AD Authentication

There are a handful of plug-ins available for WordPress right now that allow you to login and authenticate users based on Microsoft Active Directory credentials, but only one of them seems to actually work and it has some serious issues that need to be tackled before it’s usable in large-scale environments.

Enter my new Active Directory plug-in (I’ll call it ADAI throughout the rest of this article). I’m currently working on rewriting much of the code base for the Active Directory Integration (ADI) plug-in and turning it into an all-new plug-in for WordPress.

Changes

The major changes I’m making to the AD Integration plug-in are as follows:

  1. ADI stores each option in a separate row within the database tables. ADAI groups options into logical groups within the database. Since all of the options are retrieved any time the plug-in is instantiated anyway, there’s no point in storing them all separately.
  2. ADI does not easily support multi-site installations of WordPress. Primitive support for WPMU is built in, but it appears to all be leftover from the previous code base (Active Directory Authentication – ADA) and is mostly dependent on WPMU, rather than being set up to work natively with the new WordPress MultiSite. ADAI is being built to natively support multi-site installations (network activated).
  3. ADI relies on the ldap_connect() (among others) function in PHP. This function is only available if the LDAP extension is compiled into PHP at runtime. Unfortunately, if the LDAP extension is not compiled into PHP, the plug-in will cause a fatal PHP error, resulting in a blank white screen. ADAI includes a check to make sure that that extension is compiled into PHP before actually trying to do anything. If the ldap_connect() function is not available, the plug-in will not do anything except display an error message within the WordPress administration area informing you of the error.
  4. ADI stores the password used to connect to the Active Directory server in plain text within the database, allowing anyone with access to your database to easily discover your Active Directory server password. ADAI will encrypt the password before storing it in the database.

The Active Directory Authentication Integration plug-in is not yet available to the public, but much of the code is written. I am currently in the process of cleaning up the code and testing the plug-in in a few different WordPress instances. Once testing is completed, I will be releasing the plug-in publicly in the WordPress repository.

4 thoughts on “AD Authentication

    1. Curtiss Grymala Post author

      Did you network-activate the plugin? It will only work with MultiSite when it is network activated. Otherwise, the settings will only affect the site on which it’s activated.

      Reply
  1. bosk

    Hi Curtiss,

    I installed the plugin in a brand new, clean wordpress 3.1 installation. Installation was ok. But switching to “Settings”, “AD Authentication Integration” brings me the following message.

    Active Directory Settings
    You do not have the appropriate permissions to update these options. Please work with an administrator of the site to update the options. Thank you.

    What does this mean? I am the only user/administrator of the site. I do not understand this?

    Regards
    bosk

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *