WP-LDAP

This plugin turns your WordPress Dashboard into a familiar management interface for an enterprise-scale LDAP Directory Information Tree (DIT). Configure a connection to your LDAPv3 directory server, and from then on any modifications you make to your WordPress user database through the WordPress admin screens will be reflected in your LDAP database. This offers a simpler and more convenient front-end for managing user account information to support single sign-on (SSO), identity management, and other enterprise functions.

Donations for this plugin make up a chunk of my income. If you continue to enjoy this plugin, please consider making a donation. 🙂 Thank you for your support!

All user accounts on the WordPress side are mirrored as inetOrgPerson (RFC 2798) entries on the LDAP side. The following WordPress user account fields to LDAP attribute translations take place when a new WordPress user is created:

• The WordPress user_login field becomes the uid attribute in the LDAP database.
• The WordPress user_email field becomes the mail attribute in the LDAP database.
• The WordPress display_name field becomes the displayName attribute in the LDAP database.
• The WordPress user_pass field becomes the userPassword attribute in the LDAP database.

There is no mapping for the WordPress user ID number on the LDAP side. Instead, users are uniquely identified by their fully-qualified Distinguished Name (DN). A user’s DN is automatically composed by combining their WordPress user_login with the WordPress Multisite’s configured LDAP Search Base setting. For instance, by default, a WordPress Multisite with WP-LDAP installed running at https://example.com/ with a user whose username is exampleuser will automatically be mirrored over LDAP to the user identified as uid=exampleuser,dc=example,dc=com.

In addition to the above mappings, the following optional mappings also take place if or when the user updates their user profile:

• The WordPress first_name field becomes the givenName attribute in the LDAP database.
• The WordPress last_name field becomes the sn attribute in the LDAP database.
• The WordPress nickname field becomes the cn attribute in the LDAP database.
• The WordPress description field becomes the description attribute in the LDAP database.
• The WordPress user_url field becomes the labeledURI attribute in the LDAP database.
• The WordPress user’s avatar becomes the jpegPhoto attribute in the LDAP database. (Not yet implemented.)

Moreover, WP-LDAP is aware of certain features provided by other plugins. These include:

• The WordPress user’s S/MIME certificate (smime_certificate field) becomes the userSMIMECertificate attribute in the LDAP database. (This functionality is provided by the WP PGP Encrypted Emails plugin and that plugin must be installed and activated for this to work.)

This plugin is designed for medium to large deployments of WordPress Multisite (or Multi-Network) instances, originally developed as a collaboration with the Glocal Coop’s Activist Network Platform project. If you run multiple WordPress Multisite Networks, you can configure each WP Network with different LDAP settings. This plugin does not currently support single-site installs; please post an issue on GitHub if you want to use LDAP data stores with a WP single-site install and we can discuss use cases.
This plugin is free software, but grocery stores do not offer free food. Donations for this plugin make up a chunk of my income. If you continue to enjoy this plugin, please consider making a donation. 🙂 Thank you for your support!