Serendipity Forums

We are using the LDAP Authentication plugin which has been working quite well. However, when our users change thier passwords on the LDAP server, serendipity does not show the change, but still authenticates them with the old password. I see in the plugin documentation that the ldap logins will be cached in the serendipity database framework.

How would I make the plugin authenticate against the ldap server every login?

Thanks in advance

[quote="garvinhicking"]Hi!

Sadly I only did the LDAP plugin as a "proof of concept", because I don't work with LDAP at all.

The problem is that once a user is "cached" in the s9y framework, s9y will authenticate against this single user - also because the userid must not change.

So if a login of a LDAP server uses a different username:password login, s9y will think this is a new user and will insert that new user; and not remove the old one.

So I'm afraid the plugin might need a larger tweak to not only validate a username:password, but also carry through a unique username that will also identify a s9y user, so that in LDAP authentication, the username can be reset everytime.

Username invalidation is hard to do. You'd need a cronjob or so that sets the password of every user in the s9y framework to a random string, so that old users cannot login anymore if they were removed...

So, bottom line is: Do you know some PHP, or have someone in your company that does know PHP?

Sadly this task is a bit larger than I have the free volunteer time to work on that, especially because the plugin does not touch areas I need/want myself...

Best regards,
Garvin