I struggled for a while to get WordPress to use Active Directory credentials on CentOS 7. Below is how I finally got it to work.
First, install necessary packages:
sudo yum -y install openldap-clients php-ldap
If you use self-signed certificate for ldaps, you’ll need to modify /etc/openldap/ldap.conf
HOST <HOSTNAME_OF_LDAP_SERVER> PORT 636 TLS_CACERT <PATH_TO_CA_CERT> TLS_REQCERT demand
With the above settings you can test your ldap string with ldapsearch
ldapsearch -x -D "<BIND USERNAME>" -b "<BASE_DN>" -H ldaps://<LDAP_SERVER_HOSTNAME> -W sAMAccountName=<USER_TO_QUERY>
Once ldapsearch works properly, install your AD integration plugin. I use AuthLDAP by Andreas Heigl
I struggled with which LDAP strings and filters to use. This is what finally got everything working with our Active Directory environment:
LDAP URI: ldaps://<BIND_USERNAME>:<BIND_PASSWORD>@<AD_SERVER_ADDRESS>:636/<BASE DN>
Filter: (sAMAccountName=%s)
Name-Attribute: givenName
User-ID Attribute: sAMAccountName
Second Name Attribute: sn
Group-Attribute:memberOf
Group-Separator: _
Group-Filter: (&(objectClass=user)(sAMAccountName=%s)(memberOf=*))
Role – group mapping
I had to change Group-Separator to _ above, because in Role – group mapping for active directory, you must put the FQDN, which includes commas. Put an underscore separated list of FQDNS for each of these fields you want.
YOU ARE AWESOME!!
I’m glad this was helpful all these years later!
Dude you saved me tons of time and trouble with this plugin! Thank you so much!
Hello
Thank you for this help.
Can you put an example of FQDN for the group? I haven’t access with ldaps but with ladp + TLS. But WP freezes..