error to connect ldap

[lagethomas]

Estou testando o plugin, mas quando aprovo um usuário que tentou fazer login, ele não cria o usuário no banco de dados wordpress e o login não acontece. Estou usando o ldap.

[pkarjala]

From Google Translate:

I am testing the plugin, but when I approve a user who tries to login, he does not create the user in the WordPress database and the login does not happen. I'm using ldap.

Hi @lagethomas, to clarify, this is the state of the application:

1. Authorizer has been configured to connect to your LDAP server
2. A user who is present in LDAP has been added to Authorizer and approved by a site administrator in Authorizer
3. This user does not yet have a WordPress account on your website
4. When the user logs in, the login does not successfully occur and a WordPress user is not created.

Do you have any logfiles showing errors or other issues when the login happens? Are you able to verify that the LDAP connection information in Authorizer is correctly configured?

[figureone]

You can also use the LDAP Test to get debug information about where it might be failing:

[lagethomas]

@pkarjala and @figureone

Good morning guys. I'm sorry for the delay. The Plugin works, validates the authentication and appears for me to approve the user's entry to the right website. The problem is that after I approve the user is not created in the Wordpress database and even after approving it does not log in. It asks again to grant access. It was possible to create the user using miniOrange, but as it is paid most of the features do not work. I have to use "Authorizer" together with "miniOrange" to do a more "complete" authentication. I approve it through the Authorizer and when a person logs in after approval, miniOrange creates the user and the information is mapped by the Authorizer. It was a bit of a gimmick, but it's working. It would be nice to be able to do everything through the Authorizer.

• Approve the user
• Create user without login (Imported from LDAP)
• Map the fields (Name, Email, telephone)
• Filter a specific Active Directory group without having to bring the entire directory
• Auto approval (So when it sees that the user exists in the AD group, it automatically approves and creates the user in the Wordpress database)

[figureone]

If you want to avoid manually approving users you can set "Who can log into this site?" to "All authenticated users" and then configure your LDAP Search Filter to be the specific AD group(s) you want to allow. Note that the WordPress accounts are only created when the user logs in.

You can set "LDAP attribute containing email address," "LDAP attribute containing first name," and "LDAP attribute containing last name" to map those values to the WordPress account. If you have a custom usermeta field for phone number, you can hook into authorizer_additional_ldap_attributes_to_retrieve to specify the LDAP attribute, and then hook intoauthorizer_allow_login to fetch that value when a user logs in and call update_user_meta() to save the attribute to the WordPress account. See this pull request for details: https://github.com/uhm-coe/authorizer/pull/94

[lagethomas]

Se quiser evitar a aprovação manual de usuários, você pode definir "Quem pode fazer login neste site?" para "Todos os usuários autenticados" e configure seu filtro de pesquisa LDAP para ser o(s) grupo(s) AD específico(s) que você deseja permitir. Observe que as contas do WordPress só são criadas quando o usuário faz login.

Você pode definir "Atributo LDAP contendo endereço de e-mail", "Atributo LDAP contendo nome" e "Atributo LDAP contendo sobrenome" para mapear esses valores para a conta do WordPress. Se você tiver um campo usermeta personalizado para número de telefone, poderá conectar-se authorizer_additional_ldap_attributes_to_retrievepara especificar o atributo LDAP e, em seguida, conectar-se authorizer_allow_loginpara buscar esse valor quando um usuário fizer login e ligar update_user_meta()para salvar o atributo na conta do WordPress. Veja esta solicitação pull para obter detalhes: #94

Good morning! I set it to authenticated users to avoid approval and it worked, the user was created without login. When it is about to be approved, even after approving the user cannot log in and it is not created. What can it be? It falls into the approval queue and when approved the user will try to log in, he will approve again and stay in this loop.

[lagethomas]

@pkarjalae@figureone

Bom Dia pessoal. Desculpe a demora. O Plugin funciona, valida a autenticação e aparece para eu aprovar a entrada do usuário no site certo. O problema é que depois que eu aprovo o usuário não é criado no banco de dados Wordpress e mesmo depois de aprovar ele não efetua login. Ele pede novamente para conceder acesso. Foi possível criar o usuário utilizando o miniOrange, mas como ele é pago a maioria dos recursos não funciona. Tenho que usar "Authorizer" junto com "miniOrange" para fazer uma autenticação mais "completa". Eu aprovo através do Autorizador e quando uma pessoa faz login após a aprovação, o miniOrange cria o usuário e as informações são mapeadas pelo Autorizador. Foi meio que um truque, mas está funcionando. Seria bom poder fazer tudo através do Autorizador.

• Aprovar o usuário
• Criar usuário sem login (importado do LDAP)
• Mapeie os campos (Nome, Email, telefone)
• Filtre um grupo específico do Active Directory sem precisar trazer o diretório inteiro
• Aprovação automática (Assim, ao constatar que o usuário existe no grupo AD, ele aprova e cria automaticamente o usuário no banco de dados Wordpress)

In this case, even though the user exists and approval takes place, the user is not created.

[lagethomas]

When I apply the filter it says it can't find the user

[lagethomas]

I managed to make it work! In principle everything is fine, the basic attributes.

[pkarjala]

If you don't mind sharing what the solution was to help others, that would be great!

Marking resolved.

[lagethomas]

If you don't mind sharing what the solution was to help others, that would be great!

Marking resolved. This is the configuration in my Wordpress LDAP Host = IP_SERVER LDAP Port = PORT_SERVER LDAP Search Base = dc=your,dc=domain,dc=local LDAP Search Filter = (memberOf=CN=INTRANET_LOGIN,OU=GROUPS,OU=03 - OTHERS,DC=your,DC=domain,DC=local) - Filter with group of Active Directory LDAP attibute containing username = sAMAccountName LDAP attibute containing email address = @valgroupco.com LDAP Directory User = CN=Services Account,CN=Users,DC=your,DC=domain,DC=local User with permission for read your Active directory LDAP Directory User Password = YOUR_PASSOWRD_USER_AD LDAP attribute containing first name = givenName LDAP attribute containing last name = sn LDAP attribute update = Update firt and last name fields on login (Choose according to your option)