Guide to Setup LDAP/Active Directory Login for Intranet Sites Premium Plugin

Overview

LDAP/Active Directory Login for Intranet Sites Premium Plugin provides login to WordPress using credentials stored in your LDAP Server. It allows users to authenticate against various LDAP implementations like Microsoft Active Directory, OpenLDAP and other directory systems.

1. Download And Install

• Login to your miniOrange Admin Console using the account you used to make the payment.



• Go to License section and click on Manage License.



• Go to Releases and downloads section to download the plugin/add-on.



• After downloading the plugin goto WordPress dashboard and then click on Plugins >> Add New.



• Click on Upload Plugin and choose the downloaded plugins zip.





• After installing the plugin, activate the plugin from Plugins page.



• The miniOrange LDAP/AD Login for Intranet Sites Premium Plugin will appear on the left-hand panel once the plugin has been activated.

2. Setup miniOrange LDAP/AD Login for Intranet Sites Premium Plugin

To activate the licence key in the plugin, follow the instructions below:

• Click on Login with miniOrange account to configure the plugin.



• Enter your miniOrange account credentials which you have used at the time of the plugin purchase and then click on the Verify button.





Note: To get license key, login to your miniOrange Admin Console, goto License >> Manage License. Click on the View License Key button and then Copy the license key.



• Enter the license key in the License Key text field and then click on the Activate License button.



• Once the license is activated successfully. You can now proceed with the plugin configuration.

LDAP User Mapping Configuration

• Search Base : Click on Possible Search Bases/Base DNs button to get a list of all OU's in the LDAP Server and select them. Alternatively, Provide the distinguished name of the Search Base object. If you have users in different locations in the directory(OU's), separate the distinguished names of the search base objects by a semi-colon(;).



• Username Attribute : Select the LDAP Username Attribute. You will need to enter the username during LDAP login based on the username attribute configured. eg. sAMAcoountName, mail, userPrincipalName
• Dynamic Search Filter : You can also enable Enable Custom Search Filter to write your own custom search filter. eg. (&(objectClass=*)(mail=?)), (&(objectClass=*)(|(samaccountname=?)(mail=?)))
• Once done with the configuration, click on Save Search Filter button.

Test Authentication

• After successful user mapping configuration, you can perform test authentication to verify whether the LDAP Authentication is working fine or not.
• Enter the username and password.
• click on the Test Authentication button.

• After successfully testing the authentication, proceed to the Role Mapping tab.

3. Configure Role Mapping

LDAP Groups to WP User Role Mapping

• Enable Role Mapping : Enabling Role Mapping will automatically map Users from LDAP Groups to below selected WordPress Role. Role mapping will not be applicable for primary admin of WordPress.
• Do Not Remove Existing Roles Of Users : This feature allows you to keep the existing WordPress role and assign new WordPress roles upon ldap login.
• Enable Fetching Of Nested Groups : This feature allows to fetch the nested ldap groups from Active Directory.
• Default Role : Default role will be assigned to all users for which mapping is not specified.

Configure Role Mapping: Assign WordPress Roles Based On LDAP Security Groups:

• Click on Enable Role Mapping Based On LDAP Security Groups.
• Enter the Search Base DN containing the LDAP security group information, and Click the Show Groups button.
• You will see the list of LDAP groups, select the appropriate WordPress roles, click on the plus button to add the LDAP security groups.
• LDAP Group Attributes Name: Specify the LDAP attribute that contains group membership information.
• Once done with all the configuration, click on the Save Mapping button to save the configuration.

Configure Role Mapping: Assign WordPress Roles Based On LDAP Security Groups:

• Click on Enable Role Mapping Based On LDAP OU.
• Enter the LDAP OU DN to map LDAP OUs to the WordPress roles so that all users who are members of that OU will be assigned those configured roles.
• You can click on the Add More OU's to add multiple LDAP OU DNs.
• Once done with all the configuration, click on the Save Mapping button to save the configuration.

Restrict User Login by Role:

• click on the checkbox to Enable Restrict User Login by Role.
• Select the role from dropdown list to restrict the usesrs.
• Once done with the configuration, click on the Save Configuration button.

• To test the role mapping configuration enter the username and click on the Test Configuration button.

4. Configure Attribute Mapping

Attribute Configuration

• Enable Attribute Mapping : This option allows to map LDAP user attributes to WordPress user profile attributes after LDAP login.
• Enable updating information in LDAP when user edits profile : The option is visible only after the "Enable Attribute Mapping" option is enabled. This option allows you to update the user attributes in LDAP after updating WordPress user profile.
• Fill in the LDAP attribute names in appropriate fields.
• To add the custom attributes, enter the custom attribute name and click on the Save Configuration button.
• To add multiple custom attributes, click on the [+] button.

Test Attribute Configuration

• Enter the LDAP username to test the attribute configuration.
• Click on the Test Configuration button.

• After successfully configuring the attributes, proceed to the Login Settings Tab.

5. Configure Sign-In Settings

Enable login using LDAP:

• Simply click on the Enable LDAP login checkbox. This will enable the users who are present in your Active Directory to log in to your WordPress website using their LDAP credentials.
• Authenticate users from both LDAP and WordPress: This will allow users to use either of WordPress credentials or LDAP credentials.
• Enable Auto Registering users if they do not exist in WordPress: Enabling this button will allow you to auto-register the users present in your active directory into your WordPress database after they log in.
• Enable Kerberos/NTLM SSO: Enabling Kerberos/NTLM SSO will protect your website by allowing seamless Authentication via Kerberos/NTLM.
• Use the local WordPress password for the fallback login: Enabling the fallback login allows users to log in using their local WordPress password if the LDAP server is not responsive or offline.

• Protect all web pages with login: You can protect the website content by enabling this option. It will force the users to enter their LDAP credentials while accessing any page of the WordPress site.
• Add Public Pages: Enter the URLs of pages that you wish to keep publicaly accessible and click on the save button.
• Redirect after authentication: From the dropdown list select the page where you wish to redirect users after login.

6. Configuration Settings

Export Configuration

• Click on the checkbox to export service account password. (This will lead to your service account password to be exported in encrypted fashion in a file.)
• Click on the Export Configuration button to export your plugin configuration in a json file.

Import Configurations:

• Click on the Choose File to choose the configuration json file to import the plugin configuration.
• Once done, click on the Import Configuration button.

7. Troubleshooting

• In the Troubleshooting tab you can find the configuration details.

8. Authentication Report

• The Authentication Report will inform you about the failed login attempts that have been made while users are trying to log in to your WordPress website. This is a useful security feature and will inform you if there have been any malicious attempts at logging into your WordPress website.
• Keep User Report table on Uninstall: Enabling this checkbox will keep the user authentication report on uninstallation of the plugin.
• Log Authentication Requests: Enabling this checkbox will display a user authentication table.