Integrate Kolab LDAP as user store for wordpress
Jeff Gilmore
jeff at thegilmores.net
Thu Dec 4 23:55:32 CET 2014
Hi Scott,
Good thing to check. It turns out (on Ubuntu at least) it does bind to the IP address.
I was able to use an LDAP browser tool (JXplorer) to navigate the tree and do some experiments, and I got it to work. The relevant settings are shown below:
Account Filter
(Defaults to samAccountName)
What LDAP field should we search the username against to locate the user's profile after successful login?
Account Suffix
Suffix to be automatically appended to the username if desired. e.g. @domain.com
NOTE: Changing this value will cause your existing directory users to have new accounts created the next time they login.
Base DN
The base DN for carrying out LDAP searches.
Bind DN
Enter a valid user account/DN to pre-bind with if your LDAP server does not allow anonymous profile searches, or requires a user with specific privileges to search.
I had to provide a valid user DN (shown as XXX above) and password in the Blind DN field, so apparently anonymous searches are disabled. To confirm successful authentication, I used the field “alias” to be compared to the user string provided through Wordpress.
Jeff
> On Dec 4, 2014, at 5:12 PM, Scott Damron <scott.damron at damronhouse.net> wrote:
>
> I don't remember if it is explicitly true, but I believe the LDAP server only binds to localhost (127.0.0.1) You may need to do a netstat to see and change it to bind to your IP address that you want it to listen on.
>
> Scott
>
> December 4 2014 4:09 PM, "Jeff Gilmore" <jeff at thegilmores.net <mailto:%22Jeff%20Gilmore%22%20<jeff at thegilmores.net>>> wrote:
>
> Hi all,
> I’m experimenting with setting up Kolab along with an instance of Wordpress to provide both groupware and additional web functionality. I’m hoping to allow the LDAP user store in Kolab to provide user authentication for the Wordpress stuff. Am I crazy, or is this a reasonable thing to expect to work?
>
> I’m using a Wordpress plugin called WPDirAuth to make this connection, but I’m a newbie with Kolab and not terribly experienced with LDAP. Would anyone be willing to review the settings from this plugin shown below and take a first stab at what values might make sense?
>
> The primary (and only) domain under which Kolab was setup is “ev.ithaca.ny.us <http://ev.ithaca.ny.us/>”.
>
> Any help will be greatly appreciated.
>
> Directory Servers (Domain Controllers)
>
> The DNS name or IP address of the directory server(s).
> NOTE: Separate multiple entries by a comma and/or alternate ports with a colon (eg: my.server1.org <http://my.server1.org/>, my.server2.edu <http://my.server2.edu/>:387). Unfortunately, alternate ports will be ignored when using LDAP/SSL, because of the way <http://ca3.php.net/ldap_connect> PHP handles the protocol.
> Account Filter
> (Defaults to samAccountName)
> What LDAP field should we search the username against to locate the user's profile after successful login?
> Account Suffix
>
> Suffix to be automatically appended to the username if desired. e.g. @domain.com <http://domain.com/>
> NOTE: Changing this value will cause your existing directory users to have new accounts created the next time they login.
> Base DN
>
> The base DN for carrying out LDAP searches.
> Bind DN
>
> Enter a valid user account/DN to pre-bind with if your LDAP server does not allow anonymous profile searches, or requires a user with specific privileges to search.
> Bind Password
>
> Enter a password for the above Bind DN if a value is needed.
> Note 1: this value will be stored in clear text in your WordPress database.
> Note 2: Simply clear the Bind DN value if you wish to delete the stored password altogether.
> Confirm Password
>
> Confirm the above Bind Password if you are setting a new value.
> Authentication Groups
>
> Enter each group CN that the user must be a member of in order to authenticate.
> NOTE: Separate multiple CNs by a comma.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20141204/caa86df6/attachment.html>
More information about the users
mailing list