Unable to retrieve the groups from group attribute

[devent]

Hi. I want to use the group to wordpress role mapping. I added a new ObjectClass wordpressUser with an attribute wordpressGroups.

Wordpress: 5.9 Plugin Version: 2.5.1

dn: cn=wordpress,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: wordpress
olcAttributeTypes: {0}( 2.999.4 NAME 'wordpressGroups' DESC 'Determines which Wordpress groups the user belongs to.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcObjectClasses: {0}( 2.999.5 NAME 'wordpressUser' DESC 'wordpressUser' SUP top AUXILIARY MAY  ( wordpressGroups ) )

The users have now the wordpressGroups attribute that lists the Wordpress-Groups/roles. For example:

$ ldapsearch -x -H ldap://localhost:1389 -b "ou=People,dc=muellerpublic,dc=de" -D "cn=admin,dc=muellerpublic,dc=de" -w xxx "(&(objectClass=wordpressUser)(memberOf=cn=Interscalar,ou=group,dc=muellerpublic,dc=de)(|(uid=erwin)(cn=erwin)))"
Handling connection for 1389
# extended LDIF
#
# LDAPv3
# base <ou=People,dc=muellerpublic,dc=de> with scope subtree
# filter: (&(objectClass=wordpressUser)(memberOf=cn=Interscalar,ou=group,dc=muellerpublic,dc=de)(|(uid=erwin)(cn=erwin)))
# requesting: ALL
#

# erwin, People, muellerpublic.de
dn: uid=erwin,ou=People,dc=muellerpublic,dc=de
uid: erwin
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: matomoUser
objectClass: wordpressUser
userPassword:: xxx
wordpressGroups: editor
mail: erwin@muellerpublic.de
matomoAdmin: matomo.andrea-1.muellerpublic.de:all
sn:: TcO8bGxlcg==
cn: Erwin

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

In Wordpress I have configured the plugin:

• Group-Base: ou=People,dc=muellerpublic,dc=de
• Group-Attribute: wordpressGroups
• Group-Filter: (&(objectClass=wordpressUser)(memberOf=cn=Interscalar,ou=group,dc=muellerpublic,dc=de)(|(uid=%s)(cn=%s)))
• Administrator: administrator

The user can login but no Group-Attribute can be read.

[Tue Feb 22 15:24:46.668960 2022] [php7:notice] [pid 391] [client 10.0.1.148:34650] [AuthLDAP] User '' logging in
[Tue Feb 22 15:24:46.668988 2022] [php7:notice] [pid 391] [client 10.0.1.148:34650] [AuthLDAP] Username not supplied: return false
10.0.1.148 - - [22/Feb/2022:15:24:46 +0000] "GET /wp-login.php HTTP/1.1" 200 7519
[Tue Feb 22 15:24:49.194662 2022] [php7:notice] [pid 395] [client 10.0.1.202:54882] [AuthLDAP] User 'erwin' logging in, referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US
[Tue Feb 22 15:24:49.194705 2022] [php7:notice] [pid 395] [client 10.0.1.202:54882] [AuthLDAP] about to do LDAP authentication, referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US
[Tue Feb 22 15:24:49.194713 2022] [php7:notice] [pid 395] [client 10.0.1.202:54882] [AuthLDAP] connect to LDAP server, referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US
[Tue Feb 22 15:24:49.206594 2022] [php7:notice] [pid 395] [client 10.0.1.202:54882] [AuthLDAP] LDAP authentication successfull, referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US
[Tue Feb 22 15:24:49.207577 2022] [php7:notice] [pid 395] [client 10.0.1.202:54882] [AuthLDAP] Existing user, uid = 7, referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US
[Tue Feb 22 15:24:49.207650 2022] [php7:notice] [pid 395] [client 10.0.1.202:54882] [AuthLDAP] Array\n(\n    [administrator] => administrator\n    [editor] => editor\n    [author] => author\n    [contributor] => contributor\n    [subscriber] => subscriber\n)\n, referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US
[Tue Feb 22 15:24:49.207666 2022] [php7:notice] [pid 395] [client 10.0.1.202:54882] [AuthLDAP] Array\n(\n    [administrator] => administrator\n    [editor] => editor\n    [author] => author\n    [contributor] => contributor\n    [subscriber] => subscriber\n)\n, referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US
[Tue Feb 22 15:24:49.207677 2022] [php7:notice] [pid 395] [client 10.0.1.202:54882] [AuthLDAP] Group Filter: "(&(objectClass=wordpressUser)(memberOf=cn=Interscalar,ou=group,dc=muellerpublic,dc=de)(|(uid=%s)(cn=%s)))", referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US
[Tue Feb 22 15:24:49.207680 2022] [php7:notice] [pid 395] [client 10.0.1.202:54882] [AuthLDAP] Group Base: ou=People,dc=muellerpublic,dc=de, referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US
[Tue Feb 22 15:24:49.207709 2022] [php7:warn] [pid 395] [client 10.0.1.202:54882] PHP Warning:  sprintf(): Too few arguments in /bitnami/wordpress/wp-content/plugins/authldap/authLdap.php on line 574, referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US
[Tue Feb 22 15:24:49.208099 2022] [php7:warn] [pid 395] [client 10.0.1.202:54882] PHP Warning:  ldap_search(): Search: Protocol error in /bitnami/wordpress/wp-content/plugins/authldap/ldap.php on line 205, referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US
[Tue Feb 22 15:24:49.208139 2022] [php7:notice] [pid 395] [client 10.0.1.202:54882] [AuthLDAP] Exception getting LDAP group attributes: no result found, referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US
[Tue Feb 22 15:24:49.208146 2022] [php7:notice] [pid 395] [client 10.0.1.202:54882] [AuthLDAP] role from group mapping: , referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US
[Tue Feb 22 15:24:49.208149 2022] [php7:notice] [pid 395] [client 10.0.1.202:54882] [AuthLDAP] no role yet, set default role, referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US
[Tue Feb 22 15:24:49.208225 2022] [php7:notice] [pid 395] [client 10.0.1.202:54882] [AuthLDAP] The LDAP user has an entry in the WP-Database, referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US
[Tue Feb 22 15:24:49.211514 2022] [php7:notice] [pid 395] [client 10.0.1.202:54882] [AuthLDAP] user id = 7, referer: https://www.interscalar.muellerpublic.de/wp-login.php?loggedout=true&wp_lang=en_US

Any help please?

[d19dotca]

I just filed a GitHub issue and stumbled across yours just now, I wonder if these are related. In my case, I only had this similar issue of the plugin being unable to detect existing roles/groups in WordPress if the WooCommerce plugin was also enabled. All my sites without the WooCommerce plugin worked fine for AuthLDAP.

[heiglandreas]

Can you please check whether the update that I just published solves your issue? If so then it was indeed some other plugin filtering out the appropriate groups.

If not I need to go back to the drawing board for this issue.

Thanks for your feedback and your patience on this.

[heiglandreas]

I assume this is by now solved.