Plugin Directory

Test out the new Plugin Directory and let us know what you think.

Active Directory Integration

Allows WordPress to authenticate, authorize, create and update users against Active Directory

Is it possible to use TLS with a self-signed certificate on the AD server?

Yes, this works. But you have to add the line TLS_REQCERT never to your ldap.conf on your web server. If yout don't already have one create it. On Windows systems the path should be c:\openldap\sysconf\ldap.conf. Another and even simpler way is to add LDAPTLS_REQCERT=never to your environment settings.

Can I use LDAPS instead of TLS?

Yes, you can. Just put "ldaps://" in front of the server in the option labeled "Domain Controller" (e.g. "ldaps://dc.domain.tld"), enter 636 as port and deactivate the option "Use TLS". But have in mind, that

Is it possible to get more informations from the Test Tool?

Yes. Since 1.0-RC1 you get more informations from the Test Tool by setting WordPress into debug mode. Simply add DEFINE('WP_DEBUG',true); to your wp-config.php.

Where are the AD attributes stored in WordPress?

If you activate "Automatic User Creation" and "Automatic User Update" you may store any AD attribute to the table wp_usermeta. You can set the meta key as you like or use the default behavior, where the meta key is set to adi_<attribute> (e.g. adi_physicaldeliveryofficename for the Office attribute). You can find a list of common attributes on the "User Meta" tab.

Is there an official bug tracker for ADI?

Yes. You'll find the bug tracker at http://bt.steindorff.de/. You can report issues anonymously but it is recommended to create an account. This is also the right place for feature requests.

I'm missing some functionality. Where can I submit a feature request?

Use the bug tracker (see above) at http://bt.steindorff.de/.

Authentication is successfull but the user is not authorized by group membership. What is wrong?

A common mistake is that the Base DN is set to a wrong value. If the user resides in an Organizational Unit (OU) that is not "below" the Base DN the groups the user belongs to can not be determined. A quick solution is to set the Base DN to something like dc=mydomain,dc=local without any OU. Another common mistake is to use ou=users,dc=mydomain,dc=local instead of cn=users,dc=mydomain,dc=local as Base DN. Do you see the difference? I recommend to use tools like ADSIedit to learn more about your Active Directory.

I want to use Sync Back but don't want to use a Global Sync User. What can I do?

You must give your users the permission to change their own attributes in Active Directory. To do so, you must give write permission on "SELF" (internal security principal). Run ADSIedit.msc, right click the OU or CN all your users belong to, choose "Properties", go on tab "Security", add the user "SELF" and give him the permission to write.

I use the User Meta feature. Which type I should use for which attribute?

Not all attribute types from the Active Directory schema are supported and there are some special types. Types marked as SyncBack can be synced back to AD (if the attribute is writeable).

  • string: Unicode Strings like "homePhone" - SyncBack
  • list: a list of Unicode Strings like "otherHomePhone" - SyncBack
  • integer: Integers or Large Integer attributes like "logonCount" - SyncBack
  • bool: Booleans use it from boolean attributes like "fromEntry"
  • octet: Octet Strings like "jpegPhoto"
  • time: UTC Coded Time like "whenCreated"
  • timestamp: Integers which store timestamps (not the unix ones) like "lastLogon"
  • cn: Common Name extracts the CN part and drops everthing else - use it with "manager"

Why will no users be imported if I'm using "Domain Users" as security group for Bulk Import?

Here we have a special problem with the builtin security group "Domain Users". In detail: the security group "Domain Users" is usually the primary group of all users. In this case the members of this security group are not listed in the members attribute of the group. To import all users of the security group "Domain Users" you must set the option "Import members of security groups" to "Domain Users;id:513". The part "id:513" means "Import all users whos primaryGroupID is 513." And as you might have guessed, 513 is the ID of the security group "Domain Users".

I have problems with accounts that have special characters in the username. What can I do?

It is never a good idea to allow special characters in usernames! For ADI it won't be a problem, but in WordPress only lowercase letters (a-z) and numbers are allowed. The only option is to change the usernames in AD. Hey! Stop! Don't shoot the messenger.

I'm interested in the further development of ADI. How to keep up to date?

Requires: 4.0 or higher
Compatible up to: 4.3.7
Last Updated: 4 months ago
Active Installs: 9,000+


4.2 out of 5 stars


Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1 100,2,2 100,1,1 100,1,1
100,2,2 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1
100,3,3 100,1,1 100,1,1
67,3,2 100,1,1
0,1,0 50,2,1 100,2,2 100,4,4 100,1,1 100,1,1
75,4,3 100,1,1 100,1,1
100,1,1 100,1,1
100,2,2 100,1,1 100,1,1
100,2,2 100,1,1 100,1,1
100,1,1 100,1,1 100,2,2
100,5,5 100,3,3 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,3,3 100,1,1 100,1,1
33,3,1 100,1,1
71,7,5 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1
100,1,1 100,6,6
100,1,1 100,2,2
100,2,2 100,1,1
100,1,1 100,1,1
100,1,1 33,3,1