Title: [Plugin: Active Directory Authentication] Security Update Last modified: August 19, 2016 --- # [Plugin: Active Directory Authentication] Security Update * [jbearak](https://wordpress.org/support/users/jbearak/) * (@jbearak) * [17 years, 9 months ago](https://wordpress.org/support/topic/plugin-active-directory-authentication-security-update/) * Please update to version 1.0.5. It contains an important security fix. Viewing 7 replies - 1 through 7 (of 7 total) * [dustinb44](https://wordpress.org/support/users/dustinb44/) * (@dustinb44) * [17 years, 9 months ago](https://wordpress.org/support/topic/plugin-active-directory-authentication-security-update/#post-850439) * jbearak, This is an awesome plugin, tried some of the others and I could not get them to work. So here is my issue: I have 1.3 working great, running 2.6.2, if I upgrade to 1.4 or 1.5 it breaks authentication altogether. Just continues to give errors of wrong password. Any ideas what might have this effect since 1.3. Dustin * [dustinb44](https://wordpress.org/support/users/dustinb44/) * (@dustinb44) * [17 years, 8 months ago](https://wordpress.org/support/topic/plugin-active-directory-authentication-security-update/#post-850447) * another new development. 1.3 now allows any password to be used when enabled. As I thought AD was working, any password works. example: user account: johnd password: password (setup in wordpress), enable plugin, password works, AD password works and so would xxxx….$$$$, doesn’t matter what you put in there! Any ideas? * Thread Starter [jbearak](https://wordpress.org/support/users/jbearak/) * (@jbearak) * [17 years, 8 months ago](https://wordpress.org/support/topic/plugin-active-directory-authentication-security-update/#post-850452) * Hi, * Sorry for the long delay in replying — WordPress.org does not seem to send emails to let me know their are any replies. * One, use 1.0.5 and not 1.0.3 because of the reason you just listed. * Two, I have not updated to 1.6.2. Does you have issues with this plugin when using 1.6.1? (1.0.4 and 1.0.5 are the same, just that I neglected to update the metadata for the plugins directory the first time around.) * [dustinb44](https://wordpress.org/support/users/dustinb44/) * (@dustinb44) * [17 years, 8 months ago](https://wordpress.org/support/topic/plugin-active-directory-authentication-security-update/#post-850453) * I do have 2.6.2 installed, I tried this on 2.6.1 and could not get it working either. Just comes up with incorrect password, I have the following set: domain controller: us1dc1.corp.company.org base dn: dc=corp,dc=company,dc=org tried putting in ou=Americas or other doesn’t make a difference. We do have OU’s set for contries and then OU’s under those for remote users, contractors, locations in the countries, etc. * Steps: upgraded to 1.05, removed old user (could logon using WP password only), recreated user, tried to logon with either WP or AD password failed. * Tried some of the different settings, around base DN with no luck Thanks for any help or insight you may provide. Dustin * Thread Starter [jbearak](https://wordpress.org/support/users/jbearak/) * (@jbearak) * [17 years, 8 months ago](https://wordpress.org/support/topic/plugin-active-directory-authentication-security-update/#post-850454) * Just to be totally clear, do you have “account suffix” set? If so, the name in the WP database needs to be usernameAccountSuffix. So, if a username is jdoe, and account suffix is [@foo](https://wordpress.org/support/users/foo/), the username in the WordPress database is jdoe@foo (, but what the user needs to type to log in is jdoe.) * As for failing at the WP password level, this does not make sense at all. This plugin disabled the WP password box. You could not have set a user’s password, not without first disabling the plugin. If you can set passwords, some other plugin must be interfering in some way and overriding this one (I think). * [dustinb44](https://wordpress.org/support/users/dustinb44/) * (@dustinb44) * [17 years, 8 months ago](https://wordpress.org/support/topic/plugin-active-directory-authentication-security-update/#post-850462) * I do not have anything set in the “account suffix”, it is blank. * As for logon I would use jdoe and whatever the AD password would be, however, that currently returns the error and is unable to logon. * The only setting currently configured in 1.5 is domain controller. * [iwinarto](https://wordpress.org/support/users/iwinarto/) * (@iwinarto) * [17 years, 8 months ago](https://wordpress.org/support/topic/plugin-active-directory-authentication-security-update/#post-850475) * Hi jbearak, * Like dustinb44, I too can confirm that the 1.0.3 plugin works fine on my wordpress 2.6.2, but not 1.0.5 (I didn’t test 1.0.4 as I ran out of time for now). * The only difference I can see between 1.0.3 and 1.0.5 is the addition of $this- > for a few of the variables (?), which I don’t think is the cause, and the changing of function from skip_password_check to override_password_check, which now compares whether $this->authenticated is true or not. I think this could be the cause, i.e., it never find $this->authenticated to be true, and thus returning $check, which is false. * PS: I’m not a PHP developer so I apologise if the term I use above is not correct. Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘[Plugin: Active Directory Authentication] Security Update’ is closed to new replies. * In: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/) * 7 replies * 3 participants * Last reply from: [iwinarto](https://wordpress.org/support/users/iwinarto/) * Last activity: [17 years, 8 months ago](https://wordpress.org/support/topic/plugin-active-directory-authentication-security-update/#post-850475) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics