Active Directory Integration Wordpress Plugin is used to Allows WordPress to authenticate, authorize, create and update users against Active Directory.
Good news, everyone! We rewrote this plugin from scratch and added new features and a smoother user interface. Please welcome Next ADI! The new Next ADI plugin will always stay free and open source. The development can be tracked on GitHub. Along with Next ADI we also intruduce our professional support for agencys, developers and site owners. Please note that the ADI v1 plugin is now deprecated and will not longer be supported.
For existing ADI 1 users, who won't upgrade to Next ADI:
If you are running a multisite environment you shouldn't update from 1.1.5 or lower to 1.1.6 or above. Since 1.1.6 the central settings apply for all sites. In the upcoming version Next ADI 2.0.0 you can choose between installation wide and site specific settings.
This Plugin allows WordPress to authenticate, authorize, create and update users against an Active Directory Domain.
It is very easy to set up. Just activate the plugin, type in a domain controller, and you're done. But there are many more Features:
- authenticate against more than one AD Server
- authorize users by Active Directory group memberships
- auto create and update users that can authenticate against AD
- mapping of AD groups to WordPress roles
- use TLS (or LDAPS) for secure communication to AD Servers (recommended)
- use non standard port for communication to AD Servers
- protection against brute force attacks
- user and/or admin e-mail notification on failed login attempts
- multi-language support (English, German, Norwegian and Belorussian included)
- determine WP display name from AD attributes (sAMAccountName, displayName, description, SN, CN, givenName or mail)
- setting of user meta data to any possible AD attribute
- show selected AD attributes (see above) in user profile
- tool for testing with detailed debug informations
- enable/disable password changes for local (non AD) WP users
- set users local WordPress password on first and/or on every successfull login
- WordPress 3 compatibility, including Multisite (work in progress)
- SyncBack - write changed "Additional User Attributes" back to Active Directory if you want.
- Bulk Import - import and update users from Active Directory, for example by cron job.
- Support for multiple account suffixes.
- Using LDAP_OPT_NETWORK_TIMEOUT (default 5 seconds) to fall back to local authorization when your Active Directory Server is unreachable.
- Bulk SyncBack to manually write all "Additional User Attributes" back to Active Directory.
- Disable user accounts in WordPress if they are disabled in Active Directory.
- Option to disable fallback to local (WordPress) authentication.
- NEW Support for large groups (>1000 user) in Bulk Import with PHP 5.4.0 and above.
The latest major release 1.1 was sponsored by VARA. Many thanks to Bas Ruijters.
Active Directory Integration is based upon Jonathan Marc Bearak's Active Directory Authentication and Scott Barnett's adLDAP, a very useful PHP class.
- WordPress since 4.0
- PHP 5
- LDAP support
- OpenSSL Support for TLS (recommended)
There are some issues with MultiSite. This is tracked here and
Is it possible to use TLS with a self-signed certificate on the AD server? Yes, this works. But you have to add the line TLS_REQCERT never to your ldap.conf on your web server. If yout don't already have one create it. On Windows systems the path should be c:\openldap\sysconf\ldap.conf. Another and even simpler way is to add LDAPTLS_REQCERT=never to your environment settings. Can I use LDAPS instead of TLS? Yes, you can. Just put "ldaps://" in front of the server in the option labeled "Domain Controller" (e.g. "ldaps://dc.domain.tld"), enter 636 as port and deactivate the option "Use TLS". But have in mind, that Is it possible to get more informations from the Test Tool? Yes. Since 1.0-RC1 you get more informations from the Test Tool by setting WordPress into debug mode. Simply add DEFINE('WP_DEBUG',true); to your wp-config.php. Where are the AD attributes stored in WordPress? If you activate "Automatic User Creation" and "Automatic User Update" you may store any AD attribute to the table wp_usermeta. You can set the meta key as you like or use the default behavior, where the meta key is set to adi_ (e.g. adi_physicaldeliveryofficename for the Office attribute). You can find a list of common attributes on the "User Meta" tab. Is there an official bug tracker for ADI? Yes. You'll find the bug tracker at http://bt.steindorff.de/. You can report issues anonymously but it is recommended to create an account. This is also the right place for feature requests. I'm missing some functionality. Where can I submit a feature request? Use the bug tracker (see above) at http://bt.steindorff.de/. Authentication is successfull but the user is not authorized by group membership. What is wrong? A common mistake is that the Base DN is set to a wrong value. If the user resides in an Organizational Unit (OU) that is not "below" the Base DN the groups the user belongs to can not be determined. A quick solution is to set the Base DN to something like dc=mydomain,dc=local without any OU. Another common mistake is to use ou=users,dc=mydomain,dc=local instead of cn=users,dc=mydomain,dc=local as Base DN. Do you see the difference? I recommend to use tools like ADSIedit to learn more about your Active Directory. I want to use Sync Back but don't want to use a Global Sync User. What can I do? You must give your users the permission to change their own attributes in Active Directory. To do so, you must give write permission on "SELF" (internal security principal). Run ADSIedit.msc, right click the OU or CN all your users belong to, choose "Properties", go on tab "Security", add the user "SELF" and give him the permission to write. I use the User Meta feature. Which type I should use for which attribute? Not all attribute types from the Active Directory schema are supported and there are some special types. Types marked as SyncBack can be synced back to AD (if the attribute is writeable). string: Unicode Strings like "homePhone" - SyncBack list: a list of Unicode Strings like "otherHomePhone" - SyncBack integer: Integers or Large Integer attributes like "logonCount" - SyncBack bool: Booleans use it from boolean attributes like "fromEntry" octet: Octet Strings like "jpegPhoto" time: UTC Coded Time like "whenCreated" timestamp: Integers which store timestamps (not the unix ones) like "lastLogon" cn: Common Name extracts the CN part and drops everthing else - use it with "manager" Why will no users be imported if I'm using "Domain Users" as security group for Bulk Import? Here we have a special problem with the builtin security group "Domain Users". In detail: the security group "Domain Users" is usually the primary group of all users. In this case the members of this security group are not listed in the members attribute of the group. To import all users of the security group "Domain Users" you must set the option "Import members of security groups" to "Domain Users;id:513". The part "id:513" means "Import all users whos primaryGroupID is 513." An;
Active Directory Integration WordPress Plugin Keywords
- Active Directory Integration WordPress Plugin download
- Download Active Directory Integration WordPress Plugin
- Active Directory Integration Plugin download
- Active Directory Integration Wordpress Addon download
- Active Directory Integration Wordpress Extension download
Active Directory Integration Wordpress Plugin free download
Here is the Active Directory Integration wordpress plugin download link you can download and install to your Wordpress blog