Setup On Premise LDAP Gateway and Plugin
Overview
The miniOrange LDAP Gateway enables users to log in to both publicly and privately hosted sites using credentials stored in Active Directory, OpenLDAP, or other LDAP servers. This guide provides instructions for configuring the miniOrange LDAP/AD Login for Shared Hosting Plugin with the miniOrange On-Premise LDAP Gateway.
Pre-Requisites
- miniOrange LDAP/AD Login for Shared Hosting Plugin must be already installed and configured.
- miniOrange LDAP Gateway must be configured with your Active Directory / LDAP Server.
- miniOrange Cloud IDP IP must be whitelisted on your AD/LDAP Server.
What is miniOrange LDAP Gateway?
-
miniOrange LDAP Gateway is a small piece of software that can reside on a shared machine. miniOrange LDAP Gateway allows users to login to publicly/privately hosted sites using credentials stored in Active Directory, OpenLDAP and other LDAP servers. If the LDAP Server is not publicly accessible from your site, this module can be used in conjunction with the miniOrange LDAP Gateway, which is deployed at the DMZ server in the intranet.
Another benefit of this module is that multiple LDAP Configurations can be stored for multiple users of a WordPress based Shared Hosting/ Cloud Service Provider and mapping to the username can be done on the basis of the domain name. This gateway can be deployed in your own server OR in a domain controller. All Login requests made by miniOrange LDAP/AD Shared Hosting plugin are in HTTP/HTTPS and sent to miniOrange Cloud IDP, which redirects the same to the LDAP Gateway. For more information regarding LDAP Gateway click here
When to Use miniOrange LDAP Gateway?
-
If your site is hosted on shared hosting platform like Bluehost, Dreamhost, Flywheel, etc and you are unable to do the following:
- Installing and enabling the PHP extension.
- You want to connect over LDAPs and server restart is not possible.
- When a WordPress User enters LDAP credentials on the Login Page of the WordPress website, miniOrange Cloud Plugin sends a HTTP/HTTPS Login Request to miniOrange Cloud IDP.
- miniOrange Cloud IDP forwards this HTTP/HTTPS request to the miniOrange LDAP Gateway.
- In the next step, miniOrange LDAP Gateway sends LDAP authentication requests to the LDAP/AD Server.
- Once authentication is done then the LDAP response is sent from the LDAP/AD Server back to the miniOrange LDAP Gateway.
- This response is forwarded from the LDAP Gateway to miniOrange Cloud IDP.
- If the authorization is successful, an HTTP/HTTPS response is sent to the miniOrange Cloud Plugin and the user is Logged-In on successful authorization.
Workflow for architecture diagram
Note: All the LDAP Server information like LDAP URL, Bind Account DN, password etc are stored in miniOrange LDAP Gateway.
To setup miniOrange LDAP Gateway click here.
Connect miniOrange Cloud to Gateway
Step 1: Login into miniOrange Gateway
- Login into Xecurify.com using your registered login credentials.
Step 2: Connect miniOrange Cloud to Gateway
- Login to miniOrange dashboard from the Admin Console.
- From the left side menu, click on External Directories >> Add Directory.
- Select User Store type as AD/LDAP.
- Select the STORE LDAP CONFIGURATION ON PREMISE option.
- Enable the I have downloaded, installed and configured the miniOrange gateway checkbox.
- Enter the LDAP Display Name and LDAP Identifier name.
- Select Directory Type as Active Directory.
- Configure the Gateway URL. Select the appropriate protocol, either HTTP or HTTPS from the dropdown and configure the public url of the deployed Gateway. Eg:localhost:8080/miniorangegateway.
- Enable Activate LDAP checkbox.
- Click on Save.
Step 3: Test Connection From Cloud to AD
- Login to miniOrange dashboard from the Admin Console.
- From the left side menu, click on External Directories.
- List of all the configured User-Stores will be visible. Click on the Select link of the configuration that we setup in step 2.
- Click on Select >> Make Default option from the dropdown list.
- Again click on Select >> Test-Connection from the dropdown list.
- Enter the Username and Password. Click on the Test button to test the connection. On successful connection it will show a message Connection to LDAP was successful.
Configure miniOrange LDAP/AD Login for Shared Hosting Plugin
Step 1: Register/Login with miniOrange
- Login into wordPress and open the LDAP/AD Login for Shared Hosting Plugin.Click on Register or Login with miniOrange.
- Click on already have an account button.
- Enter user Email and Password and click on login button.
Step 2: Plugin Configuration
- Now the user is logged into its miniOrange account. Click on the Plugin Configuration button to configure the plugin.
- Select Use miniOrange LDAP Gateway and enter the username and password. Click on the Test Authentication button to test user authentication.
- On successful authentication the following message will be shown.
Step 3: Role Mapping
- Click on Role Mapping.
- Enter LDAP Group Name and select WordPress Role from the dropdown list.
- Enter LDAP Group Attributes Name.
- Check Enable Role Mapping.
- Click on Save Mapping button.
- To test role mapping configuration, enter Username.
- Click on Test Configuration button.
- If configuration is successful Test Successful popup will be shown.
Test Roll Mapping Configuration
Step 4: Attribute Mapping
- Click On Attribute Mapping.
- To add Custom Attributes enter the attribute name in Custom Attribute Name field.
- To add more custom attributes click on the + button.
- Click on Save Configuration button to save the attributes.
- To enable the added attributes check the Enable Attribute Mapping button.
Step 5: Setup Sign-In Settings
- To configure enable login using LDAP settings to login in WordPress site with LDAP credentials, click on Sign-In Settings.
- Enable LDAP login: This option is disabled by default. You can enable LDAP login once you are done with the "Test Connection & Save" in LDAP Connection Information.
- Authenticate users from both LDAP and WordPress: This option allows users to use either of WordPress credentials or LDAP credentials to login in WordPress site.
- Redirect after authentication: By default it is "None". You can select redirect option for users after login into wordpress site to "Home Page", "Profile Page", "Custom Page".
- Enable Auto Registering users if they do not exist in WordPress: This option is enabled by default and allow the users to register in WordPress after they login into the WordPress site with LDAP credentials.
- Protect all website content by login: You can protect the website contents by enabling this option. The users will need to enter their LDAP credentials while accessing any page of WordPress site.