ldap enabled wordpress

Thu, Nov 25, 2004

I’ve now ported the LDAP to Wordpress 1.5

Managed to modify Wordpress 1.2.1 to use LDAP for it’s authentication. There were some problems with the cookie, as the MD5 of the password is stored in the cookie and is passed around by various pages that need authentication. To get round this, the first version of LDAP authentication replaces the MD5 password with the MD5 of a special LDAP marker. The login process can then recognise this marker and skip authentication. This also stops the overhead of authenticating via LDAP on redirects. The sessions are controlled normally by the cookie code, which is unchanged. The modified files are:

At the moment, you retrofit the LDAP functionality to an existing WordPress installation and all users will then have their passwords checked against their LDAP store, so if they differ from their WordPress passwords, then the sysadmin will have to let them know that they should use their LDAP password.

The LDAP password is never synched with the WordPress database

Download the LDAP modifications

comments powered by Disqus