mrasker

Forum Replies Created

Viewing 15 replies - 16 through 30 (of 55 total)

  • If the plugin works for you I am happy for you.

    If not then here is the magic stuff from my bash script:

    while read line
do
	accntname=$(mysql -u$DBUSR -p$DBPWD -s -N $DBNAME -e "select meta_value from wp_usermeta where user_id = $line and meta_key = 'adi_samaccountname';")

	id=$(mysql -u$DBUSR -p$DBPWD -s -N $DBNAME -e "select meta_value from wp_usermeta where user_id = $line and meta_key = 'wp_user-settings-time'")

	if [ -z $id ]
	then
		id=$(mysql -u$DBUSR -p$DBPWD -s -N $DBNAME -e "select unix_timestamp(user_registered) from wp_users where id = $line")
		mysql -u $DBUSR -p$DBPWD -s -N $DBNAME -e "insert ignore into wp_usermeta (user_id, meta_key, meta_value) values ($line, 'wp_user-settings-time', $id)"
	fi

	accntthmb=$(mysql -u$DBUSR -p$DBPWD -s -N $DBNAME -e "select meta_value from wp_usermeta where user_id = $line and meta_key = 'thumbnailphoto';")

    if [ -n "$accntthmb" ]
	then
		echo $accntthmb | base64 --decode > /var/www/html/wp-content/uploads/avatars/$accntname_avatar_$id.jpg
		chown apache:apache /var/www/html/wp-content/uploads/avatars/$accntname_avatar_$id.jpg

		insertentry="https://$localip/wp-content/uploads/avatars/${accntname}_avatar_$id.jpg"
		entrysize=${#insertentry}
		insertstring="a:1:{s:4:\"full\";s:$entrysize:\"$insertentry\";} "

		exists=$(mysql -u$DBUSR -p$DBPWD -s -N $DBNAME  -e "select meta_value from wp_usermeta where user_id=$line and meta_key=\"simple_local_avatar\";")

		if [ -n "$exists" ]
		then
			mysql -u$DBUSR -p$DBPWD -s -N $DBNAME  -e "update wp_usermeta set meta_value='$insertstring' where user_id=$line and meta_key='simple_local_avatar'"
		else
			mysql -u$DBUSR -p$DBPWD -s -N $DBNAME  -e "insert into wp_usermeta (user_id,meta_key,meta_value ) values ($line,'simple_local_avatar','$insertstring')"
		fi
	fi

done < <(mysql -u$DBUSR -p$DBPWD -s -N $DBNAME -e "select user_id from wp_usermeta where meta_key='adi_whenchanged' and meta_value > '$lastupdate';")

    As you can see I have set a few other variables prio to the above, like $lastupdate, $DBUSR, $DBPWD, $DBNAME, $localip

    It is a setting (Fallback to local password), but Yes.

    and here is a possible list of values:
    https://maxvit.net/userAccountControl

    But I think this is a bit to messy to work with so if there is a better way for WP/ADI to know that an AD account disabled I would prefer that.

    I have an update to this, so please follow the link below to read it:
    https://www.ads-software.com/support/topic/disabled-users-not-showing-up-in-disabled-column?replies=9#post-8293125

    I have an update to this.

    We just found out there are other values who are possible for a Disabled user, e.g. 4194818 which indicates a Disabled user with “Do not require Kerberos Auth”.

    So we are now using this:
    ... meta_key = 'adi_useraccountcontrol' AND meta_value in (514, 66050, 4194818)

    To get this right I guess we either need to figure out “all” the combinations or find a better way to get this from the AD.

    What does your “Authorize by group membership”-field look like?
    Is the check box “checked” and is the AD User a member of any of the AD groups listed in this field?
    If the check box is “checked” you have to have at least one AD group listed here.

    What does your “Role Equivalent Groups”-field look like?
    Double-check that the spelling and the case is correct both for the AD group(s) and the WP group(s).

    What does the Test tool say?

    I think the problem is that you are not specifying the proper target meta_key in the WP DB. If you don’t then the target meta_key in the WP DB will be prefixed with “adi_” (as detailed in the help). So instead of populating “title” you are populating “adi_title”.

    Have you checked the wp_usermeta table in the DB?

    As an example, this is how we have configured the User Meta tab:

    company:string:company
telephonenumber:string:phone
mobile:string:mobilephone
title:string:title
department:string:department
manager:cn:manager
directreports:cn:directreports
streetaddress:string:address
postalcode:string:postal
l:string:city
co:string:country
physicaldeliveryofficename:string:office
physicaldeliveryofficename:string:si_location
description:string:description
jpegphoto:octet:jpegphoto
thumbnailphoto:octet:thumbnailphoto
whencreated
whenchanged
wwwhomepage
pager:string:custom1
homephone:string:custom2
ipphone:string:custom3
facsimiletelephonenumber:string:phoneext
division:string:division
useraccountcontrol:string

    As you can see we have hijacked the fax attribute for the extension, fax is an obsolete technology anyway from our perspective.

    We are also populating the meta_key “si_location” since we use the plugin “Simple Intranet” (SI). We have also hijacked the attributes “pager”, “homephone and “ipphone”; which we then use for other info in SI.

    You can also see that we get the AD user photo and later in a bash script we decode this field and save it as the Avatar.

    What have you configured on the “User”-tab?
    Do you have “Automatic User Creation” and “Automatic User Update” enabled?
    What is configured for “Display name”?

    What have you configured on the “User Meta”-tab? Do you have any attributes listed there and what data type have you configured?

    ?? Good news indeed

    We too would like to see this in an upcoming version of ADI.

    Ryan: I will give your “plugin” a go in our Lab but if it does what you say it does then you will have solved a big problem for us. So thanks!

    Thread Starter mrasker

    (@mrasker)

    Sadly I can not provide a link since this is on our Intranet.

    Which also creates a problem with sharing Screenshots since all the tables contain information which requires a signed NDA to be viewed.

    Would it be possible for you to guide me as to how we should have done this and maybe then I can provide feedback based on that?

    Thank you in advance

    Well, I took the 1.1.8 DL link:
    https://downloads.www.ads-software.com/plugin/active-directory-integration.1.1.8.zip

    And simply replaced the numbering to:
    https://downloads.www.ads-software.com/plugin/active-directory-integration.1.1.5.zip

    Not that I know if this is the correct ZIP, but it seems to work. ??

    Not that I know if this is the problem, but I think ADI 1.1.8 is not for Multi-site. I think you need to go back to 1.1.5. Maybe it is worth a test at least?

    Sure, if you provide more info on your setup. ??

    If you haven’t configure ldap then start by using Google. There are plenty of resources available “out there”.

    However, a common problem is that you configure a Base DN that is too far out in the ldap tree (AD). Unless the AD is very big and complex you can usually use a very short Base DN, e.g. dc=[company],dc=[com].

    Another common problem is that you are trying to use TLS but have not made all the config for it, so start by not using TLS before you have everything else working.

    I had a similar request and found out that at least for me there is a bit more info you can get from the Test tool window.

    Click anywhere in the Test tool window to select the window, select all (CTRL-A), Copy all selected (CTLR-C) and finally Paste it in a text editor.

    Hope it helps

    If not please get back with more info on how you have configured LDAP (e.g. openLDAP) and ADI.

Viewing 15 replies - 16 through 30 (of 55 total)