m451wells
Forum Replies Created
-
Forum: Plugins
In reply to: [Memphis Documents Library] WordPress MU – Page Not FoundI was able to resolve this. The menu plugin seemed to be providing a different url. I was able to manually create the link and it’s working fine.
Very sorry, but thanks so much!Forum: Plugins
In reply to: [Authorizer] LDAP Errors –Here are the logs after adding the items mentioned
==> /var/log/httpd/portal_example.com-nss-error_log <== [Wed Aug 31 20:41:54.329869 2016] [:error] [pid 21775] [client 192.168.1.203:60816] running custom auth., referer: https://portal.example.com/wp-login.php [Wed Aug 31 20:41:54.329966 2016] [:error] [pid 21775] [client 192.168.1.203:60816] remove tld because its in the username., referer: https://portal.example.com/wp-login.php [Wed Aug 31 20:41:54.487562 2016] [:error] [pid 21775] [client 192.168.1.203:60816] ldaptls is set., referer: https://portal.example.com/wp-login.php [Wed Aug 31 20:41:54.488471 2016] [:error] [pid 21775] [client 192.168.1.203:60816] ldap first name lookup., referer: https://portal.example.com/wp-login.php [Wed Aug 31 20:41:54.488504 2016] [:error] [pid 21775] [client 192.168.1.203:60816] ldap surname lookup., referer: https://portal.example.com/wp-login.php [Wed Aug 31 20:41:54.488534 2016] [:error] [pid 21775] [client 192.168.1.203:60816] ldap email lookup., referer: https://portal.example.com/wp-login.php [Wed Aug 31 20:41:54.489991 2016] [:error] [pid 21775] [client 192.168.1.203:60816] get bind dn of first/surname., referer: https://portal.example.com/wp-login.php [Wed Aug 31 20:41:54.490043 2016] [:error] [pid 21775] [client 192.168.1.203:60816] user first get., referer: https://portal.example.com/wp-login.php [Wed Aug 31 20:41:54.490093 2016] [:error] [pid 21775] [client 192.168.1.203:60816] user surname get., referer: https://portal.example.com/wp-login.php [Wed Aug 31 20:41:54.490191 2016] [:error] [pid 21775] [client 192.168.1.203:60816] user email get., referer: https://portal.example.com/wp-login.php [Wed Aug 31 20:41:54.497927 2016] [:error] [pid 21775] [client 192.168.1.203:60816] email 2., referer: https://portal.example.com/wp-login.php [Wed Aug 31 20:41:54.497976 2016] [:error] [pid 21775] [client 192.168.1.203:60816] authenticated by., referer: https://portal.example.com/wp-login.php [Wed Aug 31 20:41:54.498018 2016] [:error] [pid 21775] [client 192.168.1.203:60816] authenticated ldap user with email:, referer: https://portal.example.com/wp-login.php [Wed Aug 31 20:41:54.498060 2016] [:error] [pid 21775] [client 192.168.1.203:60816] Array\n(\n [0] => [email protected]\n)\n, referer: https://portal.example.com/wp-login.php [Wed Aug 31 20:41:54.541672 2016] [:error] [pid 21775] [client 192.168.1.203:60816] WP_User Object\n(\n [data] => stdClass Object\n (\n [ID] => 290\n [user_login] => matt.wells\n [user_pass] => $P$BtXXXXXXXXXXXXXXXXXXXXXXXXXXXTQlh50\n [user_nicename] => matt-wells\n [user_email] => [email protected]\n [user_url] => \n [user_registered] => 2016-08-31 20:41:54\n [user_activation_key] => \n [user_status] => 0\n [display_name] => Matt Wells\n [spam] => 0\n [deleted] => 0\n )\n\n [ID] => 290\n [caps] => Array\n (\n [subscriber] => 1\n )\n\n [cap_key] => wp_capabilities\n [roles] => Array\n (\n [0] => subscriber\n )\n\n [allcaps] => Array\n (\n [read] => 1\n [level_0] => 1\n [edit_documents] => \n [edit_others_documents] => \n [edit_private_documents] => \n [edit_published_documents] => \n [read_documents] => 1\n [read_document_revisions] => \n [read_private_documents] => \n [delete_documents] => \n [delete_others_documents] => \n [delete_private_documents] => \n [delete_published_documents] => \n [publish_documents] => \n [override_document_lock] => \n [subscriber] => 1\n )\n\n [filter] => \n)\n, referer: https://portal.example.com/wp-login.php ==> /var/log/httpd/portal.example.com-nss-access_log <== 192.168.1.203 - - [31/Aug/2016:20:41:53 +0000] "POST /wp-login.php HTTP/1.1" 200 6597 192.168.1.203 - - [31/Aug/2016:20:41:54 +0000] "GET /favicon.ico HTTP/1.1" 200 - ^CHow does it lookup my account? Is it based on UID or MAIL attributes? I can see the auth happens and it makes the user with the proper attributes; after that what’s next? Is that a lookup to the directory again based on email?
Forum: Plugins
In reply to: [Authorizer] LDAP Errors –I’m adding this now but can mention that email does = mail in our ldap as normal. The email address populates on the user when it’s created properly.
Just wanted to mention that as I start the edit.
Thanks Paul!Forum: Plugins
In reply to: [Authorizer] LDAP Errors –Hi Paul, hope your weekend went well. I wondered if you had time to look at the info I sent. Again, I really appreciate all your time and hard work.
Forum: Plugins
In reply to: [Authorizer] LDAP Errors –I attempted login with a service account; it had a _ in the name but not a . and it still failed. So may have answered my own question.
Forum: Plugins
In reply to: [Authorizer] LDAP Errors –I added in a bunch more error_log statements and pasted it all here
These are the logs from a new user
[Thu Aug 25 16:29:02.998653 2016] [:error] [pid 8001] [client 192.168.1.2:54722] ldaptls is set., referer: https://wordpress.example.com.com/wp-login.php?redirect_to=%2F [Thu Aug 25 16:29:02.999304 2016] [:error] [pid 8001] [client 192.168.1.2:54722] ldap first name lookup., referer: https://wordpress.example.com.com/wp-login.php?redirect_to=%2F [Thu Aug 25 16:29:02.999340 2016] [:error] [pid 8001] [client 192.168.1.2:54722] ldap surname lookup., referer: https://wordpress.example.com.com/wp-login.php?redirect_to=%2F [Thu Aug 25 16:29:02.999361 2016] [:error] [pid 8001] [client 192.168.1.2:54722] ldap email lookup., referer: https://wordpress.example.com.com/wp-login.php?redirect_to=%2F [Thu Aug 25 16:29:03.001375 2016] [:error] [pid 8001] [client 192.168.1.2:54722] get bind dn of first/surname., referer: https://wordpress.example.com.com/wp-login.php?redirect_to=%2F [Thu Aug 25 16:29:03.001416 2016] [:error] [pid 8001] [client 192.168.1.2:54722] user first get., referer: https://wordpress.example.com.com/wp-login.php?redirect_to=%2F [Thu Aug 25 16:29:03.001461 2016] [:error] [pid 8001] [client 192.168.1.2:54722] user surname get., referer: https://wordpress.example.com.com/wp-login.php?redirect_to=%2F [Thu Aug 25 16:29:03.001557 2016] [:error] [pid 8001] [client 192.168.1.2:54722] user email get., referer: https://wordpress.example.com.com/wp-login.php?redirect_to=%2F [Thu Aug 25 16:29:03.003870 2016] [:error] [pid 8001] [client 192.168.1.2:54722] email 2., referer: https://wordpress.example.com.com/wp-login.php?redirect_to=%2F [Thu Aug 25 16:29:03.003907 2016] [:error] [pid 8001] [client 192.168.1.2:54722] authenticated by., referer: https://wordpress.example.com.com/wp-login.php?redirect_to=%2F2nd login attempt after the user was created
[Thu Aug 25 16:34:41.572818 2016] [:error] [pid 8005] [client 192.168.1.2:33156] running custom auth., referer: https://wordpress.example.com.com/wp-login.php [Thu Aug 25 16:34:41.572898 2016] [:error] [pid 8005] [client 192.168.1.2:33156] remove tld because its in the username., referer: https://wordpress.example.com.com/wp-login.php [Thu Aug 25 16:34:41.724220 2016] [:error] [pid 8005] [client 192.168.1.2:33156] ldaptls is set., referer: https://wordpress.example.com.com/wp-login.php [Thu Aug 25 16:34:41.724732 2016] [:error] [pid 8005] [client 192.168.1.2:33156] ldap first name lookup., referer: https://wordpress.example.com.com/wp-login.php [Thu Aug 25 16:34:41.724768 2016] [:error] [pid 8005] [client 192.168.1.2:33156] ldap surname lookup., referer: https://wordpress.example.com.com/wp-login.php [Thu Aug 25 16:34:41.724784 2016] [:error] [pid 8005] [client 192.168.1.2:33156] ldap email lookup., referer: https://wordpress.example.com.com/wp-login.php [Thu Aug 25 16:34:41.726266 2016] [:error] [pid 8005] [client 192.168.1.2:33156] get bind dn of first/surname., referer: https://wordpress.example.com.com/wp-login.php [Thu Aug 25 16:34:41.726302 2016] [:error] [pid 8005] [client 192.168.1.2:33156] user first get., referer: https://wordpress.example.com.com/wp-login.php [Thu Aug 25 16:34:41.726315 2016] [:error] [pid 8005] [client 192.168.1.2:33156] user surname get., referer: https://wordpress.example.com.com/wp-login.php [Thu Aug 25 16:34:41.726326 2016] [:error] [pid 8005] [client 192.168.1.2:33156] user email get., referer: https://wordpress.example.com.com/wp-login.php [Thu Aug 25 16:34:41.728792 2016] [:error] [pid 8005] [client 192.168.1.2:33156] email 2., referer: https://wordpress.example.com.com/wp-login.php [Thu Aug 25 16:34:41.728833 2016] [:error] [pid 8005] [client 192.168.1.2:33156] authenticated by., referer: https://wordpress.example.com.com/wp-login.phpA question, my usernames are ‘first.surname’; I know as a whole WordPress doesn’t like that but the other ldap modules seem to handle it well. Could it be something with that? That on 2nd login he’s seeing a ” bad username ” so not querying ldap and going to local and that fails? Grasping at the wind but thought I’d ask and give more info.
Thanks again for all your help!Forum: Plugins
In reply to: [Authorizer] LDAP Errors –I was poking around on a few settings in wordpress to make sure I’m as default as can be and the logs showed one more; it’s what we expected and spoke about but here’s the log. #3 shows that the user auth’d and then was passed down to wordpress.
When a new user comes in and auth’s via LDAP, that user is then created a local wordpress account with the attributes it pulls from ldap right? That’s the mappings in tab 2 I think… those are working really well and I see my account created with proper email, uid, sn and givenname.
That local wordpress user is then generated a random password right? So I guess what’s the code that returns an ok status from LDAP? Can I put a logging statement there to ensure that LDAP sent back the good auth? Forgive me if it’s something we already did; my PHP is light at best.
This is also on a subsequent login. After my user first logged in, failed but user created.==> /var/log/httpd/wordpress.example.com-nss-error_log <== [Thu Aug 25 14:21:06.041174 2016] [:error] [pid 5950] [client 192.168.1.2:44030] running custom auth. [Thu Aug 25 14:21:06.041239 2016] [:error] [pid 5950] [client 192.168.1.2:44030] email 2. [Thu Aug 25 14:21:06.041249 2016] [:error] [pid 5950] [client 192.168.1.2:44030] authenticated by. [Thu Aug 25 14:21:06.041258 2016] [:error] [pid 5950] [client 192.168.1.2:44030] skip to wordpress auth.Forum: Plugins
In reply to: [Authorizer] LDAP Errors –My Edits
// Try LDAP authentication if it's enabled and we don't have an // authenticated user yet. if ( $auth_settings['ldap'] === '1' && count( $externally_authenticated_emails ) === 0 ) { error_log( 'running custom auth.' ); $result = $this->custom_authenticate_ldap( $auth_settings, $username, $password ); if ( ! is_wp_error( $result ) ) { if ( is_array( $result['email'] ) ) { error_log( 'email 1.' ); $externally_authenticated_emails = $result['email']; } else { error_log( 'email 2.' ); $externally_authenticated_emails[] = $result['email']; } error_log( 'authenticated by.' ); $authenticated_by = $result['authenticated_by']; } } // Skip to WordPress authentication if we don't have an externally // authenticated user. if ( count( array_filter( $externally_authenticated_emails ) ) < 1 ) { error_log( 'skip to wordpress auth.' ); return null; }Logs of the login
==> /var/log/httpd/wordpress.example.com-nss-error_log <== [Thu Aug 25 14:04:52.189811 2016] [:error] [pid 5936] [client 192.168.1.2:51988] running custom auth., referer: https://wordpress.example.com/wp-login.php?redirect_to=%2F [Thu Aug 25 14:04:52.346691 2016] [:error] [pid 5936] [client 192.168.1.2:51988] email 2., referer: https://wordpress.example.com/wp-login.php?redirect_to=%2F [Thu Aug 25 14:04:52.346741 2016] [:error] [pid 5936] [client 192.168.1.2:51988] authenticated by., referer: https://wordpress.example.com/wp-login.php?redirect_to=%2FForum: Plugins
In reply to: [Authorizer] LDAP Errors –One other item. I can fail the ldap login with my user and as I mentioned get the error. However the local wordpress user is only created when I auth properly; thus telling me that at least an initial auth is being made to ldap so it’s creating my local wordpress account.
I’m able to view the wp_users table and see the random password it generated me ( well at least that it made one; can’t read it of course ).
So while my error_log isn’t telling me exactly where it’s failing I feel good that I’m able to get past that initial auth and creation.Forum: Plugins
In reply to: [Authorizer] LDAP Errors –Here’s my commented section –
http://pastebin.com/Vvj1cYSRForum: Plugins
In reply to: [Authorizer] LDAP Errors –So an interesting item. I’ve added the _log statements to every spot within the ldap routine. On each login attempt I never get any logs. The only way I can get a log with the _log is when I type in something I know is not my password. Then I get the
“giving up, moving to wordpress auth”
I’ve gone through my other plugins to ensure that I’m not getting conflict and I’m almost down to a base wordpress site now.Forum: Plugins
In reply to: [Authorizer] LDAP Errors –I was looking into the code here
if ( ! $result ) { // We have a real ldap user, but an invalid password. Pass // through to wp authentication after failing LDAP (since // this could be a local account that happens to be the // same name as an LDAP user). return new WP_Error( 'using_wp_authentication', __( 'Moving on to WordPress authentication.', 'authorizer' ) ); }From what I can guess** this is happening by default. I’ve even commented this out but it does not appear to be working.