Active Directory Authentication Integration

by Curtiss Grymala

Overview


This plugin allows WordPress to authenticate, authorize, create and update against an Active Directory domain. This plugin is based heavily on the Active Directory Integration plugin, but has been modified to work with Multi Site and even Multi Network installations of WordPress.

Some of the features included in this plugin are:

  • authenticate against more than one AD Server (for balanced load)
  • authorize users by Active Directory group memberships
  • auto create and update users that can authenticate against AD
    mapping of AD groups to WordPress roles
  • use TLS (or LDAPS) for secure communication to AD Servers (recommended)
  • use non standard port for communication to AD Servers
  • protection against brute force attacks
  • user and/or admin e-mail notification on failed login attempts
  • determine WP display name from AD attributes (sAMAccountName, displayName, description, SN, CN, givenName or mail)
  • enable/disable password changes for local (non AD) WP users
  • WordPress 3.0/3.1 compatibility, including Multi Site and Multi Network

This plugin is based on glatze’s Active Directory Integration plugin, which is based upon Jonathan Marc Bearak’s Active Directory Authentication plugin and Scott Barnett’s adLDAP, a very useful PHP class.

Aside from the changes to make this plugin work more effectively with WordPress Multi Site, this version of the plugin also encrypts the password used to connect to the AD server when it is stored in the database.

This plugin was developed by Curtiss Grymala for the University of Mary Washington. It is licensed under the GPL2, which basically means you can take it, break it and change it any way you want, as long as the original credit and license information remains somewhere in the package.

Important Notice

Since I don’t currently have access to multiple AD servers, this plugin has only been tested on a single installation of WordPress with a single AD server. Therefore, it is entirely possible that there are major bugs.

At this time, I am seeking people to test the plugin, so please report any issues you encounter.

Requirements

  • This plugin requires WordPress. It might work with versions older than 3.0, but it has not been tested with those.

  • This plugin also requires PHP5. Some attempt has been made to make it compatible with PHP4, but it has not been tested in that environment.

  • This plugin requires LDAP support to be compiled into PHP. If the ldap_connect() function is not available, this plugin will output an error message and will not do anything.

To Do

  • Add ability to validate against multiple AD servers (check one, then the other – rather than just load-balancing as the plugin currently does)
  • DONE as of 0.4a – Update admin interface to utilize native meta box interface rather than custom layout
  • DONE as of 0.3a – Separate the profile information from the role equivalent groups in the “auto update user” setting

Discuss


Summary
Version:
0.6
Last updated:
Active installations:
WordPress Version:
3.0 or higher
Tested up to:
3.2.1
Ratings