LDAP enabled WordPress
I’ve now ported the LDAP to WordPress 1.5
Managed to modify WordPress 1.2.1 to use LDAP for it’s authentication. There were some problems with the cookie, as the MD5 of the password is stored in the cookie and is passed around by various pages that need authentication. To get round this, the first version of LDAP authentication replaces the MD5 password with the MD5 of a special LDAP marker. The login process can then recognise this marker and skip authentication. This also stops the overhead of authenticating via LDAP on redirects.
The sessions are controlled normally by the cookie code, which is unchanged.
The modified files are:
- ldap/* – Contains all the LDAP functionality
- wp-login.php – Contains the LDAP authentication code and modified cookie content
- wp-admin/auth.php – This is modified to take account of the LDAP cookie marker
- wp-config.php – Contains some LDAP definitions
wp-config.php contains an LDAP switch. Setting this to TRUE turns on LDAP authentication. Setting it to FALSE turns it off and normal WordPress authentication takes over
At the moment, you retrofit the LDAP functionality to an existing WordPress installation and all users will then have their passwords checked against their LDAP store, so if they differ from their WordPress passwords, then the sysadmin will have to let them know that they should use their LDAP password.
The LDAP password is never synched with the WordPress database