Decompiled

Why Use Active Directory with WordPress?

I recently set up a WordPress Blog internally for our company to use over our intranet to help improve communication, collaborate, share and develop ideas, and stay informed about company announcements or current events.. etc.

One of the requirements I had was to allow authentication against our Active Directory. Yes, we operate a Windows network primarily, but you can also authenticate against other LDAP directories as well. This was important from an IT position as well as the participants of the blog. I felt people would be more likely to participate if they didn’t have to manage separate user accounts for each service on the intranet. I also set up a Wiki that is Active Directory enabled. I’ll post about that at a later time. The point is, it makes little sense to create different credentials for each user with each new service. It not only becomes a hassle for IT to track and manage the accounts, it’s also a drag for participants to keep track of and manage their username and password pairs for each service. The result would most likely lead to lack of use and that is not what we want.

Integrating the existing Active Directory accounts means that each participant can access these services using the same credentials they use to access or log into their network accounts and desktops. When time comes to change passwords, you need only to update the Active Directory account and your done. Simple! What could be better?

Starting Point

The first thing we needed to do was find out how to include AD Authentication with WordPress 2.5. There are a small number of plugins that claim to allow AD Authentication, but from what I came across, most of them were older and no longer actively maintained. But…there were two in particular that still showed signs of being actively maintained and had promise.

The first was was aptly called “Active Directory Authentication”

The other plugin and the ultimately the one I managed to successfully include is wpDirAuth.

The Trials

Although I was able to get wpDirAuth to work with WordPress 2.5, there was a catch. The current “Official” release of wpDirAuth as of this writing is version 1.2 which is not compatible with WordPress 2.5 so there was some work involved to make this happen. I visited the wpDirAuth plugin page to look at the install directions. They seemed easy enough. It wasn’t until I actually installed and activated the plugin that I realized it wouldn’t work. My next stop was the support channel that the author set up to help troubleshoot install and authentication issues. It was here that I learned there was a patch already available and provided by a generous wpDirAuth user – Adam Yearout. I applied the patch and then tried to login with my network credentials again, and … No luck! By now I was scratching my head. Searching and reading all the information I could find, I finally found myself on the wpDirAuth Developer Support Channel. This was another channel set up specifically for developers. It was here that I uncovered some clues as to what was happening and a small code tweak that was necessary to overcome the problem. Apparently, the author of the plugin assumed that the login name was also the name associated with the Active Directory Account Email, which in most cases is true, but not always. For example username: johndoe would by default have an email johndoe@domain.com. In my case, my email and name and login name were not the same, so the logic that the plugin author used would not work. The good news is that the fix is a fairly simple one if you know where to look and the dev channel contained all the clues needed to find the info.

Setting up wpDirAuth with WordPress 2.5

For this how-to, I am using wordpress 2.5 installed on an Ubuntu 8.04 LTS server With Apache2 and PHP5. There is no GUI and I am not running an ftp server on this server so all settings and changes are completed using putty over SSL. Read more…

I received a number of call from friends, family, and clients complaining that they were unable to access the internet on Wednesday July 9th. The first one had me puzzled. Running through the typical troubleshooting process. and finally disabeling the Zone Alarm Firewall which resolved the access issues. Then the next call came in with the same issue, Then another..etc. The common factor for all these systems were that each system was was running windows XP SP2 and Zone Alarm. So What was it about Zone Alarm that all of a sudden prevented access to the internet?

The Problem

After a bit of poking, proding and searching, I came across the cause to this problem. Microsoft released a few security patches on Tuesday. One of these patches (KB951748) was released to address a DNS flaw that could lead to DNS cache poisoning. Unfortunately, the hotfix conflicts with Zone Alarm and prevents internet access. Systems that were setup to automatically download and install Windows Updates received this patch.

What I can’t believe is that I’ve seen and heard “Professional” support people actually suggest the fix is to uninstall the firewall. Seriously? Are you Kidding? That is not a solution!

Other suggestions were touninstall the hotfix. Although this would work, you might still be open to the DNS flaw and at risk. Another was to turn the firewall settings to Medium protection. Not as bad as removing the firewall, but still not really an option.

So how does one overcome this annoying issue?

Zone Labs recommended solution is to download and install a new version of Zone Alarm released to resolve this little issue.

Other less desirable and temporary options are:

Uninstall The offending Microsoft HotFix

1. Click the “Start Menu”
2. Click “Control Panel”, or click “Settings” then “Control Panel”
3. Click on “Add or Remove Programs”
4. On the top of the add/remove programs dialog box, you should see a checkbox that says “show updates”. Select this checkbox
5. Scroll down until you see “Security update for Windows (KB951748)”
6. Click “Remove” to uninstall the hotfix

Set Zone Alarms protection to Medium

1. Navigate to the “ZoneAlarm Firewall” panel
2. Click on the “Firewall” tab
3. Move the “Internet Zone” slider to medium