WordPress Active Directory Integration Walkthrough

I’ve gone ahead and created this comprehensive walk-through to help anyone that needs to setup Active Directory Integration on their own WordPress blog.  This walkthrough covers enabling LDAP (Lightweight Directory Access Protocol) through XAMPP (http://www.apachefriends.org/en/xampp.html), downloading and setting up the “Active Directory Integration” plug-in for WordPress, and migrating current WordPress users to Active Directory authenticated users.  This is advantageous because it enhances your blog’s security and unifies logins within your organization.  So without further ado, I give you the WordPress Active Directory Integration Walkthrough! (Very original name, I know)

(NOTE: Before you begin make sure that LDAP support is enabled in your server.  I used XMAPP for my MySQL and Apache implementations, which makes enabling LDAP quite simple. If you are also using XAMPP, simply go to C:\xampp\php, open the php.ini file with a text editor, search for “;extension=php_ldap.dll”, uncomment it (remove the ‘;’ symbol) and save the file with the changes.  Finally restart the Apache and MySQL services through the XMAPP control panel or windows services and LDAP should be enabled.)

1. First prepare your WordPress site for Active Directory integration by creating temporary users for all current users that will be authenticated using Active Directory (though we will be running through the whole process with a single test user first). (NOTE: this is only necessary for users whose current logins [usernames] are the same as their active directory username. For example if my WordPress username was fpalhano and my Active Directory username was ALSO fpalhano, then I would have to create a temporary username to store any posts created by fpalhano while migrating to Active Directory authentication.  If this doesn’t apply to you, skip to steps 3 and 4.)
2. To do this first make sure you are logged in as an admin, then navigate to the users tab on the left-hand side of the dashboard. (NOTE: if there is no “admin” user with no posts, I would suggest you create one now and login to that user until this process is complete)
3. From here create a new temporary user with the same role as the user you are trying to create a temp account for (I suggest [user]_temp, were [user] is the name of the current user account, but it is entirely up to you). (NOTE: it requires that you put an email for the temp account but it doesn’t really matter what you put)
4. Once you have created the temp user you will want to transfer all of the user’s posts to the temp user.  To transfer the posts all you have to do is hover your mouse cursor over the actual user and click delete (which should appear right under the username as you mouse over it).  This will bring up the “Delete Users” screen.  Now select the “Attribute all posts and links to” radio button and choose the corresponding temp user for the user you are deleting. Finally confirm the deletion.
5. Now install the “Active Directory Integration” plugin by Christoph Steindorff and ECW GmbH.  To do this first navigate to the “Plugins” tab on the left side of the dashboard and choose “add new”, again on the left side of the dashboard.  Now type “Active Directory Integration” into the search field and click “Search Plugins”.
6. This should bring you a results page. Select the correct plugin (Active Directory Integration) and click “Install Now”.
7. A prompt will come up asking if you are sure you want to install, click ok.
8. Now go back into the Plugins menu and activate the plugin.
9.  Then click on the “Settings” tab on the left side and select “Active directory Integration” underneath it.  Now fill all the fields in the “Server” tab with all relevant information and save the changes.(NOTE: you may put either the ip address or the actual name of your domain controller in the “Domain Controllers” field, but certain domain controller configurations may cause the plug-in to break if you don’t use an IP address for that field)
10.  While still in the Active Directory Integration settings, click on the User tab.  Add your domain suffix to the “Account Suffix” field. Save the changes.
11.  If you wish to test to see if the settings you applied are correct, navigate to the “Test Tool” tab in the Active Directory Integration settings.  From here you may type in any current Active Directory user and their associated password to see if you can connect to the Active Directory server.  A successful test should look something like this:(NOTE: the domain suffixes and ip address(s) were removed for security reasons.)
12.  Now that you have confirmed that the Active Directory Integration is working properly, DISABLE the plugin (VERY IMPORTANT) and repeat steps 3 and 4 for every user that is being migrated to Active Directory Authentication.  Remember the note at the beginning of this Walkthrough that this step is only necessary for users whose current WordPress username the SAME as their Active Directory username. (NOTE: you may run through this process [Steps 12 and 13] all at once or one user at a time.  However, do not forget that every time you create a temp user, the plugin must be DISABLED, and vice versa for Active Directory users.  For more information, see Final NOTE below.)
13.  From here REENABLE the Active Directory Integration plugin (again VERY IMPORTANT) and then simply repeat steps 3 and 4 again, but in reverse.  Create a user whose name corresponds to their Active Directory name and then delete the associated temp user (or old user, if creating a temp was unnecessary for said user), transferring all posts to the new user.  From now on whenever the new user logs in it will use the Active Directory server to authenticate the user with the corresponding password in Active Directory. 

(Final NOTE: If you ever need to create a NON-Active Directory user, i.e. a local user, you will have to disable the “Active Directory Integration” plugin BEFORE you create the user, otherwise it will try to authenticate said user with Active Directory and fail.  Furthermore you will NOT be able to login using any Active Directory users if the “Active Directory Integration” plugin is disabled, but you WILL be able to login to any previously created local users even if the “Active Directory Integration” plugin is enabled.  Because of this, I suggest keeping one local admin in the WordPress user pool even if you plan on only using Active Directory login.  This is so that you can still login to the admin console even if you accidently disable the “Active Directory Integration” plugin.)

And there you have it, I hope that this walkthrough has helped you implement Active Directory Integration on your own WordPress blog.  There are plenty of other options available in this extremely powerful plugin, but they are beyond the scope of this post.  However, if there is enough interest I may do a follow-up post that outlines these options.  Now go ahead and enjoy the extra security that comes from using a unified Active Directory login.  If anyone has any questions, feel free to ask in the comments below and I’ll answer them to the best of my ability.