miniOrange LDAP Gateway must be configured with your Active Directory / LDAP Server.
miniOrange Cloud IDP IP must be whitelisted on your AD/LDAP Server.
What is miniOrange LDAP Gateway?
miniOrange LDAP Gateway is a small piece of software that can reside on a shared machine. miniOrange LDAP Gateway allows users to login to publicly/privately hosted sites using credentials stored in Active Directory, OpenLDAP and other LDAP servers. If the LDAP Server is not publicly accessible from your site, this module can be used in conjunction with the miniOrange LDAP Gateway, which is deployed at the DMZ server in the intranet.
Another benefit of this module is that multiple LDAP Configurations can be stored for multiple users of a WordPress based Shared Hosting/ Cloud Service Provider and mapping to the username can be done on the basis of the domain name.
This gateway can be deployed in your own server OR in a domain controller. All Login requests made by miniOrange LDAP/AD Shared Hosting plugin are in HTTP/HTTPS and sent to miniOrange Cloud IDP, which redirects the same to the LDAP Gateway. For more information regarding LDAP Gateway click here
When to Use miniOrange LDAP Gateway?
If your site is hosted on shared hosting platform like Bluehost, Dreamhost, Flywheel, etc and you are unable to do the following:
Installing and enabling the PHP extension.
You want to connect over LDAPs and server restart is not possible.
Then you can go with LDAP Intigration for Shared Hosting Environment Plugin. This plugin works over the HTTP API calls to miniOrange servers and from miniOrange servers to your Active Directory server. The LDAP configuration will be stored on a miniOrange cloud based identity provider.
Workflow for architecture diagram
When a WordPress User enters LDAP credentials on the Login Page of the WordPress website, miniOrange Cloud Plugin sends a HTTP/HTTPS Login Request to miniOrange Cloud IDP.
miniOrange Cloud IDP forwards this HTTP/HTTPS request to the miniOrange LDAP Gateway.
In the next step, miniOrange LDAP Gateway sends LDAP authentication requests to the LDAP/AD Server.
Once authentication is done then the LDAP response is sent from the LDAP/AD Server back to the miniOrange LDAP Gateway.
This response is forwarded from the LDAP Gateway to miniOrange Cloud IDP.
If the authorization is successful, an HTTP/HTTPS response is sent to the miniOrange Cloud Plugin and the user is Logged-In on successful authorization.
Note : All the LDAP Server information like LDAP URL, Bind Account DN, password etc are stored in miniOrange LDAP Gateway.
From the left side menu, click on External Directories.
List of all the configured User-Stores will be visible. Click on the Select link of the configuration that we setup in step 2.
Click on Select >> Make Default option from the dropdown list.
Again click on >Select >> Test-Connection from the dropdown list.
Enter the Username and Password. Click on the Test button to test the connection. On successful connection it will show a message Connection to LDAP was successful.
Configure miniOrange LDAP/AD Login for Shared Hosting Plugin
Step 1: Register/Login with miniOrange
Login into wordPress and open the LDAP/AD Login for Shared Hosting Plugin.Click on Register or Login with miniOrange.
Click on already have an account button.
Enter user Email and Password and click on login button.
Step 2: Plugin Configuration
Now the user is logged into its miniOrange account. Click on the Plugin Configuration button to configure the plugin.
Select Use miniOrange LDAP Gateway and enter the username and password. Click on the Test Authentication button to test user authentication.
On successful authentication the following message will be shown.
Step 3: Role Mapping
Click on Role Mapping.
Enter LDAP Group Name and select WordPress Role from the dropdown list.
Enter LDAP Group Attributes Name.
Check Enable Role Mapping.
Click on Save Mapping button.
Test Roll Mapping Configuration
To test role mapping configuration, enter Username
Click on Test Configuration button.
If configuration is successful Test Successful popup will be shown.
Step 4: Attribute Mapping
Click On Attribute Mapping.
To add Custom Attributes enter the attribute name in Custom Attribute Name field.
To add more custom attributes click on the + button.
Click on Save Configuration button to save the attributes.
To enable the added attributes check the Enable Attribute Mapping button.
Step 5: Setup Sign-In Settings
To configure enable login using LDAP settings to login in WordPress site with LDAP credentials, click on Sign-In Settings.
Enable LDAP login: This option is disabled by default. You can enable LDAP login once you are done with the "Test Connection & Save" in LDAP Connection Information.
Authenticate users from both LDAP and WordPress: This option allows users to use either of WordPress credentials or LDAP credentials to login in WordPress site.
Redirect after authentication: By default it is "None". You can select redirect option for users after login into wordpress site to "Home Page", "Profile Page", "Custom Page".
Enable Auto Registering users if they do not exist in WordPress: This option is enabled by default and allow the users to register in WordPress after they login into the WordPress site with LDAP credentials.
Protect all website content by login: You can protect the website contents by enabling this option. The users will need to enter their LDAP credentials while accessing any page of WordPress site.
Need Help? We are right here!
Contact miniOrange Support
Thanks for your inquiry.
If you dont hear from us within 24 hours, please feel free to send a follow up email to firstname.lastname@example.org