neenunc

The hashed password that is used for the LDAP authentication is not saved to WordPress by Authorizer; instead, a random password is assigned to the user the first time they log in via LDAP and the WordPress user account is created. This is because we are still creating a WordPress user (which is authenticated via LDAP), so we have to set some sort of password in order to maintain security for that user account on WordPress. In case the LDAP connection is removed, the user can still reset their password and log in via WordPress authentication methods.
Suppose I logged via LDAP in to my website for the first time, then it will hash my ldap password into the wp_users table, right?
Even if my account got deactivated/deleted, will I be able to login with the old credentials?

It worked, Thanks!

Hi Paul,

I tried Ithemes security plugin, it works well but there is no effect of this plugin along with the authorizer lockout feature. So how can I disable this feature?

I could see a section like this, but not sure how to disable this.
After 10 invalid password attempts, delay further attempts on that user for 1 minute(s). After 10 more invalid attempts, increase the delay to 10 minutes. Reset the delays after 120 minutes with no invalid attempts.

• This reply was modified 3 years, 5 months ago by neenunc.

Thanks. It worked.

Thanks.. I will go for ithemes security.

Any update?

Hi @figureone
Resolved the issue.. Some people didn’t set with default role. During the assignment of default role(as I stated above), since no default role was set, role for the user is set to None. That’s why the login was failing.

Thanks for your time and response.

Code exiting in below section –

// Ensure user has the same role as their entry in the approved list.
if ( $user_info && ! in_array( $user_info['role'], $user->roles, true ) ) {
    $user->set_role( $user_info['role'] );
}

Hi @figureone
Upon further analysis, I found that default role is not set for some users and the code is failing where it tries to sure user has the same role as their entry in the approved list and assign that use role to the user. No role is assigned and ‘None’ assigned as user role. This is where code is exiting.

Hi @figureone
I commented out the function call check_user_access() and result check, and now the login is working. The issue might the one you mentioned, but Ldap server didnt change any configurations. This was working before and now it didnt.

Do you have any idea how this can be resolved?

Hi @figureone
I tried to print everything from authenticate function, and after check_user_access(), I’m get nothing.

Hi @figureone
I tried to print ldapbind results in custom_authenticate_ldap function (class-authentication.php line 538). The binding shows success.

Hi @figureone
I had one more observation – I am getting 500 error while calling POST request to URL <domain_name>/wp-login.php. and after specific period(which is quite longer), the page ended up like –

<domain_name> is currently unable to handle this request.
HTTP ERROR 500

Hi @figureone
Thanks for your response.
Current scenario is, The telnet connection to the ldap server is successful, The ldap server gets the request and they got bind success response. After that, the wordpress login is seems to be failing.

Do you have any idea about the issue?

Enabled httpd_can_network_connect which resolved the issue.

Thanks, Paul. I really appreciate your help.