NADI resets AD user’s role to ‘None’ on second login

  • Hello All,

    We have started facing an strange issue for last 10 days. Below is the description:

    In my company portal, when an AD user visits the Intranet employee portal for the first time, NADI creates a wordpress profile with Subscriber Role and it works seamlessly, and then user logs out.

    But when same user comes for the second time, he faces authorization error “You attempted to login to the site, but you do not have any permissions. If you believe you should have access, please contact your administrator.”

    In NADI configuration:
    Authorize by group membership is disabled but wordpress to AD roles mappings are there.

    It was previously working, but suddenly stopped working.

    Below are the logs for both the attempts:
    ——————– FIRST ATTEMPT—————–

    2020-03-29 15:25:45 [INFO] NextADInt_Adi_Authentication_LoginService::authenticate [line 146] A user tries to log in.
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_Authentication_LoginService::getWordPressUser [line 572] Local WordPress user ‘paul.siegmund’ could not be found
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_Authentication_LoginService::tryAuthenticatableSuffixes [line 252] Credentials={login=’paul.siegmund’,sAMAccountName=’paul.siegmund’,userPrincipalName=’paul.siegmund’,netbios=”,objectGuid=”,wordPressUserId=”}’ with authenticatable suffixes: ‘@watgov.org, @watco.wtg’.
    2020-03-29 15:25:45 [INFO] NextADInt_Ldap_Connection::createConfiguration [line 104] LDAP connection is *not* encrypted
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] account_suffix =
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] base_dn = DC=watco,DC=wtg
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] domain_controllers = 172.16.1.30 WATDNS01.watco.wtg
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_port = 389
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] use_tls =
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] use_ssl =
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] network_timeout = 5
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_username =
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_password =
    2020-03-29 15:25:45 [WARNING] NextADInt_Ldap_Connection::createConfiguration [line 116] Username for the sync user does not contain a correct suffix. If the connection to the ad fails, this could be the cause. Please make sure you have added all UPN suffixes to the configuration tab User -> Account suffix.
    2020-03-29 15:25:45 [INFO] NextADInt_Ldap_Connection::checkPorts [line 553] Checking domain controller ports:
    2020-03-29 15:25:45 [INFO] NextADInt_Ldap_Connection::checkPort [line 586] Checking address ‘172.16.1.30’ and port 389 – OK
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::authenticateUser [line 344] Trying to authenticate user with username ‘paul.siegmund’ and account suffix ‘@watgov.org’
    2020-03-29 15:25:45 [ERROR] NextADInt_Ldap_Connection::authenticateUser [line 356] Authentication for user ‘paul.siegmund’ failed [AD: Invalid credentials] [AD error code: 49]
    2020-03-29 15:25:45 [WARNING] NextADInt_Adi_User_Manager::findByActiveDirectoryUsername [line 129] Local WordPress user with wp_user_meta.samaccountname=’paul.siegmund’, user_login=’[email protected]’ or user_login=’paul.siegmund’ could not be found
    2020-03-29 15:25:45 [ERROR] NextADInt_Adi_Authentication_LoginService::authenticateAtActiveDirectory [line 427] User ‘paul.siegmund’ can not be authenticated.
    2020-03-29 15:25:45 [INFO] NextADInt_Ldap_Connection::createConfiguration [line 104] LDAP connection is *not* encrypted
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] account_suffix =
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] base_dn = DC=watco,DC=wtg
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] domain_controllers = 172.16.1.30 WATDNS01.watco.wtg
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_port = 389
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] use_tls =
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] use_ssl =
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] network_timeout = 5
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_username =
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_password =
    2020-03-29 15:25:45 [WARNING] NextADInt_Ldap_Connection::createConfiguration [line 116] Username for the sync user does not contain a correct suffix. If the connection to the ad fails, this could be the cause. Please make sure you have added all UPN suffixes to the configuration tab User -> Account suffix.
    2020-03-29 15:25:45 [INFO] NextADInt_Ldap_Connection::checkPorts [line 553] Checking domain controller ports:
    2020-03-29 15:25:45 [INFO] NextADInt_Ldap_Connection::checkPort [line 586] Checking address ‘172.16.1.30’ and port 389 – OK
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::authenticateUser [line 344] Trying to authenticate user with username ‘paul.siegmund’ and account suffix ‘@watco.wtg’
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::authenticateUser [line 348] Authentication successful for username ‘paul.siegmund’ and account suffix ‘@watco.wtg’.
    2020-03-29 15:25:45 [WARNING] NextADInt_Adi_User_Manager::findByActiveDirectoryUsername [line 129] Local WordPress user with wp_user_meta.samaccountname=’paul.siegmund’, user_login=’[email protected]’ or user_login=’paul.siegmund’ could not be found
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::findAttributesOfUser [line 386] UserInfo for user ‘paul.siegmund’: cn={Paul H. Siegmund}, sn={Siegmund}, givenname={Paul}, displayname={Paul H. Siegmund}, objectguid={f9f67c05-57e0-4b6f-8b0c-2a7bc59310c0}, useraccountcontrol={66048}, objectsid={ *D7\.C?@??|(> }, samaccountname={Paul.Siegmund}, userprincipalname={[email protected]}, mail={[email protected]}
    2020-03-29 15:25:45 [DEBUG] NextADInt_Ldap_Connection::findAttributesOfUser [line 386] UserInfo for user ‘Paul.Siegmund’: cn={Paul H. Siegmund}, sn={Siegmund}, givenname={Paul}, displayname={Paul H. Siegmund}, objectguid={f9f67c05-57e0-4b6f-8b0c-2a7bc59310c0}, useraccountcontrol={66048}, objectsid={ *D7\.C?@??|(> }, samaccountname={Paul.Siegmund}, userprincipalname={[email protected]}, mail={[email protected]}
    2020-03-29 15:25:45 [INFO] NextADInt_Adi_User_LoginSucceededService::beforeCreateOrUpdateUser [line 286] Hook beforeCreateOrUpdateUser executed
    2020-03-29 15:25:45 [WARNING] NextADInt_Adi_User_Manager::findByActiveDirectoryUsername [line 129] Local WordPress user with wp_user_meta.samaccountname=’Paul.Siegmund’, user_login=’[email protected]’ or user_login=’Paul.Siegmund’ could not be found
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Manager::createAdiUser [line 194] Created new instance of User <no_wp_user_account>={id=”, credentials=’Credentials={login=’paul.siegmund’,sAMAccountName=’Paul.Siegmund’,userPrincipalName=’[email protected]’,netbios=”,objectGuid=’f9f67c05-57e0-4b6f-8b0c-2a7bc59310c0′,wordPressUserId=”}’}
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_LoginSucceededService::createUser [line 178] Checking preconditions for creating new user User <no_wp_user_account>={id=”, credentials=’Credentials={login=’paul.siegmund’,sAMAccountName=’Paul.Siegmund’,userPrincipalName=’[email protected]’,netbios=”,objectGuid=’f9f67c05-57e0-4b6f-8b0c-2a7bc59310c0′,wordPressUserId=”}’}
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Helper::getRandomPassword [line 134] Setting random password.
    2020-03-29 15:25:45 [INFO] NextADInt_Adi_User_Manager::create [line 226] Using the samAccountName ‘Paul.Siegmund’ for newly created user instead of userPrincipalName.
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Persistence_Repository::create [line 255] Create user ‘Paul.Siegmund’.
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Manager::updateWordPressAccount [line 387] Update User Paul.Siegmund={id=’20’, credentials=’Credentials={login=’paul.siegmund’,sAMAccountName=’Paul.Siegmund’,userPrincipalName=’[email protected]’,netbios=”,objectGuid=’f9f67c05-57e0-4b6f-8b0c-2a7bc59310c0′,wordPressUserId=”}’} with this values: {“ID”:20,”first_name”:”Paul”,”last_name”:”Siegmund”,”description”:””,”display_name”:”Paul H. Siegmund”}
    2020-03-29 15:25:45 [INFO] NextADInt_Adi_User_Manager::updateSAMAccountName [line 412] Updating sAMAccountName of user ’20’ to ‘Paul.Siegmund’
    2020-03-29 15:25:45 [INFO] NextADInt_Adi_User_Manager::updateUserRoles [line 431] Updating user roles for 20 : Mapping f9f67c05-57e0-4b6f-8b0c-2a7bc59310c0={ad_security_groups=’all.employees, MunisUsers, It Social Club, webmasterreaders, Administrators, Domain Admins, Domain Users, WseAlertAdministrators, WseRemoteAccessUsers, WseRemoteWebAccessUsers, WseAllowShareAccess, WseAllowComputerAccess, WseAllowMediaAccess, WseAllowAddInAccess, WseAllowDashboardAccess, WseAllowHomePageLinks, Denied RODC Password Replication Group, panousers, Users’,wordpress_roles=”}
    2020-03-29 15:25:45 [INFO] NextADInt_Adi_Role_Manager::synchronizeRoles [line 116] Synchronizing roles of WordPress user with ID 20
    2020-03-29 15:25:45 [WARNING] NextADInt_Adi_Role_Manager::synchronizeRoles [line 134] No Role Equivalent Groups defined. User gets default WordPress role ‘subscriber’ assigned
    2020-03-29 15:25:45 [INFO] NextADInt_Adi_Role_Manager::synchronizeRoles [line 144] Security groups [“all.employees”,”MunisUsers”,”It Social Club”,”webmasterreaders”,”Administrators”,”Domain Admins”,”Domain Users”,”WseAlertAdministrators”,”WseRemoteAccessUsers”,”WseRemoteWebAccessUsers”,”WseAllowShareAccess”,”WseAllowComputerAccess”,”WseAllowMediaAccess”,”WseAllowAddInAccess”,”WseAllowDashboardAccess”,”WseAllowHomePageLinks”,”Denied RODC Password Replication Group”,”panousers”,”Users”] are mapped to WordPress roles: [“subscriber”]
    2020-03-29 15:25:45 [WARNING] NextADInt_Adi_Role_Manager::updateRoles [line 180] Cleaning existing roles false for user ‘Paul.Siegmund’ existing roles will stay untouched.
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Manager::{closure} [line 543] AD attribute ‘description” is empty. Local value ‘Attribute next_ad_int_description={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}’ left unchanged.
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘cn’ (ADI Attribute next_ad_int_cn={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to Paul H. Siegmund
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘givenname’ (ADI Attribute next_ad_int_givenname={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to Paul
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘sn’ (ADI Attribute next_ad_int_sn={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to Siegmund
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘displayname’ (ADI Attribute next_ad_int_displayname={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to Paul H. Siegmund
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘mail’ (ADI Attribute next_ad_int_mail={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to [email protected]
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘samaccountname’ (ADI Attribute next_ad_int_samaccountname={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to paul.siegmund
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘userprincipalname’ (ADI Attribute next_ad_int_userprincipalname={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to [email protected]
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘useraccountcontrol’ (ADI Attribute next_ad_int_useraccountcontrol={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to 66048
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘objectguid’ (ADI Attribute next_ad_int_objectguid={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to f9f67c05-57e0-4b6f-8b0c-2a7bc59310c0
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘domainsid’ (ADI Attribute next_ad_int_domainsid={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to S-1-5-21-1547161642-1085031214-682003330
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘department’ (ADI Attribute next_ad_int_comp_deptt={type=’string’, syncable=”, viewable=’1′, overwriteWithEmpty=’1}) to
    2020-03-29 15:25:45 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘telephonenumber’ (ADI Attribute next_ad_telephone={type=’string’, syncable=”, viewable=’1′, overwriteWithEmpty=’1}) to
    2020-03-29 15:25:45 [INFO] NextADInt_Adi_User_LoginSucceededService::afterCreateOrUpdateUser [line 300] Hook afterCreateOrUpdateUser executed, wpUser: ‘1’

    ——————— SECOND ATTEMPT ———————————

    2020-03-29 15:31:33 [INFO] NextADInt_Adi_Authentication_LoginService::authenticate [line 146] A user tries to log in.
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_Authentication_LoginService::getWordPressUser [line 577] User ‘paul.siegmund’ has local WordPress ID ’20’.
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_Authentication_LoginService::tryAuthenticatableSuffixes [line 252] Credentials={login=’paul.siegmund’,sAMAccountName=’paul.siegmund’,userPrincipalName=’paul.siegmund’,netbios=”,objectGuid=”,wordPressUserId=”}’ with authenticatable suffixes: ‘@watgov.org, @watco.wtg’.
    2020-03-29 15:31:33 [INFO] NextADInt_Ldap_Connection::createConfiguration [line 104] LDAP connection is *not* encrypted
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] account_suffix =
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] base_dn = DC=watco,DC=wtg
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] domain_controllers = 172.16.1.30 WATDNS01.watco.wtg
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_port = 389
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] use_tls =
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] use_ssl =
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] network_timeout = 5
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_username =
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_password =
    2020-03-29 15:31:33 [WARNING] NextADInt_Ldap_Connection::createConfiguration [line 116] Username for the sync user does not contain a correct suffix. If the connection to the ad fails, this could be the cause. Please make sure you have added all UPN suffixes to the configuration tab User -> Account suffix.
    2020-03-29 15:31:33 [INFO] NextADInt_Ldap_Connection::checkPorts [line 553] Checking domain controller ports:
    2020-03-29 15:31:33 [INFO] NextADInt_Ldap_Connection::checkPort [line 586] Checking address ‘172.16.1.30’ and port 389 – OK
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::authenticateUser [line 344] Trying to authenticate user with username ‘paul.siegmund’ and account suffix ‘@watgov.org’
    2020-03-29 15:31:33 [ERROR] NextADInt_Ldap_Connection::authenticateUser [line 356] Authentication for user ‘paul.siegmund’ failed [AD: Invalid credentials] [AD error code: 49]
    2020-03-29 15:31:33 [ERROR] NextADInt_Adi_Authentication_LoginService::authenticateAtActiveDirectory [line 427] User ‘paul.siegmund’ can not be authenticated.
    2020-03-29 15:31:33 [INFO] NextADInt_Ldap_Connection::createConfiguration [line 104] LDAP connection is *not* encrypted
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] account_suffix =
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] base_dn = DC=watco,DC=wtg
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] domain_controllers = 172.16.1.30 WATDNS01.watco.wtg
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_port = 389
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] use_tls =
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] use_ssl =
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] network_timeout = 5
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_username =
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_password =
    2020-03-29 15:31:33 [WARNING] NextADInt_Ldap_Connection::createConfiguration [line 116] Username for the sync user does not contain a correct suffix. If the connection to the ad fails, this could be the cause. Please make sure you have added all UPN suffixes to the configuration tab User -> Account suffix.
    2020-03-29 15:31:33 [INFO] NextADInt_Ldap_Connection::checkPorts [line 553] Checking domain controller ports:
    2020-03-29 15:31:33 [INFO] NextADInt_Ldap_Connection::checkPort [line 586] Checking address ‘172.16.1.30’ and port 389 – OK
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::authenticateUser [line 344] Trying to authenticate user with username ‘paul.siegmund’ and account suffix ‘@watco.wtg’
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::authenticateUser [line 348] Authentication successful for username ‘paul.siegmund’ and account suffix ‘@watco.wtg’.
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::findAttributesOfUser [line 386] UserInfo for user ‘paul.siegmund’: cn={Paul H. Siegmund}, sn={Siegmund}, givenname={Paul}, displayname={Paul H. Siegmund}, objectguid={f9f67c05-57e0-4b6f-8b0c-2a7bc59310c0}, useraccountcontrol={66048}, objectsid={ *D7\.C?@??|(> }, samaccountname={Paul.Siegmund}, userprincipalname={[email protected]}, mail={[email protected]}
    2020-03-29 15:31:33 [DEBUG] NextADInt_Ldap_Connection::findAttributesOfUser [line 386] UserInfo for user ‘Paul.Siegmund’: cn={Paul H. Siegmund}, sn={Siegmund}, givenname={Paul}, displayname={Paul H. Siegmund}, objectguid={f9f67c05-57e0-4b6f-8b0c-2a7bc59310c0}, useraccountcontrol={66048}, objectsid={ *D7\.C?@??|(> }, samaccountname={Paul.Siegmund}, userprincipalname={[email protected]}, mail={[email protected]}
    2020-03-29 15:31:33 [INFO] NextADInt_Adi_User_LoginSucceededService::beforeCreateOrUpdateUser [line 286] Hook beforeCreateOrUpdateUser executed
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_Manager::createAdiUser [line 194] Created new instance of User Paul.Siegmund={id=’20’, credentials=’Credentials={login=’paul.siegmund’,sAMAccountName=’Paul.Siegmund’,userPrincipalName=’[email protected]’,netbios=”,objectGuid=’f9f67c05-57e0-4b6f-8b0c-2a7bc59310c0′,wordPressUserId=”}’}
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_LoginSucceededService::updateUser [line 219] Checking preconditions for updating existing user User Paul.Siegmund={id=’20’, credentials=’Credentials={login=’paul.siegmund’,sAMAccountName=’Paul.Siegmund’,userPrincipalName=’[email protected]’,netbios=”,objectGuid=’f9f67c05-57e0-4b6f-8b0c-2a7bc59310c0′,wordPressUserId=”}’}
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_Manager::updateWordPressAccount [line 387] Update User Paul.Siegmund={id=’20’, credentials=’Credentials={login=’paul.siegmund’,sAMAccountName=’Paul.Siegmund’,userPrincipalName=’[email protected]’,netbios=”,objectGuid=’f9f67c05-57e0-4b6f-8b0c-2a7bc59310c0′,wordPressUserId=”}’} with this values: {“ID”:20,”first_name”:”Paul”,”last_name”:”Siegmund”,”description”:””,”display_name”:”Paul H. Siegmund”}
    2020-03-29 15:31:33 [INFO] NextADInt_Adi_User_Manager::updateSAMAccountName [line 412] Updating sAMAccountName of user ’20’ to ‘Paul.Siegmund’
    2020-03-29 15:31:33 [INFO] NextADInt_Adi_User_Manager::updateUserRoles [line 431] Updating user roles for 20 : Mapping f9f67c05-57e0-4b6f-8b0c-2a7bc59310c0={ad_security_groups=’all.employees, MunisUsers, It Social Club, webmasterreaders, Administrators, Domain Admins, Domain Users, WseAlertAdministrators, WseRemoteAccessUsers, WseRemoteWebAccessUsers, WseAllowShareAccess, WseAllowComputerAccess, WseAllowMediaAccess, WseAllowAddInAccess, WseAllowDashboardAccess, WseAllowHomePageLinks, Denied RODC Password Replication Group, panousers, Users’,wordpress_roles=”}
    2020-03-29 15:31:33 [INFO] NextADInt_Adi_Role_Manager::synchronizeRoles [line 116] Synchronizing roles of WordPress user with ID 20
    2020-03-29 15:31:33 [INFO] NextADInt_Adi_Role_Manager::synchronizeRoles [line 144] Security groups [“all.employees”,”MunisUsers”,”It Social Club”,”webmasterreaders”,”Administrators”,”Domain Admins”,”Domain Users”,”WseAlertAdministrators”,”WseRemoteAccessUsers”,”WseRemoteWebAccessUsers”,”WseAllowShareAccess”,”WseAllowComputerAccess”,”WseAllowMediaAccess”,”WseAllowAddInAccess”,”WseAllowDashboardAccess”,”WseAllowHomePageLinks”,”Denied RODC Password Replication Group”,”panousers”,”Users”] are mapped to WordPress roles: []
    2020-03-29 15:31:33 [WARNING] NextADInt_Adi_Role_Manager::updateRoles [line 178] Cleaning existing roles true for user ‘Paul.Siegmund’ existing roles will be deleted.
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_Manager::{closure} [line 543] AD attribute ‘description” is empty. Local value ‘Attribute next_ad_int_description={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}’ left unchanged.
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘cn’ (ADI Attribute next_ad_int_cn={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to Paul H. Siegmund
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘givenname’ (ADI Attribute next_ad_int_givenname={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to Paul
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘sn’ (ADI Attribute next_ad_int_sn={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to Siegmund
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘displayname’ (ADI Attribute next_ad_int_displayname={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to Paul H. Siegmund
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘mail’ (ADI Attribute next_ad_int_mail={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to [email protected]
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘samaccountname’ (ADI Attribute next_ad_int_samaccountname={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to paul.siegmund
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘userprincipalname’ (ADI Attribute next_ad_int_userprincipalname={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to [email protected]
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘useraccountcontrol’ (ADI Attribute next_ad_int_useraccountcontrol={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to 66048
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘objectguid’ (ADI Attribute next_ad_int_objectguid={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to f9f67c05-57e0-4b6f-8b0c-2a7bc59310c0
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘domainsid’ (ADI Attribute next_ad_int_domainsid={type=’string’, syncable=”, viewable=”, overwriteWithEmpty=’}) to S-1-5-21-1547161642-1085031214-682003330
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘department’ (ADI Attribute next_ad_int_comp_deptt={type=’string’, syncable=”, viewable=’1′, overwriteWithEmpty=’1}) to
    2020-03-29 15:31:33 [DEBUG] NextADInt_Adi_User_Manager::updateUserMetaDataFromActiveDirectory [line 479] Set AD attribute ‘telephonenumber’ (ADI Attribute next_ad_telephone={type=’string’, syncable=”, viewable=’1′, overwriteWithEmpty=’1}) to
    2020-03-29 15:31:33 [INFO] NextADInt_Adi_User_LoginSucceededService::afterCreateOrUpdateUser [line 300] Hook afterCreateOrUpdateUser executed, wpUser: ‘1’

    Please help me as I need to sort this out asap. Thank you.

    • This topic was modified 4 years, 8 months ago by sanojtomar.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘NADI resets AD user’s role to ‘None’ on second login’ is closed to new replies.