Why Use Active Directory with WordPress?
I recently set up a WordPress Blog internally for our company to use over our intranet to help improve communication, collaborate, share and develop ideas, and stay informed about company announcements or current events.. etc.
One of the requirements I had was to allow authentication against our Active Directory. Yes, we operate a Windows network primarily, but you can also authenticate against other LDAP directories as well. This was important from an IT position as well as the participants of the blog. I felt people would be more likely to participate if they didn’t have to manage separate user accounts for each service on the intranet. I also set up a Wiki that is Active Directory enabled. I’ll post about that at a later time. The point is, it makes little sense to create different credentials for each user with each new service. It not only becomes a hassle for IT to track and manage the accounts, it’s also a drag for participants to keep track of and manage their username and password pairs for each service. The result would most likely lead to lack of use and that is not what we want.
Integrating the existing Active Directory accounts means that each participant can access these services using the same credentials they use to access or log into their network accounts and desktops. When time comes to change passwords, you need only to update the Active Directory account and your done. Simple! What could be better?
Starting Point
The first thing we needed to do was find out how to include AD Authentication with WordPress 2.5. There are a small number of plugins that claim to allow AD Authentication, but from what I came across, most of them were older and no longer actively maintained. But…there were two in particular that still showed signs of being actively maintained and had promise.
The first was was aptly called “Active Directory Authentication”
The other plugin and the ultimately the one I managed to successfully include is wpDirAuth.
The Trials
Although I was able to get wpDirAuth to work with WordPress 2.5, there was a catch. The current “Official” release of wpDirAuth as of this writing is version 1.2 which is not compatible with WordPress 2.5 so there was some work involved to make this happen. I visited the wpDirAuth plugin page to look at the install directions. They seemed easy enough. It wasn’t until I actually installed and activated the plugin that I realized it wouldn’t work. My next stop was the support channel that the author set up to help troubleshoot install and authentication issues. It was here that I learned there was a patch already available and provided by a generous wpDirAuth user – Adam Yearout. I applied the patch and then tried to login with my network credentials again, and … No luck! By now I was scratching my head. Searching and reading all the information I could find, I finally found myself on the wpDirAuth Developer Support Channel. This was another channel set up specifically for developers. It was here that I uncovered some clues as to what was happening and a small code tweak that was necessary to overcome the problem. Apparently, the author of the plugin assumed that the login name was also the name associated with the Active Directory Account Email, which in most cases is true, but not always. For example username: johndoe would by default have an email johndoe@domain.com. In my case, my email and name and login name were not the same, so the logic that the plugin author used would not work. The good news is that the fix is a fairly simple one if you know where to look and the dev channel contained all the clues needed to find the info.
Setting up wpDirAuth with WordPress 2.5
For this how-to, I am using wordpress 2.5 installed on an Ubuntu 8.04 LTS server With Apache2 and PHP5. There is no GUI and I am not running an ftp server on this server so all settings and changes are completed using putty over SSL. Continue reading “How-to: Active Directory Authentication with WordPress”