[wp-edu] LDAP account synchronization/Permissions for users that don't yet exist

Daniel Bachhuber d at danielbachhuber.com
Thu Apr 28 16:59:36 UTC 2016

Hey folks,

I'm working WP SAML Auth <https://github.com/pantheon-systems/wp-saml-auth/> on
behalf of Pantheon to solve exactly this problem. While it's still early
days, the plugin is functional and I'd love to hear your feedback on it.
Happy to take questions in Github issues, or schedule a demo Hangout



On Thu, Apr 28, 2016 at 9:33 AM, Michael Barnard <mbarnard at mtholyoke.edu>

> I'd love to hear if anyone else has solved this problem, too. In my
> opinion, Wordpress continues to suffer from its single-user heritage and as
> a result tends to lack a lot of the "glue" that's necessary to do
> multi-user at scale, and that problem tends to crop up often in higher-ed
> environments. I've configured Wordpress to use both LDAP and Shibboleth and
> none of the available plugins do exactly what we need all the time, so
> we've had to use a combination of custom hacks and user education ("Make
> sure the user you want to add as an author on your blog has logged in at
> least once before you try to add them") to work around these issues. If
> Wordpress had a comprehensive web service API of some sort this would be a
> pretty straightforward thing to do, but since it still doesn't, we're stuck
> with various hacks and workarounds.
> On a related note, last I looked there weren't any decent LDAP plugins
> left. The ones I found were either unmaintained or didn't provide the
> functionality I needed (which really isn't very complicated - authenticate,
> and use a few LDAP attributes to populate user data such as name,
> basically). If anyone has any suggestions for something I might have
> missed, I'd love to hear about it.
> On Thu, Apr 28, 2016 at 12:12 PM, Altgilbers, Ian M <
> Ian.Altgilbers at tufts.edu> wrote:
>> Hello all,
>> We currently use LDAP for authentication to our WordPress multi-site
>> installation, and user accounts are created when the user first logs in.
>> However, we often need to be able to add users to a site before they’ve
>> logged in.  We have been doing this via a separate custom portal that
>> creates the user accounts “as needed”, but we’re trying to retire that tool
>> and break that dependency.
>> Does anyone do any sort of account synchronization with a directory (LDAP
>> or AD)?   If not, how do/would you handle granting users access before
>> they’ve logged in?
>> Thanks,
>> Ian Altgilbers
>> Senior Systems Administrator
>> Educational Technology Services
>> Tufts Technology Services
>> Tufts University
>> Phone: 617.627.0388
>> http://it.tufts.edu/ests
>> _______________________________________________
>> wp-edu mailing list
>> wp-edu at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-edu
> _______________________________________________
> wp-edu mailing list
> wp-edu at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.automattic.com/pipermail/wp-edu/attachments/20160428/280d8fde/attachment.html>

More information about the wp-edu mailing list