LDAP/AD Integration for Intranet Sites | LDAP Authentication for WordPress

Overview

The miniOrange Active Directory Integration / LDAP Integration Plugin allows you to log in/authenticate into your WordPress website using the credentials present in your active directory. You can map the attributes present in your active directory to the user profile attributes present in WordPress and assign WordPress roles to your users.

The premium version of our LDAP plugin also supports an array of add-ons that enhance the functionality of the plugin such as autologging users using the Kerberos / NTLM SSO Authentication add-on, importing users from your LDAP active directory to your WordPress website and vice versa using the Directory Sync Add-on, syncing your LDAP active directory profile picture to your WordPress profile picture using the Profile Picture Sync Add-on, restricting access to specific pages for certain WordPress groups using the Page Post Restriction Add-on, Integrations with all the major third party add-ons and many more.

Requirements

• Compatible with WordPress version 5.0 or higher.
• Compatible with PHP version 5.2.0 or higher.

1. Download And Install

Download from WordPress Marketplace:

• From your WordPress dashboard click on Plugins >> Add New



• Search for "miniOrange LDAP". Install the Active Directory Integration / LDAP Integration plugin.



• Once the installation is done, click on the Activate button to activate the plugin.

Install using ZIP file

• From WordPress.org Download Active Directory Integration / LDAP Integration.



• Go to the Plugins section in the Dashboard and click on the Add New button.



• Click on the Upload Plugin.



• Click on the Choose File button and select the downloaded plugin ZIP file.



• Click on the Install Now button.



• Click on the Activate Plugin button.

• Now the Active Directory Integration / LDAP Integration plugin is installed and activated.

2. Plugin Configuration

LDAP Connection Configuration

• Select Your Directory Server : Select your directory server from the dropdown.
• LDAP Server : Select the directory server protocol (LDAP/LDAPS) from the dropdown then enter the hostname or IP address of the directory server and select the server port number (389/636).
• Username : Enter the service account username.
• Password : Enter the password of the service account username.
• Click on the Test Connection & Save button to establish the connection with your LDAP server.

• Once the connection has successfully been made with your LDAP server, you can proceed to the LDAP User Mapping Configuration section.

LDAP User Mapping Configuration

• Search Base : Click on the Possible Search Bases / Base DNs button to see the list of possible search base(s) DNs and select the preferred search base from the list. You can also manually enter the search base if you want.
• Username Attribute : Select the LDAP Username Attribute from the dropdown. This will be the username for the LDAP users that log in to the WordPress website. You can also enter a custom LDAP Username Attribute by selecting the last option (Provide custom LDAP Attribute name).
• Click on the Save User Mapping button.

• Multiple search bases ,Logging in with multiple attributes and using Custom search filters are available in the premium version of our plugin.

Test Authentication

• Test Authentication : Enter the username & password of any ldap user that exists in the configured serach base and test the ldap configuration.
• Click on the Test Authentication button.

• After successfully testing the authentication, proceed to the Role Mapping tab.

3. Setup Role Mapping

Default Role Mapping

• Select the default role from the dropdown list.
• Click on the Enable Role Mapping button.
• If you do not wish to override the current roles of the users present in your WordPress website, click on the Keep existing roles of users button.

• Click on the Save Configuration button.
• Role Mapping based on LDAP Security groups, LDAP OU and LDAP attributes these features are available in the premium version of our plugin.

LDAP User Mapping Configuration

• Search Base : Click on the Possible Search Bases / Base DNs button to see the list of possible search base(s) DNs and select the preferred search base from the list. You can also manually enter the search base if you want.
• Username Attribute : Select the LDAP Username Attribute from the dropdown. This will be the username for the LDAP users that log in to the WordPress website. You can also enter a custom LDAP Username Attribute by selecting the last option (Provide custom LDAP Attribute name).
• Click on the Save User Mapping button.

• Multiple search bases ,Logging in with multiple attributes and using Custom search filters are available in the premium version of our plugin.

4. Setup Attribute Mapping

Attribute Configuration

• The email attribute is the default configuration present in our Free plugin. The premium version of our plugin allows you to additionally configure different custom attributes. Enter the Email Attribute.

• Adding Custom Attributes is a feature that is available in the premium version of our plugin.
• In the Email domain, enter the email domain you would like to assign to the users whose email attribute is not already set in the LDAP Directory.

• Click on the Save Configuration button.

Test Attribute Configuration

• To test the attribute configuration, you can enter a username of any user present in the Active directory. And click on the Test Configuration Button.

• After successfully configuring the attributes, proceed to the Login Settings Tab.

5. Setup Login Settings

Enable Login Using LDAP

• Simply click on the Enable LDAP login button. This will enable the users who are present in your Active Directory to log in to your WordPress website using their LDAP credentials.

• Enable Auto Registering users if they do not exist in WordPress: Enabling this button will allow you to auto-register the users present in your active directory into your WordPress database after they log in.
• In the premium version of this plugin, You can authenticate WordPress users from both LDAP and WordPress, Protect all website content by login and Restrict User login by Role

6. Import/Export Configuration Settings

Export Configuration

• Keep configuration upon deactivation : By clicking on this button, you will be able to export your plugin's configuration when you reinstall the plugin. This will save you the time of reconfiguring the plugin if you move it to another WordPress instance.
• Export Service Account password : Enabling this option will export the service account password in an encrypted fashion to the exported file.
• Click on Export configuration button to export the plugin configuration.

• Import Configuration feature is available in the premium version of this plugin.

7. Authentication Reports

User Report

• The Authentication Report will inform you about the failed login attempts that have been made while users are trying to log in to your WordPress website. This is a useful security feature and will inform you if there have been any malicious attempts at logging into your WordPress website.
• Click on Log Authentication Requests button.

• You can export the failed login attempts report in a .csv file format.

Additional Resources

• LDAP Authentication with Active Directory
• What is Kerberos?