Simple LDAP Login Settings

Simple Advanced User Help

Required

These are the most basic settings you must configure. Without these, you won't be able to use Simple LDAP Login.

Enable LDAP Authentication	get_setting('enabled')) ) echo "checked"; ?> /> Enable LDAP login authentication for WordPress. (this one is kind of important)
Account Suffix	Often the suffix of your e-mail address. Example: @gmail.com
Base DN	Example: For subdomain.domain.suffix, use DC=subdomain,DC=domain,DC=suffix. In most cases you should not specify an ou here.
Domain Controller(s)	Separate with semi-colons.
LDAP Directory	get_setting('directory') == "ad" ) echo "checked"; ?> /> Active Directory get_setting('directory') == "ol" ) echo "checked"; ?> /> Open LDAP (and etc)

Typical

These settings give you finer control over how logins work.

Required Groups	The groups, if any, that authenticating LDAP users must belong to. Empty means no group required. Separate with semi-colons.
LDAP Exclusive	get_setting('high_security')) ) echo "checked"; ?> /> Force all logins to authenticate against LDAP. Do NOT fallback to default authentication for existing users. Formerly known as high security mode.
User Creations	get_setting('create_users')) ) echo "checked"; ?> /> Create WordPress user for authenticated LDAP login with appropriate roles.
New User Role

Extraordinary

Most users should leave these alone.

Group Base DN (optional)	If you need to specify a different Base DN for group searches. Example: For subdomain.domain.suffix, use ou=groups,DC=subdomain,DC=domain,DC=suffix.
LDAP Login Attribute	Default: uid;
LDAP Group Attribute	In case your installation uses something other than cn;
Use TLS	get_setting('use_tls')) ) echo "checked"; ?> /> Transport Layer Security. This feature is beta, very beta.
LDAP Port	This is usually 389.
LDAP Version	Only applies to Open LDAP. Typically 3.
Search Sub OUs	get_setting('search_sub_ous')) ) echo "checked"; ?> /> Also search sub-OUs of Base DN. For example, if the base DN is "ou=People,dc=example,dc=com", also search "ou=Staff,ou=People,dc=example,dc=com for uid=username
Login Domain	prefixes login names with this domain, f.i. mydomain\username

User Data

These settings give you control over which LDAP attributes are used for user creation.

First name	The LDAP attribute for the first name.
Last name	The LDAP attribute for the last name.
Email	The LDAP attribute for the email.
Website	The LDAP attribute for the website.

Additional user data

Additional user data can be stored as user meta data. You can specify the LDAP attributes and the associated wordpress meta keys in the format <ldap_attribute_name>:<wordpress_meta_key>. Multiple attributes can be given on separate lines.

Example:
phone:user_phone_number
adress:user_home_address

Meta data	<?php echo join("\n", array_map(function ($attr) { return join(':', $attr); }, $SimpleLDAPLogin->get_setting('user_meta_data'))); ?>

Help

Here's a brief primer on how to effectively use and test Simple LDAP Login.

Testing

The most effective way to test logins is to use two browsers. In other words, keep the WordPress Dashboard open in Chrome, and use Firefox to try logging in. This will give you real time feedback on your settings and prevent you from inadvertently locking yourself out.

Which raises the question, what happens if I get locked out?

If you accidentally lock yourself out, the easiest way to get back in is to rename to something else and then refresh. WordPress will detect the change and disable Simple LDAP Login. You can then rename the folder back to its previous name.