#2038: LDAP integration in Wordpress for new web site
---------------------------+-------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Website rebranding 2017
Component: Systems Admin | Keywords:
---------------------------+-------------------------------------
We have LDAP queries to OSGeo allowed on staging.www.osgeo.org, but it's
not configured in wordpress to allow authentication via LDAP.
I think we will need to install a wordpress plugin such as one of these to
make it happen
https://wordpress.org/plugins/search/openldap/
None seemed to be installed at the moment.
I'm willing to do the leg work for this unless it is already stipulated in
GetInteractive contract that they should be doing this.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2038>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2038: LDAP integration in Wordpress for new web site
---------------------------+--------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Website rebranding 2017
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------------------------
Comment (by cvvergara):
The WP version that is being used is 4.9 and this one has being tested on
that version:
https://wordpress.org/plugins/ldap-login-for-intranet-sites/
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2038#comment:1>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2038: LDAP integration in Wordpress for new web site
---------------------------+--------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Website rebranding 2017
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------------------------
Comment (by robe):
Yah that one looks like it has all features we need like segmenting
permssions by ldap group.
I'll install that one and see how it goes. We can always uninstall and
install a different one if we decide against that one.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2038#comment:2>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2038: LDAP integration in Wordpress for new web site
---------------------------+--------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Website rebranding 2017
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------------------------
Comment (by robe):
Alex also thought we should look at:
https://wordpress.org/plugins/next-active-directory-integration/
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2038#comment:3>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2038: LDAP integration in Wordpress for new web site
---------------------------+--------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Website rebranding 2017
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------------------------
Comment (by robe):
Okay as mentioned on list, I ended up going with
https://wordpress.org/plugins/wpdirauth/
It was the only one of the 3 I tried I could get to work and didn't
frustrate me with having to register.
I couldn't find a way in wordpress interface to rename logins or flag an
account as an LDAP one, but luckily the database was an openbook. So I
was able to with the power of SQL update accounts and flag them as LDAP.
SQL always to the rescue :).
I've done this for Vicky Vergara, strk (Sandro Santilli), Jody Garnett
(jive, his and mine were the only ones I had to rename the login so far),
and Paul Ramsey.
Looks like after I do that, you can no longer login with your local
password Get Interactive set you up with, but can log in with your LDAP
password. In theory if the LDAP server is down, then it's supposed to fall
back on your local password.
As I said the system will also automatically create accounts on first
login if the email address and login name is not already in use and also
allows you to preenter LDAP accounts.
I'll let Jody give final okay that I didn't screw up his account, and then
I'll go ahead and match up the rest of the users with LDAP and convert
over the ones that match (by name or login or email).
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2038#comment:4>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2038: LDAP integration in Wordpress for new web site
---------------------------+--------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Website rebranding 2017
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------------------------
Comment (by strk):
> As I said the system will also automatically create accounts on first
> login if the email address and login name is not already in use and also
> allows you to preenter LDAP accounts.
You mean local accounts corresponding to LDAP accounts ?
How could login name be already in use ?
Email address I guess could be in use because we do have
duplicated email addresses in LDAP...
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2038#comment:5>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2038: LDAP integration in Wordpress for new web site
---------------------------+--------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Website rebranding 2017
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------------------------
Comment (by robe):
Replying to [comment:5 strk]:
> > As I said the system will also automatically create accounts on first
> > login if the email address and login name is not already in use and
also
> > allows you to preenter LDAP accounts.
>
> You mean local accounts corresponding to LDAP accounts ?
> How could login name be already in use ?
>
A good chunk of the accounts already existing - e.g. my favorite folks
strk, pramsey, evenr were already set up in system as local accounts.
So if you tried logging in before with your ldap, it wouldn't let you and
wouldn't be able to create a new one. To avoid destroying data, you know
your cute picture and stuff, I have add an entery to the wordpress
usermeta to flag these local accounts to go via ldap authentication.
I documented the process I did for adhoc here -
https://wiki.osgeo.org/wiki/SAC:betawebsite#Enabling_LDAP_Login_for_Wordpress
I'm going to generate a script to do it for the remainder that match and
then close this ticket out when I am done.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2038#comment:6>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2038: LDAP integration in Wordpress for new web site
---------------------------+--------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone: Website rebranding 2017
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+--------------------------------------
Changes (by robe):
* status: new => closed
* resolution: => fixed
Comment:
I was able to auto match a total of 63 wordpress local accounts to an ldap
account and converted them to be authenticated via LDAP.
Where the email matched but the ldap login id (uid) was different, I
updated the wordpress user_login to match the LDAP one.
There were 29 I couldn't match up by uid or email. These I left as local
accounts.
If they try to login via LDAP, it will autocreate a new wordpress account
and flag as authenticated as LDAP. We can merge accounts after if this
happens.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2038#comment:7>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.