LDAP Authentication with Active Directory

Different Organizations have different internal structure, Active Directory or LDAP Server provides the ability to cater the needs and requirements of all sorts. Using LDAP/Active Directory you can design a Directory structure that meets the needs of your organization. Inside Active Directory resources are organized in a logical structure which enables users to find a resource by its name rather than its physical location and this makes the network’s physical structure much more transparent to users.

What is Active Directory?

Active Directory, often known as AD is a Microsoft-developed proprietary directory service that operates on its own Windows Servers. Active Directory (AD) is a database and set of services that provides centralized management of users, computers and other objects within the network. Active Directory connects different users with the network resources from which  they need to get their work done. It also makes user management much more easier as it acts as a single repository for all of this user and computer related information.

The data inside an Active Directory is stored in hierarchical fashion as objects, here from objects we refer to users, computers, groups etc. The hierarchical way of storing the information makes it faster as well as easier to search the user information form the directory. Active Directory provides a Robust and Faster way of storing and retrieving users information from a database.

In particular Active Directory makes sure each person is who they claim to be (authentication), usually by checking the user ID and password they enter, and allows them to access only the data they’re allowed to use (authorization). Active Directory is mainly based on 5 elements which are stated below.

Elements of Active Directory

Active Directory consists of 5 Basic elements which are as follows :

Active Directory Structure

The above diagram demonstrates the internal structure of Active Directory with Forest as outermost elements. Forest contains multiple trees and trees have multiple Domains, Domains contain multiple OU’s and OU’s have different objects.

Below is brief information of each element inside of Active Directory:

1. Objects : Objects are the most basic element of an Active Directory and define a single entity in Active Directory (AD) .An object is a distinct, named set of attributes that represents a network resource.We can consider an object as either a single user or any other singular entity which is part of the network.
2. Organizational Unit (OU) : An Organizational unit is a sub division within an active directory which holds different objects such as users, computers and other network applications. It is a container which allows you to logically group objects of the same type.
3. Domain : A Domain in an Active Directory consists of Multiple OU’s. Domain is a logical group of objects such as users, computers, OU’s, etc. Each domain holds a  database containing identity information of the objects.
4. Tree : A tree in an Active Directory is a collection of one or more than one domains.
5. Forest : A forest is a group of Active Directory Trees. Trees are highest level of organization in a active directory.

What is LDAP Authentication?

LDAP or Lightweight Directory Access Protocol is an authentication protocol mainly used to access directory services. A user cannot access information stored within an LDAP database or directory without first authenticating (proving they are who they say they are). LDAP Authentication process includes verifying the entered credentials such as username and password by making a connection with directory services. The directory services that support LDAP authentication are OpenLDAP, Microsoft Active Directory, Azure Active Directory, FreeIPA Directory, etc. The LDAP Authentication from the Active Directory (AD) to the WordPress websites can be done using the miniOrange LDAP Plugin.

How does LDAP Authentication with Active Directory works using miniOrange Plugin?

When a user has a website built using a CMS like WordPress, Drupal, Joomla or any other marketplace the admin can enable login for users in the WordPress Website using their credentials stored in Active Directory using the miniOrange LDAP/ AD Login for Intranet Plugin.

Once a WordPress admin enables his users to login with their Active Directory(AD) Credentials the WordPress User can enter their credentials on the Login page and then a request containing credential information is taken in the miniOrange LDAP Intranet Plugin.

The miniOrange LDAP Intranet Plugin sends a LDAP Authentication and Authorization request with the credentials entered by the WordPress Users to the Active Directory. If the user is present in the Active Directory( If the user is present in any OU under the given search base). It checks if username and password matches each other. Based on that a True/False is returned to the miniOrange LDAP/AD Login for Intranet Plugin.

If the returned value is True the user is Logged In and if the returned value is False an error message is displayed.