tabeverly

@stephdau: I was just going to write in and tell you the $_SERVER[“SCRIPT_URI”] isn’t set for my php via apache.
I was able to cobble this up from various sources. It seems to work for me:

function wpDirAuth_login_form_extra()
{

    if(get_option("dirAuthEnable")){

         $self_url = sprintf('http%s://%s%s',
                       (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 's' : ''),
                       $_SERVER['HTTP_HOST'],
                       $_SERVER['REQUEST_URI']);

         //if(get_option("dirAuthRequireSsl") && (!preg_match('|^https|',$_SERVER["SCRIPT_URI"]))){
         if(get_option("dirAuthRequireSsl") && (!preg_match('|^https|',$self_url))){
            $location = str_replace('https://','https://',$self_url);
            $refreshMeta = '<meta http-equiv="refresh" content="0;url='.$location.'" />';
            $refreshMsg = 'Please access the <a href="'.$location.'">encrypted version</a> of this page.';

            if(@ob_end_clean()){
                //$location = str_replace('https://','https://',$_SERVER["SCRIPT_URI"]);
                if( (@header('Location:'.$location)) == false){
                    echo '<html><head>'.$refreshMeta.'</head>'
                       . '<body>'.$refreshMsg.'</body></html>';
                }

Please excuse the sloppy coding, it’s my first attempt at php programming.
Also, I moved the $location line up to just under the get_option("dirAuthRequireSsl") line so that it’s set for the str_replace. As you say, there may be a variable set that has the value of my calculated $self_url and I’ll keep looking.

@stephdau: Update. Login via LDAPv3 server now works great! The only thing that isn’t working for me is the option to “Require SSL Login” (Options/Directory Authentication Options/Wordpress Settings/Require SSL Login). When I enable it the Login page constantly refreshes and the url parameter in the meta tag is blank :<meta http-equiv=”refresh” content=”0;url=” /><p>Please access the encrypted version of this page.</p>. It could be something strange on my server (again.) I’ll keep looking…..

@stephdau: There was an odd ball permissions problem with my certificate authority (CA) file in apache. It looks like PHP is using the apache variable LDAPTrustedCA to pick up the CA and the CLI was using the ldap.conf files. In any case, http/PHP/LDAPs is now working on my system and I’m trying wpDirAuth again.

Hi,
Update: I looked at the changes and I think that they’ll work OK. There is something odd in my php web installation that I’m working on. I wrote a php routine the does ldap and ldaps OK from command line but only ldap, (not ldaps) works when I run it as a web page in apache. Once I get that straightened out, I’ll try the module again.

I glanced at the post. I am using OpenLDAP (on Linux). The problem is for our LDAP is that the DNs are not the same for all users. We also have an “l=” parameter (location??) that will differ depending on the user. Mine is l=US others have l=GB, etc. The users wouldn’t necessarily know about this parameter. I wrote a simple php routine to test out ldaps and I couldn’t bind with password without the l=US in my DN. I’ll do some more experimenting tomorrow when I get into work.

I believe that I figured out the problem with the login credentials failing. With our LDAP, in order to bind with a password, the ldap_bind “userid” (i.e second argument) needs to be the full dn, not just the userid. What I think needs to happen is to do an anonymous bind, use it to search for and return the dn, then use the dn as the second argument in the ldap_bind call with the password.

I was able to get a little farther by disabling the “Require SSL Login” settings in the wordpress settings section of the plugin options of wpDirAuth. I now get the proper text label in the login box. I haven’t gotten a successful login through the LDAPs yet, but that could be a problem with our setup and I’ll check into it.
I evaluated a similar plugin: admin-ssl that does a https for logins and the admin pages. This plugin works OK for the SSL logins on my web server.

Thanks for the information. I misunderstood the plugins form, I thought that it was showing me the state of the plugin “Activate”, when it was really showing me a command button. I got the plugin activated. The login window is slightly different (but doesn’t have the text that I keyed into the “branding” section of the plugin setup.) It also recycles almost immediately and doesn’t let me log in. The is a new hyperlink at the bottom of the page “please access the encrypted version of this page” which seems to have a zero refresh: <meta http-equiv="refresh" content="0;url=" /><p>Please access the <a href="">encrypted version</a> of this page.</p></form></div></html> but no url is in the link. I tried to change the page to use https:// but I get the same constant reload. https is set up on the web server and works just fine. Is there some other plugin or configuration setting that I missed?

OK, I figure out that the secret is to deactivate the plugin and then look for the setup menu in options. Do I need to do anything in wp-config.php to enable this?

I’m willing to help you test out authentication via LDAPs, but I’m brand new to WordPress (downloaded this afternoon). I put wpDirAuth.php in the wp-content/plugins directory and according to the wp-admin/plugins.php page, it’s activated. How do I set it up with the proper information for my LDAPs server?