Feedback wanted for new Directory (LDAP/AD/etc) authentication plugin

Just wanted to say thank you!
I am new to openLDAP, but your PlugIn works perfect!

I didn’t take it do a online site, but i sure will do in near future

Thx!
Koelly

@koelly: thanks for the quick note. Glad it can be of use. ??

Hi,
Update: I looked at the changes and I think that they’ll work OK. There is something odd in my php web installation that I’m working on. I wrote a php routine the does ldap and ldaps OK from command line but only ldap, (not ldaps) works when I run it as a web page in apache. Once I get that straightened out, I’ll try the module again.

@tabeverly: good luck. Let me know how it goes. ??

While wpDirAuth is being peer reviewed, I released another plugin I use on my site. ??

https://tekartist.org/labs/wordpress/plugins/wpredirect/

@tabeverly: I didn;t offer before because I don’t know your level of sysadmin expertize, but feel free to let me know if you need help troubleshooting the CLI v. http you’re having with PHP.

On another note, I’ve published the wpDirAuth code doc, if anyone is interested: https://labs.tekartist.org/wordpress/wpdirauth/phpdocs/

@stephdau: There was an odd ball permissions problem with my certificate authority (CA) file in apache. It looks like PHP is using the apache variable LDAPTrustedCA to pick up the CA and the CLI was using the ldap.conf files. In any case, http/PHP/LDAPs is now working on my system and I’m trying wpDirAuth again.

@stephdau: Update. Login via LDAPv3 server now works great! The only thing that isn’t working for me is the option to “Require SSL Login” (Options/Directory Authentication Options/Wordpress Settings/Require SSL Login). When I enable it the Login page constantly refreshes and the url parameter in the meta tag is blank :<meta http-equiv=”refresh” content=”0;url=” /><p>Please access the encrypted version of this page.</p>. It could be something strange on my server (again.) I’ll keep looking…..

@tabeverly: Thanks for your continued support. ??

All the “Require SSL login” should be doing is to scan if the current login screen URL starts https, and redirect to the same URL under https if not. I haven’t tested it too much but it seemed to work in my tests.

See the first few line of wpDirAuth_login_form_extra(). A potential issue would be if the built-in $_SERVER[“SCRIPT_URI”] PHP pre-defined variable is somehow not available in your instance. Could you edit wpDirAuth.php and add something like the following code bits around line 438 of the current dev version (right after if(get_option(“dirAuthRequireSsl”)…) and tell me what the result is?

var_dump($_SERVER[“SCRIPT_URI”]); exit;

It might just be a matter of using another PHP var that would always contain the accessed protocol.

@stephdau: I was just going to write in and tell you the $_SERVER[“SCRIPT_URI”] isn’t set for my php via apache.
I was able to cobble this up from various sources. It seems to work for me:

function wpDirAuth_login_form_extra()
{

    if(get_option("dirAuthEnable")){

         $self_url = sprintf('http%s://%s%s',
                       (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 's' : ''),
                       $_SERVER['HTTP_HOST'],
                       $_SERVER['REQUEST_URI']);

         //if(get_option("dirAuthRequireSsl") && (!preg_match('|^https|',$_SERVER["SCRIPT_URI"]))){
         if(get_option("dirAuthRequireSsl") && (!preg_match('|^https|',$self_url))){
            $location = str_replace('https://','https://',$self_url);
            $refreshMeta = '<meta http-equiv="refresh" content="0;url='.$location.'" />';
            $refreshMsg = 'Please access the <a href="'.$location.'">encrypted version</a> of this page.';

            if(@ob_end_clean()){
                //$location = str_replace('https://','https://',$_SERVER["SCRIPT_URI"]);
                if( (@header('Location:'.$location)) == false){
                    echo '<html><head>'.$refreshMeta.'</head>'
                       . '<body>'.$refreshMsg.'</body></html>';
                }

Please excuse the sloppy coding, it’s my first attempt at php programming.
Also, I moved the $location line up to just under the get_option("dirAuthRequireSsl") line so that it’s set for the str_replace. As you say, there may be a variable set that has the value of my calculated $self_url and I’ll keep looking.

@tabeverly: Ah, excellent.

re: quality: Trust me, I’ve seen worst PHP coming out of much more experienced developers (yes, me included :).

I might just use your patch, but I’ll first take a look at an ultra portable PHP project I worked on a few years ago (netjuke) because I know I’ve had to deal with something like that in there(some vars are not available on Windows, etc). The latter would ahve the benefit to have been tested on a slew of platforms and to insure we end up with the best support possible. Having been coding PHP for *nix exclusively in the last few years, it escaped me in this one. ??

I’ll post later tonight.

@tabeverly: I have modified the code with your patch (only slightly tweaked), but I forgot to commit it before starting on something else (addition of optional TOS agreement step). Ooops.

I’ll commit the whole thing when I’m done with it tomorrow, and I think it might just be time to start packaging 1.0rc1, which I will start running on a pilot project WP install in my institution. The latter is in production, but less high visibility than others soon to come.

On a separate note, feel free to drop me an email at labs [at] tekartist [dot] org with whatever references you want listed in the credit files. ??

But for now, it’s 1AM, time to snooze. Ciao.

I have now commited the changes:

• better redirection (thanks tabeverly)
• new optional terms of services acceptance concept

See:

• Project page
• Development branch
• Code docs

I’ll work on the readme and credits file tonight, as well as on packaging the upcoming 1.0rc1. Maybe it’ll just be 1.0, since I’m about to roll it into production at my institution anyway.

I’ve done an initial code review before installing the software, and it looks good.

Please see this copy editing patch that corrects a few English usage and punctuation problems.

-Richard Bullington-McGuire

@rbulling: Hey R, thanks for joining in. I’ve reviewed the patch and applied it in rev. 350 tonight.

I’ll take all the copy and docs editing support I can get so I can focus on the code. ??

And a public thanks for the licensing info in our off-thread discussions.