There are a handful of plug-ins available for WordPress right now that allow you to login and authenticate users based on Microsoft Active Directory credentials, but only one of them seems to actually work and it has some serious issues that need to be tackled before it’s usable in large-scale environments.
Enter my new Active Directory plug-in (I’ll call it ADAI throughout the rest of this article). I’m currently working on rewriting much of the code base for the Active Directory Integration (ADI) plug-in and turning it into an all-new plug-in for WordPress.
The major changes I’m making to the AD Integration plug-in are as follows:
- ADI stores each option in a separate row within the database tables. ADAI groups options into logical groups within the database. Since all of the options are retrieved any time the plug-in is instantiated anyway, there’s no point in storing them all separately.
- ADI does not easily support multi-site installations of WordPress. Primitive support for WPMU is built in, but it appears to all be leftover from the previous code base (Active Directory Authentication – ADA) and is mostly dependent on WPMU, rather than being set up to work natively with the new WordPress MultiSite. ADAI is being built to natively support multi-site installations (network activated).
- ADI relies on the
ldap_connect()(among others) function in PHP. This function is only available if the LDAP extension is compiled into PHP at runtime. Unfortunately, if the LDAP extension is not compiled into PHP, the plug-in will cause a fatal PHP error, resulting in a blank white screen. ADAI includes a check to make sure that that extension is compiled into PHP before actually trying to do anything. If the
ldap_connect()function is not available, the plug-in will not do anything except display an error message within the WordPress administration area informing you of the error.
- ADI stores the password used to connect to the Active Directory server in plain text within the database, allowing anyone with access to your database to easily discover your Active Directory server password. ADAI will encrypt the password before storing it in the database.
The Active Directory Authentication Integration plug-in is not yet available to the public, but much of the code is written. I am currently in the process of cleaning up the code and testing the plug-in in a few different WordPress instances. Once testing is completed, I will be releasing the plug-in publicly in the WordPress repository.