WordPress LDAP Authentication

wordpress-4I wanted to enable LDAP in an instance of WordPress 2.6.2. To do this was not as simple as I had hoped. I spent a little over an hour trying to implement something that seemed to be self evident. After some research and testing and once all the pieces were identified and correctly configured, I finally got it working. The configuration, using an XAMPP installation with WordPress 2.6.2 on a Windows XP Professional workstation. The LDAP is provided by a Microsoft Windows 2003 server.

I installed and activated a customized plugin to support WordPress 2.6+. It is known as version 1.4 of wpdirauth and quickly received an error message. The error message stated that I needed to essentially enable LDAP access in PHP. To do so, find and edit the php.ini file by uncommenting the line provided below and saving the php.ini file. I restarted the Apache service so that this change would take effect.

extension=php_ldap.dll

wpldap3

I refreshed my screen to the Directory Authentication Options page under the Settings tab of the Admin Dashboard.

WordPress Settings
I selected Yes to Enable Directory Authentication and left No as selected for Require SSL Login. This is seen in the image below.

wpldap2

Directory Settings
These are the settings that worked for my environment.

  • Enable SSL Connectivity? No
  • Directory Servers (Domain Controllers)
    Note: I added the port :389 as indicated in a comment I found using Google.
  • Account Filter: samAccountName (default and works)
  • Account Suffix (left blank)
  • Base DN
    Found using a script found using Google. I created the file FindMyDn.vbs with the following code and

    Set objADSysInfo = CreateObject("ADSystemInfo")
    wscript.echo objADSysInfo.UserName

    The result, will be a popup box with a CN=,OU=,DC=,DC=,DC=. Use the area identified in the red box for your Base DN.
    wpldap4

  • Bind DN is in my case domainname\username with admin privileges.
  • Bind Password is the password of the domainname\username account
  • Confirm Password is the same password provided in the Bind Password box.

Here is a screenshot that may assist in setting your own WordPress LDAP connection.

wpldap

At this point, an attempted login as username and password was a success.