Setup LDAP/Active Directory Login for Intranet Sites in Multisite Environment
The miniOrange WP LDAP/AD Login for Intranet sites plugin allows you to login into a WordPress website using the credentials which are stored in your LDAP/Active Directory. The LDAP Authentication process can be performed on various LDAP servers such as Microsoft Active Directory, Azure AD, OpenLDAP, FreeIPA, JumpCloud and more.
On the Xecurify dashboard, you will see a navigation section on the left. Click on License >> Manage Licenses.
In the manage licenses tab click on the Releases and Downloads tab.
From the xecurify dashboard download the plugin.
Go to the plugins section in the WordPress dashboard and click on the Add New button.
Click on the Upload Plugin button.
Click on the choose file button to select the downloaded plugin file.
Once done, click on the Install button.
Click on the Activate Network button.
Click on login with miniOrange.
Enter Email And Password and click on the Login Button.
Enter the license key and click on the Activate button.
Once done, you will be redirected to the Configure Subsites tab.
Select the subsites from the dropdown and click on the Save button.
Note: Private sites will not be visible. Make sure to make your sites public before configuration.
Once done click on the LDAP Configuration Tab.
LDAP Connection Information:
Select Your Directory Server : Select your directory server from the dropdown.
LDAP Server : Select the directory server protocol (LDAP/LDAPS) from the dropdown and then enter the hostname or IP address of the directory server. Select the server port number (389/636).
Username : Enter the service account username.
Password : Enter the password of the service account username.
Click on the Test Connection & Save button to establish the connection with your LDAP server.
LDAP User Mapping Configuration:
Search Base : Click on the Possible Search Bases / Base DNs button to see the list of possible search base(s) DNs and select the preferred search base from the list. You can also manually enter the search base if you want.
Username Attribute : Select the LDAP Username Attribute from the dropdown. This will be the username for the LDAP users that log in to the WordPress website. You can also enter a custom LDAP Username Attribute by selecting the last option (Provide custom LDAP Attribute name).
Click on the Save User Mapping button.
Test Authentication : Enter the username & password of any LDAP user that exists in the configured search base and test the LDAP configuration.
Click on the Test Authentication button.
Setup Sign-In Settings:
Enable LDAP Login: This will enable the users who are present in your Active Directory to log in to your WordPress website using their LDAP credentials.
Click on the checkboxes in front of the subsites as given in the table to login the user into WordPress.
Local WordPress Login: Login with only WordPress credentials.
LDAP Only Login: Login with only LDAP credentials.
Local WordPress + LDAP Login: Login with both local WordPress and LDAP credentials.
Click on the Save button.
Redirect After Authentication: By default, it is set to "None". You can redirect users after they login into the WordPress site to a "Home Page", "Profile Page" or even a "Custom Page".
Enable Auto Registering users if they do not exist in WordPress: This option is enabled by default and allows the users to get registered on the WordPress site after they log in with the LDAP credentials.
Protect all website content by login: You can protect the website content by enabling this option. It will force the users to enter their LDAP credentials while accessing any page of the WordPress site.
Setup Role Mapping:
LDAP Groups to WP User Role Mapping:
Note: Roles will be assigned only to non-admin users.
Select Your Site: Select the site that you want to assign the WordPress roles to.
Click on the Checkbox if you do not wish to auto create users if roles are not mapped here.
Default Role: The default role is Subscriber, you can select any default role from the dropdown list.
In front of the WordPress Roles enter the LDAP Groups to assign the roles to the users. You can add multiple groups separated with semicolons (;).
Click on the Save Mapping button.
Test Role Mapping Configuration:
Enter the LDAP username and click on the Test Configuration button.
LDAP Groups to WP User Role Mapping:
Enable Role Mapping: Click on the Enable Role Mapping checkbox to enable the WordPress user role mapping.
Do not remove existing roles of users: If you do not wish to override the existing WordPress user roles click on this checkbox. The new user roles will be added to the user.
Enable fetching of nested groups: Click on this checkbox to enable fetching of the nested groups.
LDAP Group Attributes Name: Enter the attribute that stores group names to which LDAP user belongs.
Click on the Save button.
Setup Attribute Mapping
Enter the LDAP attribute names for given attributes.
Add Custom Attributes:
Enter the LDAP attributes which you want to include in the user profile. Click on the [+] button to enter multiple attributes.
Click on the Save Configuration button to save the attributes.
Test Attribute Configuration:
Enter the LDAP username to test the attribute configuration.
Click on the Test Configuration button to test the LDAP user attributes.
Enable Attribute Mapping: Click on the checkbox to enable the attribute mapping.
Enable updating information in LDAP when user edits profile: Click on the checkbox to enable the updating of information in LDAP when user edits the profile in WordPress. (To use this you must have the LDAPS connection).
Click on the Export Service Account Password checkbox to export your service account password in an encrypted format in a file.
Click on the Export Configuration button to export the plugin configuration.
This feature is useful when you want to transfer your plugin's configuration from your older WordPress instance to a newer one.
Click on the Choose File button to select the exported configuration file.
Once done, click on the Import Configuration button.
The Authentication Report will inform you about the failed login attempts that have been made while users are trying to log in to your WordPress website. This is a useful security feature and will inform you if there have been any malicious attempts at logging into your WordPress website.
Keep User Report Table on Uninstall: Enabling this checkbox allows you to save the User report table on uninstallation of the plugin.
Log Authentication Requests: Enabling this checkbox allows you to view the failed user authentication logs.
Need Help? We are right here!
Contact miniOrange Support
Thanks for your inquiry.
If you dont hear from us within 24 hours, please feel free to send a follow up email to email@example.com
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.