LDAP and AD integration
- Installed/activated the Simple LDAP Login WordPress plugin (version 1.3.0.3).
-
Under Settings -> Simple LDAP Login, I did the following configuration:
- LDAP Directory: this defaults to “Active Directory” and must be changed to “OpenLDAP (BETA, may support other LDAP directories)”.
- Account suffix: @ua.edu
- Base DN: ou=people,dc=ua,dc=edu
- Domain Controller(s): ldap.ua.edu
- Be sure to click the “Update Options” button to set this configuration when you’re done.
Additionally, you’ll need to decide how Simple LDAP Login will or will not create new WordPress users on your system. The choices are:
- Authenticate WordPress users against LDAP. I will create the accounts in wordpress myself. (default)
- Create WordPress account for anyone who successfully authenticates against LDAP.
- Create WordPress account for users in specified AD group.
Customizing wpDirAuth
Authentication in LDAP is a two step process:
- Connect to the LDAP server.
- Bind to the directory using a username and password.
The ldap_bind()
function returns a boolean, which succeeds if the username and password were found in the directory.
Here’s an example syntax:
Note that the line reading: $ldap['ad_domain'] . '\' . $ldap['username']
is what prefixes your username with the Active Directory domain. So if you typically logon to your network with MicrosoftBillGates, the domain is Microsoft. The \ is the escaped backslash character. It is a special symbol, so don’t forget to escape it!
Using this information, we can modify the wpDirAuth plugin to work with our Active Directory. Pare it down to only use Active Directory (you don’t need the OpenLDAP stuff around line 300), and look for any instances of ldap_bind()
. Make sure the username is prefixed with the domain and escaped backslash. You don’t need the prebound / prebinding stuff.
When you’re done with that, install and activate the plugin. Set the Directory Servers and Base DN in the Admin settings, the rest should be okay.