I struggled for a while to get WordPress to use Active Directory credentials on CentOS 7. Below is how I finally got it to work.
First, install necessary packages:
sudo yum -y install openldap-clients php-ldap
If you use self-signed certificate for ldaps, you’ll need to modify /etc/openldap/ldap.conf
HOST <HOSTNAME_OF_LDAP_SERVER> PORT 636 TLS_CACERT <PATH_TO_CA_CERT> TLS_REQCERT demand
With the above settings you can test your ldap string with ldapsearch
ldapsearch -x -D "<BIND USERNAME>" -b "<BASE_DN>" -H ldaps://<LDAP_SERVER_HOSTNAME> -W sAMAccountName=<USER_TO_QUERY>
I struggled with which LDAP strings and filters to use. This is what finally got everything working with our Active Directory environment:
Second Name Attribute:
Role – group mapping
I had to change Group-Separator to _ above, because in Role – group mapping for active directory, you must put the FQDN, which includes commas. Put an underscore separated list of FQDNS for each of these fields you want.