Okay
  Print

Integration of NADI with Collab Hub for Active Directory and Single Sign-On

Overview


This document is designed to demonstrate how NADI can be integrated with Collab Hub and how Active Directory (AD) and Single Sign-On (SSO) can be configured with Collab Hub.

Prerequisites for Installing NADI

To install the Next Active Directory Integration, you need at least WordPress 4.0 and PHP 5.6.

Although only tested with Apache 2.2 and 2.4 NADI should work with all other common web servers like NGINX and IIS.

Next, Active Directory Integration requires a few PHP modules to be enabled. Please verify in your php.ini(located in the root directory) that ldap, mbstring, and openssl are activated. This is important as without this the plugin cannot be activated.

  • extension=php_ldap.dll
  • extension=php_mbstring.dll
  • extension=php_openssl.dll

NOTE: If these modules are not available in your php.ini file then copy and paste above piece of code/lines in your php.ini file.


Install and Set Up Next Active Directory Integration (NADI)

1. NADI can be easily installed from the WordPress Plugin Directory

It is also possible to download the latest version from https://downloads.wordpress.org/plugin/next-active-directory-integration.zip” and unpack the folder to your WordPress/wp-content/plugins directory.


2. Log in into your WordPress dashboard as Administrator

3.  Click on the Plugins in the left the navigation bar

4. Either search for NADI using the search option


5. Or Upload from the local repository if you have already downloaded from the link.


6. The active option will appear once the plugin is installed.

7. Go to plugins to verify that the plugin is activated.

NOTE: You can enable/disable NADI for specific blogs by using the Profiles feature of NADI.

Configure Active Directory Using NADI

Once the user activates the plugin, the user will find the NADI option in the sidebar.

Click the Configuration tab to set the configuration for active directory. There are multiple tabs, but for Active Directory configuration you will have to use environment configuration and sync to WordPress.


Environment Configuration  

On the Environment configuration, you have to enter the required information of your Active Directory environment.

You must provide following details:


Domain Controller: Domain controllers used to authenticate and authorize the users

Base DN: Base DN (e.g. "dc=domain,dc=tld" or "ou=unit,dc=domain,dc=tld" or "cn=users,dc=domain,dc=tld") This option depends on your Active Directory configurations.

Username: Username used to authenticate against the Active Directory to connect your WordPress site or profile to a domain (e.g. administration@test.ad)

Password: Password used to authenticate against the Active Directory to connect your WordPress site or profile to a domain.

Remaining fields Port, use encryption and LDAP timeout are filled by default. 

Press the Verify button to check that the given credentials are correct so that the connection can be established. Once the connection is successful, press the save button to save the changes made.


Sync to Wordpress

Once you have finished the environment settings, go to Sync to WordPress page.


You must provide the following details:

Enable sync to WordPress: Enabling this option will allow NADI to sync users from the Active Directory to the WordPress database.

Import members of security groups: The members of the security groups entered here will be imported. See the documentation on how to import members of Domain Users or Domain Administrators.

Service account username: Username of an Active Directory account with "read" permissions for the users in the Active Directory (e.g. "ldapuser@company.local")

Service account password: Password for Sync to WordPress user.

After providing the above details, press the save button to save the configurations. Make sure the configuration is saved successfully.  


Active Directory to WordPress Synchronization

Once you have done environment set up and sync to WordPress settings, we are in a position to fetch the users from Active Directory to Collab hub using Sync to WordPress feature in the sidebar under NADI. For this purpose, go to Sync to WordPress and click the Start AD to WordPress Synchronization button. 

Verify Data Sync to WordPress

To verify that the data is synced to WordPress, go to staff which is located in the sidebar, click it and verify that the users are synced to WordPress.

NOTE: NADI has a feature Sync to AD, by using this feature you can send WordPress users back to the Active Directory. This might be a risk, if something goes wrong, it might affect the Active Directory. 


Configure Single Sign-On Using NADI 


Set Up Security Settings

NADI provides the feature of Single Sign-On. To configure single sign-on, you need to provide the following details in the security tab in the NADI configuration.

Enable SSO: This option will grant users the possibility to Single Sign-On WordPress once they are authenticated against Active Directory. 

Service account username: Username of an Active Directory account with at least read permissions for the users in the Active Directory (e.g. "ldapuser@company.local").

Service account password: Password of an Active Directory account with at least read permissions for the users in the Active Directory.

You can leave the remaining by default and click the SAVE button to save the configuration. 


Active Directory to WordPress Synchronization

After configuring Environment, Security, and Sync to WordPress settings tab, you need to fetch the users from Active Directory to Collab Hub using Sync to WordPress feature in the sidebar under NADI. For this purpose, go to Sync to WordPress and click the Start AD to WordPress Synchronization button.

Verify Data Sync to WordPress


To verify the data is Sync to WordPress, go to staff which is located inside the bar, click it and verify that the users are synced to WordPress.



Login to WordPress using AD User

Get a user which is fetched from AD and try to log in using his AD credentials.


The user will successfully log in to Collab Hub


NOTE: After fetching the user from AD, you need to assign a department to the user. Otherwise, a blank page will appear with the warning "user cannot access this page".