Setup LDAP/Active Directory Login for Intranet Sites in Multisite Environment

The miniOrange WP LDAP/AD Login for Intranet sites plugin allows you to login into a WordPress website using the credentials which are stored in your LDAP/Active Directory. The LDAP Authentication process can be performed on various LDAP servers such as Microsoft Active Directory, Azure AD, OpenLDAP, FreeIPA, JumpCloud and more.

Requirements:

1. Compatible with WordPress version 5.0 or higher.
2. Compatible with PHP version 5.2.0 or higher.

Download and Install:

• Log in to login.xecurify.com login.xecurify.com

• On the Xecurify dashboard, you will see a navigation section on the left. Click on License >> Manage Licenses.

• In the manage licenses tab click on the Releases and Downloads tab.
• From the xecurify dashboard download the plugin.

• Go to the plugins section in the WordPress dashboard and click on the Add New button.

• Click on the Upload Plugin button.

• Click on the choose file button to select the downloaded plugin file.
• Once done, click on the Install button.

• Click on the Activate Network button.

Plugin Configuration:

• Click on login with miniOrange.

• Enter Email And Password and click on the Login Button.

• Enter the license key and click on the Activate button.

• Once done, you will be redirected to the Configure Subsites tab.

Configure Subsites

• Select the subsites from the dropdown and click on the Save button.


Note: Private sites will not be visible. Make sure to make your sites public before configuration.

• Once done click on the LDAP Configuration Tab.

LDAP Configuration:

LDAP Connection Information:

• Select Your Directory Server : Select your directory server from the dropdown.
• LDAP Server : Select the directory server protocol (LDAP/LDAPS) from the dropdown and then enter the hostname or IP address of the directory server. Select the server port number (389/636).
• Username : Enter the service account username.
• Password : Enter the password of the service account username.
• Click on the Test Connection & Save button to establish the connection with your LDAP server.

LDAP User Mapping Configuration:

• Search Base : Click on the Possible Search Bases / Base DNs button to see the list of possible search base(s) DNs and select the preferred search base from the list. You can also manually enter the search base if you want.
• Username Attribute : Select the LDAP Username Attribute from the dropdown. This will be the username for the LDAP users that log in to the WordPress website. You can also enter a custom LDAP Username Attribute by selecting the last option (Provide custom LDAP Attribute name).
• Click on the Save User Mapping button.

Test Authentication:

• Test Authentication : Enter the username & password of any LDAP user that exists in the configured search base and test the LDAP configuration.
• Click on the Test Authentication button.

Setup Sign-In Settings:

• Enable LDAP Login: This will enable the users who are present in your Active Directory to log in to your WordPress website using their LDAP credentials.
• Click on the checkboxes in front of the subsites as given in the table to login the user into WordPress.
1. Local WordPress Login: Login with only WordPress credentials.
2. LDAP Only Login: Login with only LDAP credentials.
3. Local WordPress + LDAP Login: Login with both local WordPress and LDAP credentials.
• Click on the Save button.


• Redirect After Authentication: By default, it is set to "None". You can redirect users after they login into the WordPress site to a "Home Page", "Profile Page" or even a "Custom Page".
• Enable Auto Registering users if they do not exist in WordPress: This option is enabled by default and allows the users to get registered on the WordPress site after they log in with the LDAP credentials.
• Protect all website content by login: You can protect the website content by enabling this option. It will force the users to enter their LDAP credentials while accessing any page of the WordPress site.

Setup Role Mapping:

LDAP Groups to WP User Role Mapping:

Note: Roles will be assigned only to non-admin users.

• Select Your Site: Select the site that you want to assign the WordPress roles to.
• Click on the Checkbox if you do not wish to auto create users if roles are not mapped here.
• Default Role: The default role is Subscriber, you can select any default role from the dropdown list.
• In front of the WordPress Roles enter the LDAP Groups to assign the roles to the users. You can add multiple groups separated with semicolons (;).
• Click on the Save Mapping button.

Test Role Mapping Configuration:

• Enter the LDAP username and click on the Test Configuration button.

LDAP Groups to WP User Role Mapping:

• Enable Role Mapping: Click on the Enable Role Mapping checkbox to enable the WordPress user role mapping.
• Do not remove existing roles of users: If you do not wish to override the existing WordPress user roles click on this checkbox. The new user roles will be added to the user.
• Enable fetching of nested groups: Click on this checkbox to enable fetching of the nested groups.
• LDAP Group Attributes Name: Enter the attribute that stores group names to which LDAP user belongs.
• Click on the Save button.

Setup Attribute Mapping

Attribute Configuration:

• Enter the LDAP attribute names for given attributes.

Add Custom Attributes:

• Enter the LDAP attributes which you want to include in the user profile. Click on the [+] button to enter multiple attributes.
• Click on the Save Configuration button to save the attributes.

Test Attribute Configuration:

• Enter the LDAP username to test the attribute configuration.
• Click on the Test Configuration button to test the LDAP user attributes.

Attribute Configuration:

• Enable Attribute Mapping: Click on the checkbox to enable the attribute mapping.
• Enable updating information in LDAP when user edits profile: Click on the checkbox to enable the updating of information in LDAP when user edits the profile in WordPress. (To use this you must have the LDAPS connection).

Configuration Settings

Export Configurations

• Click on the Export Service Account Password checkbox to export your service account password in an encrypted format in a file.
• Click on the Export Configuration button to export the plugin configuration.

Import Configurations

• This feature is useful when you want to transfer your plugin's configuration from your older WordPress instance to a newer one.
• Click on the Choose File button to select the exported configuration file.
• Once done, click on the Import Configuration button.

Authentication Report

User Report

The Authentication Report will inform you about the failed login attempts that have been made while users are trying to log in to your WordPress website. This is a useful security feature and will inform you if there have been any malicious attempts at logging into your WordPress website.

• Keep User Report Table on Uninstall: Enabling this checkbox allows you to save the User report table on uninstallation of the plugin.
• Log Authentication Requests: Enabling this checkbox allows you to view the failed user authentication logs.