Configurar LDAP y WordPress

Para que puedas auatentificar con WordPress y LDAP se agrega la función en la ruta:

/*
*Autentificación de con LDAP segun usuario
*/
add_action(‘wp_authenticate’, ‘custom_authentication’, 30, 2);
function custom_authentication($username, $password) {
$username = str_replace(“@misitio.com”, “”, $username);
if(trim($password)==”){
$password_wp=’nohay’;
}else{
$password_wp=’MICLAVECORRECTA’;
}
global $user;

session_start();
$_SESSION[‘sa’] = ”;
if(trim($username)!=” || trim($password)!=” ){
$ldap_arreglo[“valida”] = FALSE;
$ldap_servidorLdap = “tudominioldap.int”;
$ldap_puerto = ‘389’;
$ldap_dc = ‘dc=tudominioldap,dc=int’;
$ldap_arreglo = array();
$adServer = “$ldap_servidorLdap”;
$ldap = ldap_connect($adServer, $ldap_puerto);
$ldaprdn = trim($username) . ‘@’ . $ldap_servidorLdap;
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$password = iconv(“ISO-8859-1″,”UTF-8”, $password);
$bind = @ldap_bind($ldap, $ldaprdn, $password);
$user=null;
if ($bind) {
$filter = “(|(SAMAccountName=” . trim($username) . “))”;
$result = ldap_search($ldap, $ldap_dc, $filter);
ldap_sort($ldap, $result, “sn”);
$info = ldap_get_entries($ldap, $result);
$i = 0;
$ldap_arreglo[“valida”] = TRUE;
$ldap_arreglo[“nombre”] = $info[$i][“givenname”][0];
$ldap_arreglo[“apellido”] = $info[$i][“sn”][0];
$ldap_arreglo[“cedula”] = $info[$i][“postalcode”][0];
$ldap_arreglo[“correo”] = strtolower(str_replace(“SMTP:”, “”, $info[$i][“proxyaddresses”][0]));
$ldap_arreglo[“usuario”] = $info[$i][“samaccountname”][0];
$estructura = $info[$i][“dn”];
if ( $ldap_arreglo[“valida”] === TRUE ){
$ldap_arreglo[“valida”] = FALSE;
$username=’publico’;
$username = sanitize_user( $username );
$passwor_wp = trim( $password_wp );
$user = apply_filters( ‘authenticate’, null, $username, $password_wp );
if ( null == $user ) {
// TODO: What should the error message be? (Or would these even happen?)
// Only needed if all authentication handlers fail to return anything.
$user = new WP_Error( ‘authentication_failed’, __( ‘<strong>Error</strong>: Invalid username, email address or incorrect password.’ ) );
}
$ignore_codes = array( ’empty_username’, ’empty_password’ );
if ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes, true ) ) {
$error = $user;
do_action( ‘wp_login_failed’, $username, $error );
}
$_SESSION[‘sa’] = ‘publico’;
$_SESSION[‘ini’] = 1 ;
clean_user_cache($user->id);
wp_clear_auth_cookie();
wp_set_current_user( $user->id, $user->user_login );
wp_set_auth_cookie( $user->id, true, true );
update_user_caches( $user );
// return $user;
/*
if (current_user_can(‘subscriber’)) {
$redireccion=home_url();
return $redireccion;
}*/

}
}

}
return $user;
}

/*
Poner un en la pagina index Cerrar session
*/
add_action( ‘wp_logout’, ‘wp_logout_custome’ );
function wp_logout_custome() {
global $user;
error_log(‘LogOutOk’);
session_start();
wp_destroy_current_session();
wp_clear_auth_cookie();
wp_set_current_user( 0 );

$_SESSION[‘sa’]=”;
//do_action( ‘wp_logout’, $userid );
// wp_redirect( home_url() );
wp_redirect( home_url() );
exit();

}
 

/*
Quita barra a suscriptor para el personal que esta logeado
*/
add_action(‘after_setup_theme’, ‘bld_ocultar_admin_bar’);
function bld_ocultar_admin_bar() {
if (current_user_can(‘subscriber’)) {
add_filter( ‘show_admin_bar’, ‘__return_false’ );
}
}

/*
Poner un boton Salir al que esta logueado
*/
add_filter( ‘wp_nav_menu_items’, ‘wpsites_loginout_menu_link’, 10, 2);
function wpsites_loginout_menu_link( $items, $args ) {
//if ($args->theme_location == ‘primary’) {
if (current_user_can(‘subscriber’)) {
$loginout = ‘<li class=”menu-item menu-item-type-taxonomy menu-item-object-category “>’.wp_loginout(get_permalink(), false ).'</li>’;
$loginout = str_replace(‘<a’,'<a class=”menu-link elementor-item ” style=”background-color: #e7e7e7; color: black;” ‘, $loginout);
$items .= $loginout;
}
return $items;
}