[wp-hackers] LDAP - almost!
Alistair Young
alistair at smo.uhi.ac.uk
Tue Nov 30 10:31:44 UTC 2004
It's ok - I managed to sort it without changing the login.
The MD5 of the password is stored in the cookie. All I did was, if LDAP
is enabled, replace this with the MD5 of an LDAP marker. Only the LDAP
code generates this marker so if it's in the cookie, then the user has
authenticated using LDAP.
I have a couple of things to tidy up, such as an LDAP conf file and
taking the admin user out of LDAP so it authenticates locally. If your
LDAP server goes down, you can't get into WP!
The modified files are:
ldap/* - Contains all the LDAP functionality
wp-login.php - Contains the LDAP authentication code and modified
cookie content
wp-admin/auth.php - This is modified to take account of the LDAP cookie
marker
wp-config.php - Contains some LDAP definitions
I'd like to make it a plugin but I'd need to modify the core code as
above. What's the chance of getting the mods into the code permanently?
Then I can make LDAP a plugin.
Alistair
On 30 Nov 2004, at 07:43, Alex King wrote:
> A rewrite of the way the authentication works (using PHP sessions
> instead of the wp cookies for example) is probably not that big a job.
>
> I'd be interested in helping on this if you'd like, I want to get some
> PHP/LDAP experience.
>
> --Alex
>
> http://www.alexking.org/
>
>
> Alistair Young wrote:
>> I've enabled 1.2.1 to use LDAP authentication but am having some
>> serious problems with cookies. It seems that login is a continous
>> process throughout wordpress, not just a one-off authentication. The
>> username and md5 password are stored in a cookie which is used by the
>> other pages.
>> The md5 is useless for LDAP and there's no way to get access to what
>> the user actually typed in when "logging in" (wp-login.php).
>> Has anyone looked at LDAP authentication - I can't see any way to get
>> it working without a major rewrite of how the login works!
>> ta,
>> Alistair
>
> _______________________________________________
> hackers mailing list
> hackers at wordpress.org
> http://wordpress.org/mailman/listinfo/hackers_wordpress.org
More information about the hackers
mailing list