How to Use LDAP for WordPress User Accounts
Lightweight Directory Access Protocol (LDAP) is used to lookup information or devices within a network. In this guide, we’re going to talk about using LDAP to connect user accounts to WordPress. But there are many other users of LDAP. For example, a printer can be a device on your network, so you can use LDAP to connect to your local printer. This post will introduce some basic concepts of WordPress LDAP usage. We’ll talk about the infrastructure you need to use LDAP with WordPress, and we’ll explore possible options for integrating these two platforms.
The Infrastructure Need to Use LDAP with WordPress
This image below is taken from DNSstuff.com and it gives a basic introduction to how LDAP infrastructure works. You’ll notice there are three key items in this image. Let’s all explain all three in the context of WordPress.
- Applications requiring AD credentials: This is your WordPress site.
- API Gateway: This is LDAP. It will be in the form of a WordPress plugin or service.
- Active Directory: This is your company’s user directory.
The image above shows that LDAP is connecting your WordPress website to your Active Directory. LDAP is the language we use to talk to Active Directory and transmit messages to WordPress.
Active Directory providers come in all shapes and forms, including these:
- Apache Directory Server
- OpenLDAP Directory
- Oracle Unified Directory
- Microsoft Active Directory
- Azure Active Directory
- Sun Active Directory
Many companies, universities, and large organizations will run an Active Directory instance with all their staff information. This is a single source of truth to allow logins to all the organizations resources. These Active Directory instances may use LDAP to connect to websites, email, intranets, and much more.
Active Directory Groups and WordPress User Roles
This image below from Adaxes shows a typical Active Directory example and you can see there are user groups such as “IT”, “Marketing” and “Sales”. Inside the “Sales” group are individual users such “David Watson”, “George Jackson” and “George Jones”.
This image below shows how those users may appear once you have connected Active Directory to WordPress. You can re-create the Active Directory groups in WordPress as User Roles. Once you jabe configured the WordPress LDAP connection correctly, you should be able to add user to the screen above, and they will automatically appear on the screen below.
WordPress LDAP Options
In the first part of this guide, I explained that LDAP is a protocol that connects your WordPress site to your Active Directory instance.
However, what options do you have for an LDAP service? You can click here to see the full list of LDAP plugin in WordPress.org.
Perhaps the best option is the authLdap plugin. After installation, go to the “Settings” area and you’ll find the “AuthLDAP” link. There are many configuration settings in here, including the ability to map your Active Directory groups to your WordPress user roles.
The authLDAP plugin has outstanding reviews and several users say it works wonderfully with OpenLDAP.
LDAP can be used as a form of Single Sign-On (SSO) for WordPress. SSO allows you to use one login to access different resources. There are SSO services available such as MiniOrange and alternatives.