Active Directory (AD) group authentication to view wordpress posts?

1 Views

I’m trying to set up a wordpress site using active directory authentication.
One question that has come up is the ability to limit category/post/blog reading to specific AD groups.

I’ve never seen this done and I haven’t been able to find any plugins that seem to promise this functionality. It would seem that the best option is to just give a bunch of users a role with the read_private_posts capability, but I’m not sure this will do the trick.

Post Views: 1

Related posts

Leave a Reply

2 comments

  1. I think this should definitely be doable. I think I would first try to get one of the LDAP authentication plugins — like Simple LDAP Login or LDAP Login Password and Role Manager — working, and then write a small custom plugin to handle the content authorization.

    Here’s a rough outline of the custom plugin’s main logic:

    function checkContentAuthorization( $content )
{
    $authorization = array(
        'ldap group 1' => array(
            'authorizesCategories'  = array( 1, 14, 83 ),
            'authorizedPosts'       = array( 53, 48, 23, 432 )
        ),
        'ldap group 2' => array(
            'authorizesCategories'  = array( 54, 9, 34 ),
            'authorizedPosts'       = array( 48, 13, 29, 93 )
        ),
    )

    if( is_category() )
    {
        if( !in_array( $currentCategoryID, $authorization[ currentLDAPUser->groupName ][ 'authorizedCategories' ] )
            $content = 'Access denied';
    }
    elseif( is_single() )
    {
        if( !in_array( $currentPostID, $authorization[ currentLDAPUser->groupName ][ 'authorizedPosts' ] )
            $content = 'Access denied';
    }

    return $content;
}
add_filter( 'the_content', 'checkContentAuthorization' );

    Obviously that’s a stripped down version and there’s a lot of details to fill in, but actually writing the plugin itself would take at least half a day. That should get you pointed in the right direction, though.

  2. The Role System in WordPress is somehow limited, so don’t expect it to do the job. Especially not while you’re combining it with some other structure of account information that might be organized orthogonally against core WP data-structures.

    I would start with the authentication part first and when sign-on is working to see what and where to limit content access (as long as this is for reading only as you asked for it).