Open aglavic opened 6 months ago
heiglandreas
commented
6 months ago Hey Artur.
Would you mind sharing your config? Either (redacted) as screenshot or via email to andreas AT heigl DOT org?
That would help me immensly in figuring out what went south.
aglavic
commented
6 months ago Sure, thanks for the quick response:
Config:
LDAP URI: ldap://cn=admin,dc={domain},dc=de:{password}@127.0.0.1/dc={domain},dc=de
LDAP URI-Separator: <empty>
StartTLS: False
Filter: (uid=%s)
LDAP Groups override role of existing users?: True
Group-Base: ou=groups,dc={domain},dc=de
heiglandreas
commented
6 months ago Hm. That looks perfectly valid. I'll have to check some tests and will get back to you.
heiglandreas
commented
6 months ago Thanks for raising the issue! I was able to verify the problem in a new test. Fix will be upcoming!
aglavic
commented
6 months ago Perfect, you're great!
matbr
commented
4 months ago Hi @heiglandreas , any news on this? Facing the same issue. Anything to support on this?
btw, I tried to install 2.6.1 from github but WP says the zip contains already installed 2.6.0...
cheers,
Mat
heiglandreas
commented
4 months ago Thank you all for your patience! I just released a new fix version that should fix the issue.
It also fixes the missing version increment 🙈
matbr
commented
3 months ago @heiglandreas not sure why, but still not working for multi-role support...
[24-May-2024 15:53:05 UTC] [AuthLDAP] User '' logging in
[24-May-2024 15:53:05 UTC] [AuthLDAP] Username not supplied: return false
[24-May-2024 15:53:12 UTC] [AuthLDAP] User 'max.muster' logging in
[24-May-2024 15:53:12 UTC] [AuthLDAP] about to do LDAP authentication
[24-May-2024 15:53:12 UTC] [AuthLDAP] connect to LDAP server
[24-May-2024 15:53:12 UTC] [AuthLDAP] LDAP authentication successful
[24-May-2024 15:53:12 UTC] [AuthLDAP] Existing user, uid = 4
[24-May-2024 15:53:12 UTC] [AuthLDAP] Array
(
[administrator] => xxxx-web-admin
[editor] => xxxx-web-redaktion
[author] => xxxx-web-autor
[contributor] =>
[subscriber] =>
[translator] =>
[teacher] => lehrer-xxxx
[custom_permalinks_manager] =>
[personalkreis] => xxxx-Demo
[wpseo_manager] =>
[wpseo_editor] =>
[matomo_view_role] =>
[matomo_write_role] =>
[matomo_admin_role] =>
[matomo_superuser_role] =>
)
[24-May-2024 15:53:12 UTC] [AuthLDAP] Array
(
[administrator] => xxxx-web-admin
[editor] => xxxx-web-redaktion
[wpseo_manager] =>
[wpseo_editor] =>
[author] => xxxx-web-autor
[contributor] =>
[personalkreis] => xxxx-Demo
[subscriber] =>
[translator] =>
[teacher] => lehrer-xxxx
[custom_permalinks_manager] =>
[matomo_view_role] =>
[matomo_write_role] =>
[matomo_admin_role] =>
[matomo_superuser_role] =>
)
[24-May-2024 15:53:12 UTC] [AuthLDAP] Group Filter: "(&(objectClass=posixGroup)(memberUid=%s))"
[24-May-2024 15:53:12 UTC] [AuthLDAP] Group Base:
[24-May-2024 15:53:12 UTC] [AuthLDAP] LDAP groups: ["Domain Users","Administrators","admins-xxxx","lehrer-xxxx","mitarbeiter-xxxx","Domain Users xxxx","xxxx-import-all","xxxx-lehrer","xxxx-Verwaltung","xxxx-Demo","xxxx-web-admin"]
[24-May-2024 15:53:12 UTC] [AuthLDAP] Roles from LDAP group: ["administrator"]
[24-May-2024 15:53:12 UTC] [AuthLDAP] role from group mapping: ["administrator"]
[24-May-2024 15:53:12 UTC] [AuthLDAP] The LDAP user has an entry in the WP-Database
[24-May-2024 15:53:12 UTC] [AuthLDAP] user id = 4so any additional role assigned to the user is removed and only the administrator role remains.
heiglandreas
commented
3 months ago Ahhhh. OK. I think in that case the "highes" role "wins"....
I need to dig into that but think that needs a separate config flag...
Thanks for providing this awesome plugin!
I've setup the plugin to correctly resolve my users and groups. All works great on the first login and changes of LDAP passwords also reflect correctly when login in the next time.
However, if I change the group mapping or the LDAP group membership of the user the WP association is not updated accordingly. The debug output is as follows:
So it seems the group mapping is not queried anymore and thus kept from the first login. This also means it is impossible to revoke the right to access WP from LDAP.
Would be happy for any help.