WordPress with OpenLDAP on Mac OS X 10.4 Tiger
I am currently moving my whole server to an integrated Kerberos/LDAP user management regime.
If possible, I’m trying to make the whole system Single-Sign-On: But it’s not as simple as it may (or may not) seem.
One part of my online presence – my WordPress blog – despite the promise of the wpLDAP plugin, refused to work from the box with Mac OS X Tiger.
However, the fix is actually trivial.
wpLDAP relies on the adLDAP module, which by it’s name is obviously geared towards Active Directory. However, if you are using OpenLDAP bundled with Mac OS X Server, you won’t be able to configure the wpLDAP plugin without tweaking the code or forcing your users to type in the whole OpenLDAP Distinguished Name.
wpLDAP plugin authenticates with a sting like this:
<username>@<account suffix>,<base DN>
The problem is that Mac OS X OpenLDAP maps the “Short User Name” to uid and needs to be referefernced by preceding the Username with “uid=”
To prove this, if you have successfully set up wdLDAP but are unable to login and asked to check the credentials, try logging in with the whole DN instead of just the username… i.e.
Or depending on how the baseDN is set up, just the uid= bit
Find the line in …/wp-contents/plugins/wpldap.php
and change it to
… $objLDAP->authenticate(“uid=”.$username.”,”.$ldapBaseDn,$password) …
That should supply the fully qualified DN for Mac OS X OpenLDAP.