Guide to Setup Intranet Multiple Directories Premium Plugin

The miniOrange Active Directory Integration / LDAP Integration Plugin allows you to log in/authenticate into your WordPress website using the credentials present in your active directory. You can map the attributes present in your active directory to the user profile attributes present in WordPress and assign WordPress roles to your users.
The premium version of our LDAP plugin also supports an array of add-ons that enhance the functionality of the plugin such as autologging users using the Kerberos / NTLM SSO Authentication add-on, importing users from your LDAP active directory to your WordPress website and vice versa using the Directory Sync Add-on, syncing your LDAP active directory profile picture to your WordPress profile picture using the Profile Picture Sync Add-on, restricting access to specific pages for certain WordPress groups using the Page Post Restriction Add-on, Integrations with all the major third party add-ons and many more.

Requirements:

1. Compatible with WordPress version 5.0 or higher.
2. Compatible with PHP version 5.2.0 or higher.

Download And Install

• Log in to login.xecurify.com login.xecurify.com

• On the Xecurify dashboard, you will see a navigation section on the left. Click on License >> Manage Licenses.

• In the manage licenses tab click on the Releases and Downloads tab.
• From the xecurify dashboard download the plugin / Add-On.

• Go to the plugins section in the WordPress dashboard and click on the Add New button.

• Click on the Upload Plugin button.

• Click on the choose file button to select the downloaded plugin / Add-On .zip file.
• Once done, click on the Install button.

• Click on the Activate button to activate the add-On.

Activate the licence key

• Follow the steps below to activate the licence key in the plugin:
• Login into wordPress and open the LDAP/Active Directory Login for Intranet Sites plugin. Click on Register or Login with miniOrange.

• Click the Verify button after entering the miniOrange username and password you used to purchase the plugin.

• Go in to your miniOrange Admin Console and select License > Manage License to obtain the licence key. Now click on the View License Key button. You will be redirected to a page where you can see all the license keys associated with your account.
• Enter the license key in the License Key field and click on the Activate License button.

• Once the license is verified, You can now proceed to the plugin setup.

LDAP Connection Information:

• Select Your Directory Server: Select your directory server from the dropdown.
• LDAP Server: Enter the LDAP protocol(LDAP/LDAPS), hostname or IP address of the directory server and the server port number (389/636) in the given format.
  Example: ldap://<server_address or IP>:<port>
• LDAP Server Name: Here you can assign any display name to your LDAP server.
• Service Account DN: Enter the service account distinguished name. This service account will be used to establish the connection.
• Service Account Password: Enter the password of the service account mentioned above.
• Click on the Test Connection & Save button to establish the connection with your LDAP server.

LDAP User Mapping Configuration:

• Search Base: Click on the Possible Search Bases / Base DNs button to see the list of possible search base(s) DNs and select the preferred search base from the list. You can also manually enter the search base if you want.
• Search Conditions: Click on the switch to enter any custom search attribute. You can add many search filter conditions here.
• Username Attribute: Enter any username attribute (sAmAccountName, mail, cn, userPrincipalName). This username attribute will be used to login the LDAP users into the WordPress site.
• Once done with the above configuration steps, clcik on the Save Search Filter button.

Test Authentication:

• Enter the Username & Password of any ldap user that exists in the configured serach base.
• Click on the Test Authentication button.

Sign-In Settings

• Enable LDAP Login: Click on the enable LDAP login checkbox to enable the LDAP login. This will enable the users who are present in your Active Directory to log in to your WordPress website using their LDAP/Active Directory credentials.
• Authenticate users from both LDAP and WordPress: This option allows users to use either of WordPress credentials or LDAP credentials to login in WordPress site.

1. Only Administrators: All LDAP/Active Directory users and only WordPress admin users will be authenticated.
2. All Users: All the users from active directory as well as WordPress will be authenticated.
3. None: Only LDAP/Active Directory Users will be authenticated.

• Redirect after authentication: Choose the options you wish to use from the dropdown to redirect users after they log in.
• Enable Auto Registering users if they do not exist in WordPress: Enabling this option will automatically register LDAP/Active Directory users if they do not exist in the WordPress.
• Protect all website content by login: You can protect the website contents by enabling this option. The users will need to enter their LDAP credentials while accessing any page of WordPress site.
\

Multiple Directories

Add New LDAP Server:

• LDAP Server: Enter the LDAP protocol(LDAP/LDAPS), hostname or IP address of the directory server and the server port number (389/636) in the given format.
  Example: ldap://<server_address or IP>:<port>
• Service Account DN: Enter the service account distinguished name. This service account will be used to establish the connection.
• Service Account Password: Enter the password of the service account mentioned above.
• LDAP Server Name: Here you can assign any display name to your LDAP server.
• Search Base: Click on the Possible Search Bases / Base DNs button to see the list of possible search base(s) DNs and select the preferred search base from the list. You can also manually enter the search base if you want.
• Search Conditions: Click on the switch to enter any custom search attribute. You can add many search filter conditions here.
• Username Attribute: Enter any username attribute (sAmAccountName, mail, cn, userPrincipalName). This username attribute will be used to login the LDAP users into the WordPress site.
• Click on the Test Connection & Save button to establish the connection with your LDAP server.

• On successfully adding the LDAP Server, It will be displayed in the LDAP Directories section. In this section you can Edit and Delete the LDAP server.

Domain Mapping

• Click on the checkbox to Enable Domain Mapping. Enabling this will authenticate the users from respective domains that you have mapped.
• Enter the Domain Name and Display Name for the respective LDAP servers.
• Once done with the above configuration, click on the Save Configuration button.

Role Mapping

LDAP Groups to WP User Role Mapping:

• Default Role: From the dropdown choose a role that will be assigned to all users for which mapping is not specified. This will be the default role for the user.
• Enable Role Mapping: Enabling Role Mapping will automatically map Users from LDAP Groups to below selected WordPress Role. Role mapping will not be applicable for primary admin of WordPress.
• Do not remove existing roles of users: Existing role of the user will not be removed. New roles will be added to the user.
• Enter the LDAP Group Name and select the WordPress Role. The WordPress role will be assigned to the users that are present in the mentioned LDAP group on login.
• If you wish to add multiple LDAP groups, simpally click on the Add More Mapping.
• LDAP Group Attributes Name: Specify the LDAP groups attributes name. Default attribute name is memberOf.

Test Role Mapping Configuration:

• Enter the LDAP username to test role mapping configuration.
• Click on the Test Configuration button.

Setup Attribute Configuration

• Enable Attribute Mapping: Click on the checkbox to enable the attribute mapping.
• Enter the LDAP attribute names for Email, Phone, First Name, Last Name and Nickname attributes.
• From the dropdown list select the display name attribute.
• Enter the Custom Attribute name to include in the user profile.
• Click on the "[+]" button to add more custom attributes.
• Once done, click on the Save Configuration button.

Test Attribute Configuration

• Enter LDAP username to test attribute configuration.
• Click on the Test Configuration button.

Configuration Settings

This tab will help you to transfer your plugin configurations when you change your WordPress instance.

Export Configurations:

• Export Service Account password: Enabling this checkbox will allow you to export the service account password in an encrypted form.
• Click on the Export Configuration button to export the plugin configuration in a json file.

Import Configurations:

This tab will help you to transfer your plugin configurations from your older WordPress instance.

• Choose File: Click on the Choose File button to upload the configuration file.
• Once done, click on the Import Configuration button.

Authentication Report

User Report:

The Authentication Report will inform you about the failed login attempts that have been made while users are trying to log in to your WordPress website. This is a useful security feature and will inform you if there have been any malicious attempts at logging into your WordPress website.

• Keep User Report table on Uninstall: Enabling this checkbox will allow you to keep user report table on uninstall.
• Log Authentication Requests: Enabling this checkbox, you can track failed user login attrmpts.

Feature Request

• Write your query in the checkbox.
• Once done, Click on the Submit Query button.