LDAP/Active Directory Login for Intranet sites
Add to ListFeatures | Setup Guide | Documentation | Integrations | Contact Us
Active Directory Integration / LDAP Integration Login for Intranet Sites plugin lets users sign in to WordPress using their LDAP or Active Directory credentials. It maps LDAP and Active Directory attributes to WordPress user fields, syncs profiles on login, and assigns roles based on directory groups or OUs.
This plugin supports:
- Microsoft Active Directory
- Azure Active Directory
- Sun Active Directory
- OpenLDAP Directory
- JumpCloud
- FreeIPA Directory
- Synology
-
OpenDS and other LDAP directories.
-
You can fetch LDAP OUs, map LDAP attributes, test LDAP and Active Directory authentication, and review LDAP authentication reports for failed login attempts.
- This plugin brings centralized LDAP and Active Directory-based authentication, improves access control, and keeps your WordPress user information consistent with your directory source.
How the Plugin Works:
When a user enters their details on the WordPress login page, the plugin sends an LDAP or Active Directory authentication request to your directory server. If the LDAP or AD credentials match, the user is logged in, and a WordPress account is created or updated.
During LDAP or Active Directory login, the plugin can:
- Read LDAP and AD attributes
- Map LDAP attributes to WordPress profile fields
- Assign WordPress roles based on LDAP or Active Directory groups and OUs
- Sync LDAP or AD user data on every login
You can enable LDAP secure connection (LDAPS) or Kerberos / NTLM for passwordless AD login on domain-joined machines. LDAP filters, multiple LDAP search bases, and backup LDAP servers can be configured when needed. LDAP authentication failures are logged for security review.
This ensures WordPress uses your LDAP or Active Directory server as the main source of truth for identity and login.
Plugin
LDAP/Active Directory Login for Intranet Sites Plugin
LDAP/Active Directory login for Intranet Sites Premium Plugin
LDAP/Active Directory login for Intranet Sites Premium Plugin for Multisite
LDAP/Active Directory login for Cloud/Shared Hosting Plugin
Add Ons
Kerberos Single Sign On (SSO)
Sync User LDAP Directory
Profile Picture Sync for WordPress and BuddyPress
Search Staff/Employee from LDAP Active Directory
Password Sync with LDAP Server
Minimum Requirements
- Compatible with WordPress version 5.0 or higher
- Compatible with PHP version 5.6.0 or higher
- PHP LDAP extension Enabled
Get a quick overview of our product
Features of the AD Integration/ LDAP Integration Login for Intranet Sites Plugin
The LDAP/Active Directory Login for Intranet sites plugin includes user management features as well, such as adding users from Active Directory or another LDAP Directory who are not registered in WordPress, WordPress role mapping, LDAP/Active Directory to WordPress attribute mapping, and more. We also provide additional add-ons that enhance the functionality of the basic plugin such as enabling Kerberos/NTLM SSO Authentication, importing users from Active Directory/LDAP Server to WordPress, creating users in Active Directory/LDAP server when created/registered in the WordPress site, sync users between the Active Directory/LDAP server and WordPress site, sync LDAP/Active Directory Profile Picture thumbnail attribute to WordPress user profile picture, AD integration with third-party plugins and more.
What is Kerberos/NTLM Single Sign On (SSO)
Effortlessly enable Single Sign-On (SSO) within your Active Directory-secured intranet using Kerberos/NTLM authentication. Enjoy passwordless login for domain-joined machines and enhanced security through restricted external access. With cross-platform compatibility, Kerberos authentication across Windows is also ensured. Kerberos authentication can also be done access Ubuntu, CentOS, and RHEL, protecting against unauthorized access and impersonation threats. You can also configure Kerberos/NTLM SSO with Apache on Windows.
Benefits of Kerberos Authentication Protocol
Secure Authentication: Strong cryptography ensures safe access to systems and resources.
Mutual Authentication: Verifies both client and server identities to prevent impersonation.
Cross-Platform Compatibility: Supports diverse operating systems and applications for broad SSO adoption.
Free Version Features:-
- LDAP / Active Directory Login: Authenticate users by verifying their LDAP or Active Directory credentials instead of storing separate credentials in WordPress. This gives your intranet a centralized login system.
- LDAP User Auto Creation: When a directory user logs in for the first time, the plugin creates a matching WordPress account automatically. No manual user creation required.
- LDAP Profile Sync: Update a user’s WordPress profile on every login by pulling details such as name, email, and username from your directory server.
- Default Role Mapping: Assign a default WordPress role to all authenticated directory users to maintain consistent permissions across your intranet.
- LDAP Attribute Mapping: Map directory attributes like mail, sAMAccountName, UID, or CN to WordPress user fields. This keeps user information aligned between systems.
- LDAPS Support: Encrypt all authentication traffic between WordPress and your directory server using LDAPS. This protects credentials from being intercepted.
- LDAP Authentication Reports: Record all failed LDAP or Active Directory login attempts. Admins can export these logs to review potential security issues or misconfigurations.
- Add WordPress Users to LDAP: When a new user registers on WordPress, the plugin can automatically create or update the corresponding account in your directory (when supported).
- LDAP OU Fetching: Automatically pull Organization Units (OUs) from your directory to help you set up the correct search base during configuration.
- LDAP Connection Test: Test your directory hostname, port, bind details, and search base before enabling login to ensure everything works as expected.
- Demo LDAP Server: Use the built-in demo directory to try the plugin without connecting your production LDAP or Active Directory environment.
- Hybrid LDAP Support: Support configurations where part of your environment runs on-prem Active Directory and part uses cloud directory services.
- WordPress Compatibility: Fully compatible with the latest WordPress and PHP versions. Includes documentation, setup videos, and easy configuration screens.
You can find out how to configure the (AD Integration) Active Directory Integration / LDAP Integration plugin through the video below
This LDAP/Active Directory Login (AD Login) plugin is free to use under the Expat license. If you wish to use enhanced features, you may purchase our Premium version. We also provide additional add-ons that enhance the functionality of the basic WordPress LDAP/AD Login plugin. This will help support further development of our LDAP plugin, and in turn, serve our customers better.
- Our premium plugin includes additional features, as well as the aforementioned free plugin features.
- Login with Any LDAP Attribute: Authenticate users using attributes like sAMAccountName, UPN, mail, UID, or any custom field defined in your directory schema.
- Advanced LDAP / AD Role Mapping: Assign roles dynamically based on a user’s group membership or OU. You can create multiple mapping rules for different user segments.
- LDAP Group Fetching: Automatically fetch directory security groups to simplify role-mapping setup inside WordPress.
- Extended LDAP Attribute Mapping: Map extended directory attributes such as givenName, sn, telephoneNumber, and custom schema fields to WordPress user meta.
- Custom LDAP Attribute Support: Create custom WordPress profile fields and link them to any attribute available in your directory server.
- Custom LDAP / AD Search Filters: Restrict login using rules based on group membership, userAccountControl flags, or any advanced LDAP filter.
- Multiple LDAP Search Bases: Authenticate users across multiple OUs or directory paths without duplicating configuration.
- Multi-Directory Login: Connect WordPress to multiple LDAP or Active Directory domains. The plugin can try each directory in sequence or route users based on domain rules.
- WordPress to Directory Sync: Push WordPress profile updates back to your directory server to maintain consistency in both directions.
- Dual Authentication Mode: Allow both directory users and native WordPress users to log in. Useful for mixed environments or admin-only local access.
- Post Login Redirects: Send users to a custom URL, homepage, or profile page after successful login.
- Detailed LDAP Authentication Logs: Collect detailed logs for each failed authentication attempt, including reason codes, timestamps, and directory responses.
- Import / Export Plugin Configuration: Export your plugin setup from staging and import it into production to avoid repetitive configuration work.
- Multisite LDAP / AD Support: Configure your directory connection at the network level and apply it to selected subsites in a WordPress multisite network.
- Role-Based Login Restrictions: Restrict login based on assigned WordPress roles when running mixed login environments.
- Provides seamless AD integration with third-party plugins such as BuddyBoss, BuddyPress, Ultimate Member, Gravity Forms, Groups, and eMember.
You can find out Active Directory Integration / LDAP Integration Premium Version Features through the video below
= Add-ons List=
- Active Directory Single Sign-On (SSO) using Kerberos/NTLM: Enable passwordless SSO for domain-joined machines using Kerberos or NTLM. Works with Apache, IIS, Windows with Apache, and GSSAPI-based authentication.
- Sync Users LDAP Directory: Import directory users into WordPress and schedule ongoing synchronizations. Supports bidirectional sync when enabled.
- Sync BuddyPress Extended Profiles: Pull directory attributes into BuddyPress extended profile fields during login.
- Password Sync with Active Directory/LDAP Directory: Sync password changes made in WordPress back to your directory server, keeping credentials aligned.
- Profile Picture Sync for WordPress and BuddyPress: Sync thumbnail photos from your directory into WordPress or BuddyPress profile pictures.
- Ultimate Member Login and Profile Integration: Enable directory login in Ultimate Member forms and map directory fields to Ultimate Member profile fields.
- Page/Post Restriction: Control access to specific pages or posts using LDAP groups or WordPress roles.
- Search Staff From Active Directory/other LDAP Directory: Display directory users on a WordPress page using a searchable shortcode or widget.
- Third-Party Plugin User Profile Integration: Sync directory attributes to user profiles created by other plugins.
- Gravity Forms Integration: Populate form fields with directory data and verify user identity during form submission.
- Sync BuddyPress Groups: Assign BuddyPress groups to users based on their directory group membership.
- MemberPress Plugin Integration: Allow access to MemberPress-protected content using LDAP or Active Directory accounts.
- eMember Plugin Integration: Enable directory login for eMember accounts.
- WP Groups Plugin Integration: Map directory groups to the Groups plugin user groups for permission-based workflows.
Use Cases
Enable SSO for Multiple Active Directory Users on Domain-Joined Machines with Kerberos/NTLM
Enable seamless login for employees who use domain-joined computers. When a user is already signed into their workstation with their LDAP or Active Directory account, the plugin (with the Kerberos / NTLM addon) can authenticate them automatically on WordPress without asking for a password. This gives your intranet a smooth, secure, and passwordless login flow.
Enable MFA for External Access After LDAP Kerberos SSO
Inside the intranet, users can rely on SSO through LDAP or Active Directory. But when someone logs in from outside the network or over VPN, you can require Multi-Factor Authentication (MFA). This protects sensitive content by verifying identity through both directory credentials and a second factor.
Map LDAP/AD Groups and Attributes to WordPress User Profiles
Use directory groups and user attributes to assign WordPress roles automatically. For example, members of an “HR” group can be mapped to an editor role, while others receive subscriber or custom roles. This reduces manual user management and ensures permissions stay aligned with your organizational structure.
Automate LDAP/Active Directory Sync with WordPress for Seamless User Management
Keep WordPress user accounts up to date by syncing them with LDAP or Active Directory schedules. This includes importing new users, updating profile details, syncing profile photos, and optionally enabling self-service password updates. This is useful for large teams where user details change often.
Enable Multiple LDAP Directories Support for WordPress Authentication and Synchronization
If your setup includes multiple directory domains or different LDAP servers, the plugin can authenticate users across all of them. It can try servers in sequence or route users based on their domain. This helps organizations with multi-forest, multi-tenant, or hybrid identity environments.
LDAP/Active Directory Integration for WordPress Multisite Environments
Manage LDAP or Active Directory authentication across an entire WordPress multisite network. Configure the directory connection once at the network level and apply it to selected subsites. Each site can inherit settings or define its own role mappings.
Other Use-Cases we support:-
- miniOrange Active Directory/LDAP Integration for Cloud & Shared Hosting Platforms Plugin supports login to WordPress sites hosted on a shared hosting platform using credentials stored in active directory and LDAP Directory systems in case you are not able to enable LDAP Extension on your site.
- Search Staff/Employee present in your Active Directory: Display employee information pulled directly from LDAP or Active Directory on your WordPress site. Users can search staff by name, email, department, or other attributes. This is useful for intranets, company portals, employee dashboards, and internal contact lists.
Integration with Different CMSs
LDAP/Active Directory Integration for ExpressionEngine
LDAP/Active Directory Integration for OpenCart
LDAP/Active Directory Integration for Craft CMS
Need support?
For support or troubleshooting help, please email us at [email protected] or Contact us.
