Fishing games casino free chips.Makakuha ng libreng 700pho sa bawat deposito

Lee Honeycutt
(@alpinelakesdesign)

9 years ago

We’ve managed to set up the ADI plugin with our Active Directory, and it seems be working fine. But we’re doing some testing of different scenarios, and when we temporarily disabled test users, their list in WP Users doesn’t appear in the “Disabled Column” on the right.

Any suggestions on how to trouble shoot this?

Thanks.

— Lee

https://www.ads-software.com/plugins/active-directory-integration/

Viewing 9 replies - 1 through 9 (of 9 total)

dan_riv
(@dan_riv)

8 years, 9 months ago

I’m experiencing this too. I have the plugin configured so that AD is checked every time a user logs in, and no data is writable back to AD. Everything seems to behave the way I would expect, but this column is not updated.

Automatic User Creation is enabled
Automatic User Update is enabled
Enable Local Password Change is disabled
Set Local PW on First Login is enabled, but I’ve tried both ways
Automatic Password Update is disabled, but I’ve tried both ways

My real issue is that when users are disabled in AD, they are locked out as intended but they are given what I think is a misleading error on the WP login page–incorrect password for this user. This is minor and may be the best fit that exists in WP. However, I think user doesn’t exist would be better.
mrasker
(@mrasker)

8 years, 9 months ago
What does it say in the DB?

Try this Query and see if the AD Disabling is working at all:
```
select distinct id, display_name
from wp_users
join wp_usermeta as usercontrol on wp_users.id = usercontrol.user_id and usercontrol.meta_key = 'adi_useraccountcontrol' and usercontrol.meta_value = 514
;
```
dan_riv
(@dan_riv)

8 years, 9 months ago

Documentation states “This flag is automatically set (or unset) by Bulk Import and its state may change on next run of Bulk Import.”

Is this flag only set by bulk import? I was hoping not to need that process.

I’m still getting things set up, but closer to a production ready state. I’m hoping repeated testing with the same user isn’t muddying the waters. Any help is greatly appreciated!

dan_riv
(@dan_riv)

8 years, 9 months ago

Thanks for the quick response mrasker! Looking at the entire usermeta table, there isn’t an entry for adi_user_disabled. (I only have two users right now, so it’s easy to just match up the user_id and take a look)
mrasker
(@mrasker)

8 years, 9 months ago
See my edited post, I copied the wrong query. ??

Also, the below is from a bash script we run after every bulk-import to manage WP users and made a bunch of fixes for some of our plugins:
```
while read theUserId theUsername
do
	if [ $SHOW == 1 ]; then echo <code>date +"%Y-%m-%d %H:%M:%S"</code> "- Checking ADI Disable fields for" $theUsername "("$theUserId")" ; fi
	HaveDisable=$(mysql -u$DBUSR -p$DBPWD $DBNAME -s -N -e "select distinct user_id from wp_usermeta where meta_key = 'adi_user_disabled' and user_id = $theUserId")
	if [ -n "$HaveDisable" ]
	then
		if [ $SHOW == 1 ]; then echo <code>date +"%Y-%m-%d %H:%M:%S"</code> "- Checking ADI DISABLE fields for" $theUsername "("$theUserId"). Existing, updating the fields."; fi
		mysql -u$DBUSR -p$DBPWD $DBNAME -e "update wp_usermeta set meta_value = 1 where meta_key = 'adi_user_disabled' and user_id = $theUserId"
		mysql -u$DBUSR -p$DBPWD $DBNAME -e "update wp_usermeta set meta_value = 'User Automatically disabled by BulkImport' where meta_key = 'adi_user_disabled_reason' and user_id = $theUserId"
	else
		if [ $SHOW == 1 ]; then echo <code>date +"%Y-%m-%d %H:%M:%S"</code> "- Checking ADI DISABLE fields for" $theUsername "("$theUserId"). Missing, inserting fields."; fi
		mysql -u$DBUSR -p$DBPWD $DBNAME -e "insert ignore into wp_usermeta (user_id, meta_key, meta_value) values ($theUserId, 'adi_user_disabled', 1)"
		mysql -u$DBUSR -p$DBPWD $DBNAME -e "insert ignore into wp_usermeta (user_id, meta_key, meta_value) values ($theUserId, 'adi_user_disabled_reason', 'User Automatically disabled by BulkImport')"
	fi

	if [ $SHOW == 1 ]; then echo <code>date +"%Y-%m-%d %H:%M:%S"</code> "- Checking ADI Exclude fields for" $theUsername "("$theUserId")" ; fi
	HaveExclude=$(mysql -u$DBUSR -p$DBPWD $DBNAME -s -N -e "select distinct user_id from wp_usermeta where meta_key = 'exclude' and user_id = $theUserId")
	if [ -n "$HaveExclude" ]
	then
		if [ $SHOW == 1 ]; then echo <code>date +"%Y-%m-%d %H:%M:%S"</code> "- Checking ADI Exclude fields for" $theUsername "("$theUserId"). Existing, updating the field." ; fi
		mysql -u$DBUSR -p$DBPWD $DBNAME -e "update wp_usermeta set meta_value = 'Yes' where meta_key = 'exclude' and user_id = $theUserId"
	else
		if [ $SHOW == 1 ]; then echo <code>date +"%Y-%m-%d %H:%M:%S"</code> "- Checking ADI Exclude fields for" $theUsername "("$theUserId"). Missing, inserting the field." ; fi
		mysql -u$DBUSR -p$DBPWD $DBNAME -e "insert ignore into wp_usermeta (user_id, meta_key, meta_value) values ($theUserId, 'exclude', 'Yes')"
	fi

	if [ $SHOW == 1 ]; then echo <code>date +"%Y-%m-%d %H:%M:%S"</code> "- Adding Disabled user to the Disabled WP Roles for" $theUsername "("$theUserId")"; fi
	mysql -u$DBUSR -p$DBPWD $DBNAME -e "update wp_usermeta set meta_value = 'a:1:{s:8:\"disabled\";b:1;}' where meta_key = 'wp_capabilities' and user_id = $theUserId"

done < <(mysql -u$DBUSR -p$DBPWD $DBNAME -s -N -e "select distinct id, display_name from wp_users join wp_usermeta as usercontrol on wp_users.id = usercontrol.user_id and usercontrol.meta_key = 'adi_useraccountcontrol' and usercontrol.meta_value = 514 join wp_usermeta as userdisable on wp_users.id = userdisable.user_id and userdisable.meta_key = 'adi_user_disabled' and userdisable.meta_value != 1 join wp_usermeta as capabilities on wp_users.id = capabilities.user_id and capabilities.meta_key = 'wp_capabilities' and capabilities.meta_value not like '%disable%'")
```
The stuff about the “exclude” flag is for the plugin “Simple Intranet”, but maybe you can use the rest in your environment?
mrasker
(@mrasker)

8 years, 9 months ago

Beware of the < code > tag which is instead of the backtick which is used by bash.

dan_riv
(@dan_riv)

8 years, 9 months ago

After more testing I see that first of all, I’m trying to authorize by AD group, and previously when I said I was disabling the test user, I was actually just removing them from the AD user group that I’m checking for.

However, when I disable the user in Active Directory (right-click, Disable user) and I login to WordPress I still get an incorrect PW error, and in the usermeta table the user’s adi_useraccountcontrol code is still stored as 66048. (Enabled, Password does not expire)

Could the plugin not be updating the user meta to Disabled because the user has already failed the AD group check?

I wonder if the combination of settings I’m using is less than ideal.

mrasker
(@mrasker)

8 years, 7 months ago

I have an update to this.

We just found out there are other values who are possible for a Disabled user, e.g. 4194818 which indicates a Disabled user with “Do not require Kerberos Auth”.

So we are now using this:
... meta_key = 'adi_useraccountcontrol' AND meta_value in (514, 66050, 4194818)

To get this right I guess we either need to figure out “all” the combinations or find a better way to get this from the AD.

mrasker
(@mrasker)

8 years, 7 months ago

and here is a possible list of values:
https://maxvit.net/userAccountControl

But I think this is a bit to messy to work with so if there is a better way for WP/ADI to know that an AD account disabled I would prefer that.

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Disabled users not showing up in Disabled column’ is closed to new replies.