LDAP Staff Directory

by Carlos Mairena López

Description

LDAP Staff Directory lets you connect your WordPress site to an LDAP / LDAPS server and publish a public employee directory with zero manual data entry.

Features

Connects to any LDAP or LDAPS server (including Active Directory, OpenLDAP, Samba)
Configurable Base OU and Bind DN
Extracts: full name, email, job title, department
Shortcode [ldap_directory] usable in any post, page or widget
Native Elementor widget with full style controls
Native Beaver Builder module with General and Style tabs
Real-time client-side search (no page reload)
Client-side pagination with configurable items per page
Transient-based cache with configurable TTL and one-click invalidation
Admin panel under Settings LDAP Directory
SSL certificate verification toggle (supports self-signed certs)
Optional CA certificate file path
CSS custom properties for easy theme integration
Multisite compatible (per-site settings)

Requirements

PHP ldap extension enabled on the server
WordPress 5.8 or higher
PHP 7.4 or higher

Installation

Upload the ldap-staff-directory folder to /wp-content/plugins/.
Activate the plugin through Plugins Installed Plugins.
Go to Settings LDAP Directory and fill in your LDAP connection details.
Click Test Connection to verify the settings.
Insert [ldap_directory] in any post or page, or use the Elementor / Beaver Builder widget.

Faq

The plugin says “PHP LDAP extension not found”. What should I do?

Contact your hosting provider and ask them to enable the php-ldap (or php7.x-ldap) extension. On Linux servers you can typically install it with:
sudo apt-get install php-ldap or sudo yum install php-ldap.

My server uses a self-signed SSL certificate. How do I connect?

Go to Settings LDAP Directory LDAP Connection and uncheck Verify SSL Certificate. Save, then click Test Connection.

How do I connect to Active Directory?

Use ldaps://your-dc.domain.com as the server, port 636, and a service account DN such as CN=svc-wordpress,OU=ServiceAccounts,DC=domain,DC=com.

Can I show only certain fields?

Yes. In the admin panel, check or uncheck the fields you want. You can also override per shortcode:
[ldap_directory fields=”name,title”]

How do I change the card layout or colors?

Override the CSS variables in your theme’s stylesheet:
–ldap-primary-color, --ldap-card-bg, --ldap-columns, etc.

How long is data cached?

By default 60 minutes. Change the TTL under Settings LDAP Directory Cache or flush immediately with the Clear Cache button.

Reviews

Changelog

1.0.6

Fix: Removed custom CSS input feature (admin panel textarea and Beaver Builder Advanced tab) per WordPress.org guideline prohibiting arbitrary CSS/JS/PHP injection.
Fix: Added phpcs:ignore annotation with justification to echo do_shortcode() output in Beaver Builder frontend template; changed per_page shortcode argument from esc_attr() to absint() for correct integer escaping.

1.0.5

Fix: Replace inline <style> tags in Elementor widget and Beaver Builder module with wp_add_inline_style() and Elementor’s native add_render_attribute() API to comply with WordPress.org plugin guidelines (Guideline 11 / wp_enqueue best practices).

1.0.4

Security: LDAP bind password is now encrypted at rest using libsodium (XSalsa20-Poly1305). The encryption key is derived from WordPress’s built-in security keys — no configuration required.
Security: Existing plaintext passwords continue to work and are automatically re-encrypted on the next settings save (transparent migration).
Security: An admin notice is shown when WordPress security keys (wp-config.php) have been regenerated, prompting the administrator to re-enter the bind password.
Note: Regenerating WordPress security keys requires re-entering the bind password once in Settings LDAP Staff Directory.

1.0.3

Fix: Plugin now activates without the PHP LDAP extension; a persistent admin notice informs the administrator when the extension is missing instead of blocking activation with a fatal error.
Fix: /* translators: */ comment repositioned inside sprintf(), immediately above __(), to satisfy the WordPress Plugin Checker i18n rule.
Fix: All local variables in included template files (directory.php, beaver-builder/frontend.php) renamed with ldap_ed_ prefix to comply with WPCS global-variable naming requirements.
Fix: absint() applied to $columns in Elementor widget printf() output to satisfy the WPCS escaping rule for integer values.
Fix: load_plugin_textdomain() removed — not required for WordPress.org-hosted plugins since WordPress 4.6.
Fix: Domain Path header removed from plugin file — no local translation files are bundled.
Chore: “Tested up to” updated to WordPress 6.9.
Chore: Tag list reduced to five entries per WordPress.org limit.

1.0.2

Feat: Added telephoneNumber field — read from LDAP, displayed on cards as a clickable tel: link, included in client-side search, and available in admin panel, Elementor and Beaver Builder controls.
Feat: New “Exclude Disabled Accounts” setting (connection section) — filters out disabled Active Directory accounts using the userAccountControl bit flag. Leave unchecked for OpenLDAP/other servers.
Feat: Resilient cache — when the LDAP server is unreachable after cache expiry, the last successfully fetched data (stale copy) is served silently to visitors. Only a manual “Clear Cache” action removes the stale copy entirely.

1.0.1

Fix: LDAP server URL no longer lost on save — replaced esc_url_raw() (which strips ldap:///ldaps:// schemes) with a dedicated sanitizer that validates the scheme and shows an admin error on invalid input.
Fix: Added runtime admin notice when the PHP LDAP extension is missing, covering cases where the extension is disabled after activation or the plugin is activated via WP-CLI/DB without going through the activation hook.

1.0.0

Initial release.