across it's application landscape, so being able to show WPMU linked to our active directory is a real "win" for us!

By the way, I noticed that the rss feeds for posts seem to be broken here (ie6 and ie7)...

Is this a known issue on the forum?

I'm off to look at more plugins!

Acapulco,

I'm working on getting the changes up in a public area on sourceforge... once I get licensing information from all the original authors...

For now, I'm going to test it against a fresh WPMU 1.2.1 install to make sure I didn't make a core hack somewhere, and then will send the code off to Alex to publish on WPMUDev.org.

Anyway, things I've changed:

• Moved the options panel to be a sub-menu of Site Admin (since they're site-wide settings)
• The CSS for the LDAP options is now properly referenced
• Added options to disable public signup, with a customizable message (kinda hack-y right now)
• Added a good deal of documentation and in-code commenting
• Heavy refactoring of the code for cleaner organization and maintenance

With all these, though, I have not touched ldap_core.php or ldap_ro.php... basically the only work I've done is with the "glue" code and documentation.

I should have the code available sometime in the next few days.
-sean

To followup:
http://mu.wordpress.org/forums/topic.php?id=4991&replies=1

i extracted the ldap plugin under ../mp-content/mu-plugins/
but when i check the plugin tag in the breower after i loged in as admin. the page always said there is no plug in installed.
what i missed? i installed wpmu1.2.1

cc to rexzhen
You might need to read the instructions a little closer rexzhen. The answer is in there. A clue is... it will not show up under your plugins.

To everybody else:
Just got LDAP working here today. I work in a school setting and plan on allowing any student with an AD login to be able to create a blog.

I'm an LDAP newbie, but did find one problem that I had to work around. Is this something that needs to be considered as an enhancement?

I had to make one modification to ldap_ro.php because the LDAP Search String was searching based on uid and we use cn. So, a simple change fixed it and all works just fine. We have an AD server, but we also have a Novell eDirectory server which from what I understand uses OpenLDAP. I guess this is different than Linux LDAP? If so, it could be something to consider.

Thank you for all the work on this plugin. It really has helped alot.

Yeah, rexzhen, like schoolmonkey said - check the documentation; see ldap/README (or ldap/ldap_auth.txt if you have an older version) - it's in there.

Also, the latest release is v.1.2.0 - just released today. You can get it at the SourceForge page for the project: http://www.sourceforge.net/projects/wpmu-ldap

@schoolmonkey - I'd like to hear more about what you found and what changes you made. Is there an email I can reach you at? Or, if you'd rather not post it, just hit my contact form and drop me a line.

I just got the latest LDAP MU plugin working with WPmu ver1.2.3. just downloaded 2 days ago.

Worked with no modification with Windows AD.

We previously had about 250 blogs by teachers where some did not use their ldap id while using email sign up. If they did not use their ldap name, when I activated ldap, I had to create user accounts for those who already made blogs but did not use their ldap id.

Thank God most just used their ldap id rather than making up their own when we used email signup.

Now when ever a new teacher wants a blog they login and it is all set to go for them. This is an outstanding plugin and I thank all who helped create it!

-Chris

schoolmonkey:

We've got a Novell eDirectory box that we're trying to make work with the LDAP plugin and all we end up with is the "white screen of death". What was the tiny modification you made to ldap_ro.php? I thought I updated it to use cn instead of uid but apparently that didn't fix the problem.

Looking in my Apache error logs I see:

[client xxx.xxx.xxx.xxx] PHP Parse error: parse error, unexpected T_ARRAY, expecting '&' or T_VARIABLE or T_CONST in /var/www/blogdev/html/wp-content/mu-plugins/ldap/wpmu_ldap.functions.php on line 13

Which is odd because that function supposedly creates a new WP user from LDAP, but I'm just trying to pull up any ol' existing blog and/or the main wpmu page.

Hrm.

OK, got rid of the 'white screen of death' and everything is authenticating nicely against our LDAP server. I'll post details of how we fixed it later this weekend.

In the meantime, now I need to tweak the LDAP module so that it also authenticates against existing WPMU users and not just over LDAP ...

Hi, I've just tried installing wordpress and the very latest version of the ldap plugin (on IIS), and straight after installing the files I get the following when I try to go to any pages in wordpress:

Dock()) { return LDAP_ERROR_CONNECTION; } // Set up the search stuff $attributes_to_get = array ("fullName", "mail", "givenName", "sn", "phone"); if (get_site_option('ldapLinuxWindows')) { //Linux $this->SetSearchCriteria ("(uid=$in_username)", $attributes_to_get); } else { //Windows $this->SetSearchCriteria ("(samaccountname=$in_username)", $attributes_to_get); } $this->Search(); // Did we find the user? if ($this->info[0]["dn"] == "") { $this->Disconnect(); return LDAP_ERROR_USER_NOT_FOUND; } // We always get back one more record than there really is $no_of_entries = (count ($this->info) - 1); // Authenticate again but this time as the user $this->SetAccessDetails ($this->info[0]["dn"], $in_passwd); if($this->Bind()) { // Return the user's data $user_data[LDAP_INDEX_DN] = $this->info[0]["dn"]; $user_data[LDAP_INDEX_NAME] = $this->GetLDAPInfo (LDAP_INDEX_NAME); $user_data[LDAP_INDEX_EMAIL] = $this->GetLDAPInfo (LDAP_INDEX_EMAIL); $user_data[LDAP_INDEX_GIVEN_NAME] = $this->GetLDAPInfo (LDAP_INDEX_GIVEN_NAME); $user_data[LDAP_INDEX_SURNAME] = $this->GetLDAPInfo (LDAP_INDEX_SURNAME); $user_data[LDAP_INDEX_PHONE] = $this->GetLDAPInfo (LDAP_INDEX_PHONE); // Success! $return = LDAP_OK; } else { if ($this->GetErrorNumber() == 49) { $return = LDAP_ERROR_WRONG_PASSWORD; } else { $return = $this->GetErrorNumber(); } } // Close the connection $this->Disconnect(); return $return; } function GetUserInfo ($in_username, &$user_data) { // First, connect to the LDAP server $this->Dock(); $attributes_to_get = array ("fullName", "mail", "givenName", "sn", "phone", "homeDirectory", "member", "zenwmMACAddress", "uniquemember", "dn"); $this->SetSearchCriteria ("(cn=$in_username)", $attributes_to_get); $this->Search(); // Did we find the user? if ($this->info[0]["dn"] == "") { $this->Disconnect(); return LDAP_ERROR_USER_NOT_FOUND; } $user_data[LDAP_INDEX_EMAIL] = $this->GetLDAPInfo (LDAP_INDEX_EMAIL); $user_data[LDAP_INDEX_NAME] = $this->GetLDAPInfo (LDAP_INDEX_NAME); $user_data[LDAP_INDEX_GIVEN_NAME] = $this->GetLDAPInfo (LDAP_INDEX_GIVEN_NAME); $user_data[LDAP_INDEX_SURNAME] = $this->GetLDAPInfo (LDAP_INDEX_SURNAME); $user_data[LDAP_INDEX_PHONE] = $this->GetLDAPInfo (LDAP_INDEX_PHONE); $user_data[LDAP_INDEX_HOMEDIR] = $this->GetLDAPInfo (LDAP_INDEX_HOMEDIR); $user_data[LDAP_INDEX_MEMBER] = $this->GetLDAPInfo (LDAP_INDEX_MEMBER); $user_data[LDAP_INDEX_MACADDRESS] = $this->GetLDAPInfo (LDAP_INDEX_MACADDRESS); $user_data[LDAP_INDEX_UNIQUE_MEMBER] = $this->GetLDAPInfo (LDAP_INDEX_UNIQUE_MEMBER); $user_data[LDAP_INDEX_DN] = $this->GetLDAPInfo (LDAP_INDEX_DN); $this->Disconnect(); return LDAP_OK; } function DoSearch ($in_search_criteria, $in_attrs, &$data) { $this->Dock(); $this->SetSearchCriteria ($in_search_criteria, $in_attrs); $this->Search(); $this->Disconnect(); $data = $this->info; return LDAP_OK; } function GetEmailList ($in_email_list_name, &$emails, &$dns) { if ($in_email_list_name == "") return LDAP_ERROR_EMPTY_PARAM; $this->GetUserInfo ($in_email_list_name, $data); $no_of_members = count ($data[LDAP_INDEX_UNIQUE_MEMBER]); $non_empty_count = 0; for ($c=0; $c < $no_of_members; $c++) { // Get the user ID from the DN (cn= part) $parts = $this->GetDNParts ($data[LDAP_INDEX_UNIQUE_MEMBER][$c]); $parts = split ("=", $parts[0]); if ($parts[1] != "") { $this->GetUserInfo ($parts[1], $user_data); $emails[$c] = $user_data[LDAP_INDEX_EMAIL]; $dns[$c] = $data[LDAP_INDEX_UNIQUE_MEMBER][$c]; $non_empty_count++; } } return $non_empty_count; } function GetDNParts ($in_dn) { return ldap_explode_dn ($in_dn, 0); } } ?>

Any ideas what is wrong? Thanks

same problem here!

Same problem since 2 weeks...!

There are a few possibilities that I can guess... some of the old code that we adopted used PHP short tags ("<?" instead of "<?php"). This may cause problems for some people... it's fixed in more recent SVN revisions, and will be fixed with the 1.3 release of the plugin.

We recently had a support issue with the "code screen of death". See the ticket on it.

I'm pretty sure that fixing the short tags will address the issue...