How-to: Active Directory Authentication with WordPress

Why Use Active Directory with WordPress?

I recently set up a WordPress Blog internally for our company to use over our intranet to help improve communication, collaborate, share and develop ideas, and stay informed about company announcements or current events.. etc.

One of the requirements I had was to allow authentication against our Active Directory. Yes, we operate a Windows network primarily, but you can also authenticate against other LDAP directories as well. This was important from an IT position as well as the participants of the blog. I felt people would be more likely to participate if they didn’t have to manage separate user accounts for each service on the intranet. I also set up a Wiki that is Active Directory enabled. I’ll post about that at a later time. The point is, it makes little sense to create different credentials for each user with each new service. It not only becomes a hassle for IT to track and manage the accounts, it’s also a drag for participants to keep track of and manage their username and password pairs for each service. The result would most likely lead to lack of use and that is not what we want.

Integrating the existing Active Directory accounts means that each participant can access these services using the same credentials they use to access or log into their network accounts and desktops. When time comes to change passwords, you need only to update the Active Directory account and your done. Simple! What could be better?

Starting Point

The first thing we needed to do was find out how to include AD Authentication with WordPress 2.5. There are a small number of plugins that claim to allow AD Authentication, but from what I came across, most of them were older and no longer actively maintained. But…there were two in particular that still showed signs of being actively maintained and had promise.

The first was was aptly called “Active Directory Authentication

The other plugin and the ultimately the one I managed to successfully include is wpDirAuth.

The Trials

Although I was able to get wpDirAuth to work with WordPress 2.5, there was a catch. The current “Official” release of wpDirAuth as of this writing is version 1.2 which is not compatible with WordPress 2.5 so there was some work involved to make this happen. I visited the wpDirAuth plugin page to look at the install directions. They seemed easy enough. It wasn’t until I actually installed and activated the plugin that I realized it wouldn’t work. My next stop was the support channel that the author set up to help troubleshoot install and authentication issues. It was here that I learned there was a patch already available and provided by a generous wpDirAuth user – Adam Yearout. I applied the patch and then tried to login with my network credentials again, and … No luck! By now I was scratching my head. Searching and reading all the information I could find, I finally found myself on the wpDirAuth Developer Support Channel. This was another channel set up specifically for developers. It was here that I uncovered some clues as to what was happening and a small code tweak that was necessary to overcome the problem. Apparently, the author of the plugin assumed that the login name was also the name associated with the Active Directory Account Email, which in most cases is true, but not always. For example username: johndoe would by default have an email In my case, my email and name and login name were not the same, so the logic that the plugin author used would not work. The good news is that the fix is a fairly simple one if you know where to look and the dev channel contained all the clues needed to find the info.

Setting up wpDirAuth with WordPress 2.5

For this how-to, I am using wordpress 2.5 installed on an Ubuntu 8.04 LTS server With Apache2 and PHP5. There is no GUI and I am not running an ftp server on this server so all settings and changes are completed using putty over SSL. Continue reading “How-to: Active Directory Authentication with WordPress”

Zone Alarm Plus Microsoft Update Prevents Internet Access

I received a number of call from friends, family, and clients complaining that they were unable to access the internet on Wednesday July 9th. The first one had me puzzled. Running through the typical troubleshooting process. and finally disabeling the Zone Alarm Firewall which resolved the access issues. Then the next call came in with the same issue, Then another..etc. The common factor for all these systems were that each system was was running windows XP SP2 and Zone Alarm. So What was it about Zone Alarm that all of a sudden prevented access to the internet?

The Problem

After a bit of poking, proding and searching, I came across the cause to this problem. Microsoft released a few security patches on Tuesday. One of these patches (KB951748) was released to address a DNS flaw that could lead to DNS cache poisoning. Unfortunately, the hotfix conflicts with Zone Alarm and prevents internet access. Systems that were setup to automatically download and install Windows Updates received this patch.

What I can’t believe is that I’ve seen and heard “Professional” support people actually suggest the fix is to uninstall the firewall. Seriously? Are you Kidding? That is not a solution!

Other suggestions were touninstall the hotfix. Although this would work, you might still be open to the DNS flaw and at risk. Another was to turn the firewall settings to Medium protection. Not as bad as removing the firewall, but still not really an option.

So how does one overcome this annoying issue?

Zone Labs recommended solution is to download and install a new version of Zone Alarm released to resolve this little issue.

Other less desirable and temporary options are:

Uninstall The offending Microsoft HotFix

  1. Click the “Start Menu”
  2. Click “Control Panel”, or click “Settings” then “Control Panel”
  3. Click on “Add or Remove Programs”
  4. On the top of the add/remove programs dialog box, you should see a checkbox that says “show updates”. Select this checkbox
  5. Scroll down until you see “Security update for Windows (KB951748)”
  6. Click “Remove” to uninstall the hotfix

Set Zone Alarms protection to Medium

  1. Navigate to the “ZoneAlarm Firewall” panel
  2. Click on the “Firewall” tab
  3. Move the “Internet Zone” slider to medium

Good People Rock!

Life is goodOn April 2nd, Gary Vaynerchuk (blogtwitter) was hit with a double dose of motivation, posting not one, but 2 videos. His first was a Big Giant Internet Wide Global THANK YOU!! which got him thinking about doing the right thing and helping others and just being a good person. In his own words, “We need this message of doing good and helping others”. A lot of the conversations surrounding Social Media, the internet and life in general are about how to exploit it and turn a profit, Gossip, and conroversy. Does any of that really matter? Well, enough already! Gary has made an official call to action to spend the day on 4-3-2008 spreading the love and talking about Good People!!

A Few Good Men (and Women)

Do know any good people? Spread the word, talk about them, blog about them, twitter about them, tag them. Do whatever it takes to let world know that Good People DO exist!

HTML Email vs Plain Text Email.

I was recently asked “why only allow plain text email formats for not only reading messages received, but also for our bulk outbound messages”. Apparently, some of the natives have grown restless and want to include large bold colorful type and pictures and bells and whistles with their messages. Whats the problem with that? Well, there are several.

I’m pretty sure that most people (I’m talking average people here) don’t know what HTML even means, never mind how to properly write and test it. HTML is the mark up language used for writing web pages, not email messages. It has a specific form, syntax, structure, and should conform to current standards. If not written correctly, you will experience problems of one sort or another. Then there is the problem of writing for different displays, engines, platforms etc. Each of these also introduces their own set of quirks, hacks and workarounds.

HTML email also has a history of security related vulnerabilities and issues, for example:

  • embeded content
  • scripts
  • the ability to include links whose text is different from it’s target
  • tracking and beacons

It’s no secret that Microsoft has released warnings on a number of seperate occasions stating that opening a specially crafted HTML email messages in their popular email software would lead to your system being compromised “just by opening the message”. That’s it, end of story. (this is not an invitation to bash microsoft)

HTML is also popular with SPAM and PHISING and because of that, spam filters are likely to give HTML messages a much higher SPAM score, increasing the chances of that message getting buried by a filter.

These are very generic samples and I could write pages on the subject but they also give an example of how inbound HTML can represent a security risk and how outbound messages are put at an increased risk of not reaching the target, or being unreadable.

According to RFC 2822, plain text is the default format for email and therefore is supported in all compliant readers. HTML formats however are not required to be supported. There is also an issue of non-standard support and proprietary rules among HTML rendering engines and software, which introduces compatibility issues and broken pages or layouts or even in some cases, completely blank pages.

Here’s my perspective. If the intention, and ultimately your business, is to get your message to your target or audience, don’t you want to know that they will be able to read it. Plain text gives you that guarantee. HTML is not as reliable.

So what do you think?

  • Do you prefer HTML email over Plain Text?
  • Does your company disable or limit inbound HTML email?

Wikis and Web Sites and Apps, Oh My!

I know that I’ve been a bit off when it comes to writing for this blog and I could come up with a nember of legitimate excuses..but I won’t. I’ll give just one. Truth is, I’ve been having so much fun trying out new software, applications, web sites, and other geeky stuff that I just didn’t want to stop. It’s not for lack of subject the opposite. There has been to much subject matter.

  • Installing and testing different Wikis (by the way, I really like Deki Wiki so far)
  • Signing up for and poking about on different Social Media sites and web apps.
  • Trying out different OSS alternatives to Microsoft and Windows based software
  • Experimenting with Social Media in business
  • Even writing my own .Net twitter client for windows called TwitterPatter

Honestly, there is no good reason why I couldn’t just take some time to share what I discovered or learned over the past few weeks. I sort of feel like a kid being called home at the end of a long summer day and thinking “Aw, just a little longer…??”.

How Twitter has changed my life

Yesterday morning (Feb 13/08), I attended the Social Media Breakfast 5 (SMB5) where the focus of the event was set by a single statement: “How Twitter has changed my life — and can change yours”.

The event was hosted by Bryan Person and featured presentations by:

Scott Monty @scottmonty
Laura Fitton @pistachio
Doug Haslam @dough
Jim Storer @jstorer

You can view their presentations at:

Each speaker was allowed 5 minutes to present his/her story and experience, describing how twitter has changed their life and each presented some really great thoughts. It was very interesting to see how they each made twitter work for them.

In keeping with that theme, I figured I could write a quick post to share my experience with twitter, and how it has changed my life with more of a personal twist. Continue reading “How Twitter has changed my life”

How To Set A Static IP In Ubuntu or Linux Using The Command Line

After installing Ubuntu Linux 7.10 Server Edition, I found that the IP address was assigned by DHCP served by my home router. This is fine for getting the server installed, but under most conditions, you will want to assign a static IP for your server. This Blog post will show you how to do just that. One of the issues with the Ubuntu server editions is that everything is done from a command line. There is no pretty windowed GUI.

One thing to note is that these commands need to be issued from either root or using sudo. I prefer to use the sudo su method to avoid having to type sudo each time I issue a command. (WARNING) if you do use sudo su, remember to exit the root when you are done.

In this example, I will be assigning the a static IP address of to the primary network interface on my server.
My network subnet is
My network gateway is
And my netmask is
Continue reading “How To Set A Static IP In Ubuntu or Linux Using The Command Line”

Google Preparing For a Mobile PowerPlay

Today I learned that Google is testing a new Free Mapping Service that will enable mobile phone users to determine their approximate location and retrieve mapping information without the use of GPS. Google continues to amaze me with their new products, ideas and innovation.

The details of how this all works are still unknown to me, but it has been speculated that that “general” location or area will be determined based on the closest receiving cell tower. Google has referred to this “general” location as “neighborhood-level information”. Sure, you won’t be able to get specific long/lat location, but (and this is my own speculation) you can get close enough to determine what shops, restaurants, events, etc (read consumables) are in the “general” area, and maybe develop an ad service suggesting locations of interest based on the users profile, habits, etc.. You know the typical song and dance.

Heres another hook. For all this to work, the mobile user will be required to download and install Google’s Free software on their mobile phones to use the service. Now I don’t know about you, but this is screaming “ANDROID!!!” Android is Google’s ambitious open source call to a mobile phone operating system. If your not familiar with Android, see my earlier post.

Finally, take into account Google’s announcement to bid on on wireless spectrum in the 700MHz band in late January when the U.S. Federal Communications Commission begins auctioning that resource, and things start to add up. This isin’t much of a surprise because Google had dropped some nuggets of information in the recent past showing some interest in this, but it was always unclear as to why.

Heres my take. Google has the collective resources to feel the winds of change surrounding their core internet based services. Users are not tied to their computers anymore. We are sharing information and data, collaborating across devices and platforms, making phone calls from our computers and browsing the web on our phones. Google sees the opportunity here and wants a piece – The First Piece. Traditional service providers are scrambling to change their business models to adapt to the open exchange and this is where Google has the advantage and always has. Google has developed some strong strategic alliances on the internet and mobile playing fields, and now they (Google) are putting all the pieces together. Don’t get me wrong. It won’t be easy, and there is a long road ahead for them, and many who would love to see them stumble. Either way, Google is about to shake things up.

Another example why Open Source is a good thing! (MySql + SharpDevelop)

I have some new additions and apps that I wanted to integrate into our company web (the company I work for) but this required upgrading from ASP.Net 1.1 to ASP.Net 2.0. Seems simple enough, right? I wish..!!

The site uses the MySql .NET Connector (a native ADO connector for .Net) available from MySQL AB. This worked flawlessly under the .Net 1.1 framework. I set up the 2.0 framework on our dev server and started testing the site localy to make sure all existing features and functions would still work after the switch. I am happy to announce that everything was working as expected (on the dev server). Now it was time to request the upgrade through the host. After receiving the confirmation that the request was completed, I open a browser and hit the company web. Warning Warning Error Error Error. Oh no!! What happened?

With the release of .NET 2.0, Microsoft included a new security model using a greater level of restriction. The host that is hosting our web makes use of these restriction levels and as it turns out, the .Net connector that we were using violated some .Net security and triggered a Security Exception.

Exception Details: System.Security.SecurityException: That assembly does not allow partially trusted callers.

I have to give Props to Microsoft for making the problem easy to identify. Looks like all I need to do is allow partially trusted calls from the MySql connector.

Here is where the Beauty of Open Source Software comes in.
Continue reading “Another example why Open Source is a good thing! (MySql + SharpDevelop)”

.Net Framework 2.0 installed, but ASP.NET web apps still use Version 1.1

I recently tried to run some .Net 2.0 code on my testing web server (IIS 5). Now, my server has .Net Frameworks 1.1 and 2.0 installed, but when I tried to run some 2.0 code, I got a series of errors on the page with a small line at the bottom that said the page was executing under the .net 1.1 Framework.

I thought to myself, If the 2.0 Framework is installed, why won’t it just use that. So I open up the Internet Services Manager for IIS to see if there was anything there that could help me figure this little issue out. Well, as it turns out, you need to specify what framework a web uses to execute it’s code from within the IIS Manager console. These settings are found by right clicking on the target web site in the Manager console and selecting “properties”.

Now in the properties panel, select the ASP.Net tab. In this tab view you should see a form page containing a few fields and a couple buttons. The first field at the top of the form is labeled “ASP.Net Version” and has a drop down menu containing the available installed framework versions. Select the appropriate version you want to use to process pages for the web your working in and hit the “Apply” or “OK” button. That’s all there is to it! You can also specify different Frameworks for different webs that are hosted on the same server. One of the good things about the .Net Frameworks is that they install and run independently of each other.