Need for Wordpress-Lightweight Directory Access Protocol (LDAP) Secure Connection

Enterprise users have number of employees whose data like email id passwords and so on needs to be maintained and saved at a central hub from where it can be retrived as and when required in order to increase company productivity. A central directory is maintained to support bussiness needs. LDAP protocol is needed to develop a secure connection between the application server and the LDAP server. LDAP protocol has the feature where Active Directory integration/ LDAP integration plugin provides login to any server where (wordpress) website is hosted using credentials stored in directory (of LDAP server). LDAP can be used not only to obtain user related information but also the ssl (Secure sockets layer) certificates.

For this enterprise users needs to configure wordpress with a certificate obtained during setting up the a plugin called as Active Directory Integration/ LDAP Integration. This certificate is obtained from the server which is LDAP compliant and can be handed over to wordpress or to any other application with which the secure connection is to be established.

Steps to configure the certificate for Wordpress-LDAP secure connection:

• Obtain AD Certificate:
  Open the CA application (an MMC snap-in: Programs->Administrative Tools->Certification Authority)
  Right click on the CA and choose Properties from the context pane.
  Click View Certificate to bring up the Certificate page.
  Click on the Details tab and then the Copy to File... button.
  Click Next.
  Select the Base-64 Encoded X.509(.cer) format and click Next.
  Select a name for the certificate (the name of the server with the ".cer" extension is a good choice)
  
• Copy the certificate file you generated in the previous step to the machine on which PHP is running.
  Run the command: openssl x509 -in -out
  Click the Browse button to save the certificate to a location of your choosing.
  Click Next and then Finishto complete the export process.
  
• Configure the certificate.
  Note: You need to have OpenLDAP Client Utilities on your web server. That can be installed depending on the Linux distribution. Once the utilities package is installed, you can configure the certificate as below:
  Navigate to the openldap installation directory and open the ldap.conf file.
  Add the following line to your ldap.conf file: TLS_CACERT ##PATH##
  
• Save the file and restart Apache.
  At this point, you should be able to securely connect to your LDAP Server.