Guide to Setup LDAP/Active Directory Login for Intranet Sites Premium Plugin

1. LDAP Configuration

LDAP Connection Information

• To add multiple servers, click the Add Server button on the left-hand side.



• Select Your Directory Server: Select your directory server from the dropdown.
• LDAP Server: Enter the LDAP protocol(LDAP/LDAPS), hostname or IP address of the directory server and the server port number (389/636) in the given format.
• LDAP Server Name: Here you can assign any display name to your LDAP server.
• Service Account DN: Enter the service account distinguished name. This service account will be used to establish the connection.
• Service Account Password: Enter the password of the service account mentioned above.
• Click on the Test Connection & Save button to establish the connection with your LDAP server.

LDAP User Mapping Configuration

• Search Base : Click on Possible Search Bases/Base DNs button to get a list of all OU's in the LDAP Server and select them. Alternatively, Provide the distinguished name of the Search Base object. If you have users in different locations in the directory(OU's), separate the distinguished names of the search base objects by a semi-colon(;).





• Dynamic Search Filter : You can also enable Enable Custom Search Filter to write your own custom search filter. eg. (&(|(sAMAccountName=?)(mail=?))(|(objectClass=person)(objectClass=user)))
• Username Attribute : Select the LDAP Username Attribute. You will need to enter the username during LDAP login based on the username attribute configured. eg. sAMAcoountName, mail, userPrincipalName
• Once done with the configuration, click on Save Search Filter button.

Test Authentication

• After successful user mapping configuration, you can perform test authentication to verify whether the LDAP Authentication is working fine or not.
• Enter the username and password.
• click on the Test Authentication button.



• After successfully testing the authentication, proceed to the Role Mapping tab.

2. Domain Mapping Configuration

Attribute Configuration

• For domain mapping, select Email as the LDAP Username attribute.
• Enter the Domain Name for the respective LDAP servers.
• Click on the checkbox to Enable Domain Mapping. Enabling this will authenticate the users from respective domains that you have mapped.
• Once done with the above configuration, click on the Save Configuration button.

Test Attribute Configuration

• Enter the LDAP username to test the attribute configuration.
• Click on the Test Configuration button.



• After successfully configuring the attributes, proceed to the Login Settings Tab.

3. Configure Role Mapping

LDAP Groups to WP User Role Mapping

• Enable Role Mapping : Enabling Role Mapping will automatically map Users from LDAP Groups to below selected WordPress Role. Role mapping will not be applicable for primary admin of WordPress.
• Do Not Remove Existing Roles Of Users : This feature allows you to keep the existing WordPress role and assign new WordPress roles upon ldap login.
• Enable Fetching Of Nested Groups : This feature allows to fetch the nested ldap groups from Active Directory.
• Default Role : Default role will be assigned to all users for which mapping is not specified.

Configure Role Mapping: Assign WordPress Roles Based On LDAP Security Groups:

• Click on Enable Role Mapping Based On LDAP Security Groups.
• Select the server from the dropdown.
• Enter the Search Base DN containing the LDAP security group information, and click the Show Groups button.
• You will see the list of LDAP groups, select the appropriate WordPress roles, click on the Plus button to add the LDAP security groups.
• LDAP Group Attributes Name: Specify the LDAP attribute that contains group membership information.
• Once done with all the configuration, click on the Save Mapping button to save the configuration.

Configure Role Mapping: Assign WordPress Roles Based On LDAP OU:

• Click on Enable Role Mapping Based On LDAP OU.
• Enter the LDAP OU DN to map LDAP OUs to the WordPress roles so that all users who are members of that OU will be assigned those configured roles.
• You can click on the Add More OU's to add multiple LDAP OU DNs.
• Once done with all the configuration, click on the Save Mapping button to save the configuration.

Restrict User Login by Role:

• click on the checkbox to Enable Restrict User Login by Role.
• Select the role from dropdown list to restrict the usesrs.
• Once done with the configuration, click on the Save Configuration button.

• To test the role mapping configuration enter the username and click on the Test Configuration button.

4. Configure Attribute Mapping

Attribute Configuration

• Enable Attribute Mapping : This option allows to map LDAP user attributes to WordPress user profile attributes after LDAP login.
• Enable updating information in LDAP when user edits profile : The option is visible only after the "Enable Attribute Mapping" option is enabled. This option allows you to update the user attributes in LDAP after updating WordPress user profile.
• Fill in the LDAP attribute names in appropriate fields.
• To add the custom attributes, enter the custom attribute name and click on the Save Configuration button.
• To add multiple custom attributes, click on the [+] button.

Test Attribute Configuration

• Enter the LDAP username to test the attribute configuration.
• Click on the Test Configuration button.



• After successfully configuring the attributes, proceed to the Login Settings Tab.

5. Configure Sign-In Settings

Enable login using LDAP:

• Simply click on the Enable LDAP login checkbox. This will enable the users who are present in your Active Directory to log in to your WordPress website using their LDAP credentials.
• Authenticate users from both LDAP and WordPress: This will allow users to use either of WordPress credentials or LDAP credentials.
• Enable Auto Registering users if they do not exist in WordPress: Enabling this button will allow you to auto-register the users present in your active directory into your WordPress database after they log in.
• Enable Kerberos/NTLM SSO: Enabling Kerberos/NTLM SSO will protect your website by allowing seamless Authentication via Kerberos/NTLM.
• Use the local WordPress password for the fallback login: Enabling the fallback login allows users to log in using their local WordPress password if the LDAP server is not responsive or offline.

• Protect all web pages with login: You can protect the website content by enabling this option. It will force the users to enter their LDAP credentials while accessing any page of the WordPress site.
• Add Public Pages: Enter the URLs of pages that you wish to keep publicaly accessible and click on the save button.
• Redirect after authentication: From the dropdown list select the page where you wish to redirect users after login.

6. Configuration Settings

Export Configuration

• Click on the checkbox to export service account password. (This will lead to your service account password to be exported in encrypted fashion in a file.)
• Click on the Export Configuration button to export your plugin configuration in a json file.

Import Configurations

• Click on the Choose File to choose the configuration json file to import the plugin configuration.
• Once done, click on the Import Configuration button.

7. Troubleshooting

• In the Troubleshooting tab you can find the configuration details.

8. Authentication Report

• The Authentication Report will inform you about the failed login attempts that have been made while users are trying to log in to your WordPress website. This is a useful security feature and will inform you if there have been any malicious attempts at logging into your WordPress website.
• Keep User Report table on Uninstall: Enabling this checkbox will keep the user authentication report on uninstallation of the plugin.
• Log Authentication Requests: Enabling this checkbox will display a user authentication table.