In the original plugin, there is a single, universal "account suffix", stored in the Wordpress settings database. I'm guessing the intent here is to have a user simply enter their username, like "kdreyer", and have the suffix automatically appended to it ("kdreyer" + "@example.com"). Since we're using multiple domains, this won't work. I could have a "kdreyer@example.com", or a "jsmith@xyz.com", and I need to authenticate both.
So here is my hacked version of the Active Directory Authentication plugin. It pulls out the domain from the user's account using
split('@', $username), and uses the user-supplied suffix instead of the universal suffix. This means I can get rid of the global Account Suffix and Default Email Domain settings altogether.There are one or two other modifications here as well. I'm using SSL in my adLDAP instantiation... and so should you ;-) I've also added a bit to update the user's display_name to be "John Smith", instead of jsmith@xyz.com... the info's already there in AD, so, why not help our user out and put it in there for him :-)
I'm using Wordpress 1.7.1, and the patch is against Active Directory Authentication plugin 1.0.5.
7 comments:
dear Ken, you need to post wedding details on your blog, it would make it much more interesting. thank you :) ~cousin-in-law Rachel
woah I think I just got told. Well, there actually is an entirely new website coming up soon and I'll be sure to post about it!
Hey Ken... How do you apply this patch?
Fred: did you figure it out? http://www.google.com/search?q=howto+apply+patches
Hi Ken,
I've a question about how the plugin works. Is it possible to host a wordpress site with the AD plugin on www.sitename.com, having multiple companies (customers of mine), login with their domain/credentials? (I'd like to have a customized company page for every customer.
Xander, I'm not sure from your comment if you're attempting to use this on an intranet or not. This plugin is really only useful if you are hosting the Wordpress site on the company's intranet. The web server is going to have to connect back to AD via LDAP, and network administrators do not like to expose AD's LDAP connections to the world.
Also, I'm not sure from your comment if these are disparate companies, or if they are all part of the same organization. As long as all of your various companies are centralized, and all of their users can authenticate to the same central domain controller, it will work.
Ken, thank you for your quick response. I'm new to this, so I don't know much about AD and security yet. The idea was to do this via the internet. In my database, I will store data of my clients (several other companys) and I thought that I could give them easy and secure access to their data this way. I now think that I have to think about other options.
Post a Comment