schakko

We have just tested BackWPUp 4.1.2 with the latest available NADI version and it works on our side without any problems. Two remarks here:

• BackWPUp 4.1.2 is wrongly packaged. There is the file vendor\monolog\src\Monolog\Handler\ElasticsearchHandler.php and vendor\monolog\src\Monolog\Handler\ElasticSearchHandler.php (note the uppercase ‘S’) in the ZIP file. We had to manually delete the upper-case file from the ZIP files. Otherwise we would not be able to extract the archive manually.
• BackWPUp does not repackage Monolog in its own namespace. We are doing this since NADI version 3.0. To keep our plug-in compatible, there is a stub.
  You can remove our Monolog stub by commenting out the line 40 (require_once DIR . '/monolog_logger.php';) in next-active-directory-integration/src/compat-v2/stubs.php. For some reason in your environment the loading of BackWPUp’s dependency occurs to a later point in time.

Hey there,

1. Do you have enabled “Set local password on first successful login” and/or “Fallback to local password” on the configuration page https://docs.active-directory-wp.com/Configuration/Password.html?
2. What does your Windows Server event log shows when your users are not able to log in with their new password?
3. Do you have NADI installed in a WordPress Multisite environment?
4. Can you check with your browser’s Web Developer Console if there any JavaScript errors on the configuration page?

Deleting users in WordPress is not implemented:

1. It is not performant to check if a missing user during a synchronization is really deleted or just have been moved to another domain in a forest.
2. For different user (groups) in WordPress there might be a different handling, what to do with items of the deleted user – think of posts, WooCommerce orders and so on. There are too many corner-cases, depending upon the concrete WordPress environment.

Please feel free to use the hooks from https://docs.active-directory-wp.com/API/Synchronization.html to implement a matching solution for your environment!

We have fixed this issue in https://github.com/NeosIT/active-directory-integration2/issues/191. You can either check out the latest devlopment branch or wait for the next release!

I’am unable to reproduce the issue with the latest 3.1.0 version. A quick question: Do you have added valid credentials to Sync to WordPress and is the username UPN format and not just the sAMAccountName?

I am not sure if we can sort this issue out without any further digging into it. Can you re-check if in the logs it is really printed “[email protected]” for userPrincipalName in the first log line and principal in the second line?

2023-09-18T12:28:47.160923+00:00 [DEBUG] Dreitier\Ldap\Connection::findAttributesOfUser [line 424] UserInfo for user 'UserQuery={principal='mySAM',isGuid=''}': cn={Doe, John}, sn={Doe}, description={John Doe}, givenname={John}, displayname={John Doe}, objectguid={5233eabc-1111-2222-87a5-f3b0a110a44a}, useraccountcontrol={512}, objectsid={^A^E^@^@^@^E^U^@^@^@1111191>jPVU<8e>D?u}^D^@^@}, samaccountname={mySAM}, userprincipalname={[email protected]}, mail={[email protected]}

....

2023-09-18T12:28:47.163423+00:00 [WARNING] Dreitier\Ldap\Connection::findAttributesOfUser [line 415] Query 'UserQuery={principal='[email protected]',isGuid=''}' did not return any values. Does the sAMAccountName or userPrincipalName exist? Is the provided base DN valid? Is the Kerberos realm mapped

The second query should return the same result as your first query.

The Account suffix does not apply to SSO authentication, due to technical reasons.

You have two options:

1. Append the users’s UPN suffix in your webserver’s Kerberos authentication module
2. Use the filter from https://docs.active-directory-wp.com/API/Authentication.html to manually rewrite the credentials on each login:

add_filter('next_ad_int_auth_configure_credentials', function($credential) {
$credential->setUpnSuffix('your-upn-suffix.domain');
return $credential;
}, 10, 1);

@lavzza You are completely right, thank you for letting us! The docs are updated soon ??

@lavzza You are probably using PHP 7.x which is EOL since the beginning of the year. NADI requires at least PHP 8.0. So you have to upgrade to a newer PHP version.

groupsassigner.php seems to be a plug-in you have developed. You have to change the argument types from NextADInt_Adi_User to Dreitier\Nadi\User\User.

Please check out the latest version of https://github.com/NeosIT/active-directory-integration2/blob/develop/src/shared/Ldap/Connection.php – that one should fix the issue.

For reference: I am tracking this issue in https://github.com/NeosIT/active-directory-integration2/issues/186

@svaughn The last version 2.2.x has been released in 2021. Please use the recent NADI 3.0.x version.

You have to update also the whencreated / user_created_on field and set this one from time to string if the fix does not work.

If you are still experiencing this issue, I’d like to encourage you to purchase one of our plans.

@webmasterhboe Can you share your screenshot on another image service? Your website times out.

Have you tried the patch mentioned above?

Maybe WordPress has fallback to your local WordPress password which has been previously entered before NADI has been installed. You should check NADI’s debug.log. By default, NADI does not store any passwords.