tobi823

Hi,

I think that an other plugin causes a conflict. On my WordPress instance (with only the NADI plugin) it works:

curl –data “next_ad_int-task=sync-to-wordpress&auth-code=Sr3wC7FbOgMoedhZBp5W” https://localhost/wordpress47m/wp-admin/admin.php

[INFO ] Start of Sync to WordPress <br />[INFO ] LDAP connection is *not* encrypted <br />....

Can you try to trigger the “Sync to WordPress” with:
wget –post-data “next_ad_int-task=sync-to-wordpress&auth-code=MYAUTHCODE” https://MYSERVER.COM.AU

or with:
wget –post-data “next_ad_int-task=sync-to-wordpress&auth-code=MYAUTHCODE” https://MYSERVER.COM.AU/wp_login.php

?

• This reply was modified 7 years, 10 months ago by tobi823.

I can confirm that this is a bug.

Each login with an non-ADI-user (expect for the first user, who created the wordpress instance) counts as a login without the right password.

After the 3th login of an non-ADI-user, the “Brute Force Protection” will prevent further logins.

To reset every blocked user, delete every entry starting with “next_ad_int_fl_” inside the database table wp_sitemeta (for MultiSite installations) or wp_options (for normal SingleSite installations)

Or delete the entries for your account:
next_ad_int_fl_la__[sha1(“your username”)]
next_ad_int_fl_bt__[sha1(“your username”)]

For the user “aaaa”, the entries look like:
next_ad_int_fl_la__70c881d4a26984ddce795f6f71817c9cf4480e79
next_ad_int_fl_bt__70c881d4a26984ddce795f6f71817c9cf4480e79

I am currently reproducing the problem.

If it is urgent, you can delete the “next-active-directory-integration” folder from …/wp-content/plugins via (s)ftp. This will remove the plugin from WordPress and keep the plugin data in the database.

In a multisite environment, the plugin will prefer the options from the site and not from the profile.

For example:
You create the profile P1, add the account suffix “@test.ad” and link this profile to the site S1.
But in the configuration for the site S1, you add no account suffix (wordpress/s1/wp-admin/admin.php?page=next_ad_int_blog_options).
When you try to login on S1, the plugin will use no account suffix.

You can change this behavior in your profile options.
Simply use a different “Manage permission” value for the option. Instead of “Blog admin sets the option value.” use “Deactivated and option value shown.”, “Deactivated and option value not shown.” or “Input field is invisible”.

I think, the preference of the site options is not intuitive. We will discuss this problem internally.

• This reply was modified 7 years, 10 months ago by tobi823.
• This reply was modified 7 years, 10 months ago by tobi823.

Hi @tcwaters,

it seems that we forget to add this log message. We will fix this next week. If you need this log message now, you can add

$this->logger->info(“User $username is meber in groups: ” . print_r($securityGroups, true));

to wp-content/plugins/next-active-directory-integration/classes/Adi/Role/Manager.php line 59.

Hi emuller,

is it possible, that this issue is caused by an other plugin? Next ADI does not work with https://de.www.ads-software.com/plugins/wps-hide-login/ because this plugin change the url to the login page.

Hi shadynicnack,

sorry for the late response (I forgot to active “Notify me of follow-up replies via email). The fix version is already uploaded. Please contact me if the problem still exists.

• This reply was modified 8 years, 2 months ago by tobi823.

https://github.com/NeosIT/active-directory-integration2/issues/22

Does your password contains special character like ‘ or \ ?

If yes, then I found your bug (https://github.com/NeosIT/active-directory-integration2/issues/20) and I will upload the fix version as soon as possible.

• This reply was modified 8 years, 2 months ago by tobi823.

Is it possible, that these users are disabled in the Active Directory or need a Smart card for login?

Hi bobchou9,

I have fixed the bug and I will upload the new version tomorrow (hopefully).

Hi wardy277,

I have found a bug which might cause this error message.

When the apache returns your username like “TEST\klammer”, wordpress escapes it (https://github.com/WordPress/WordPress/blob/master/wp-includes/load.php#L653). Next ADI gets the username “TEST\\klammer” and is not able to find the user “TEST\klammer”.

I have already fixed is bug. Hopefully I can upload the fixed version tomorrow.

Hi bobchou9,

I hope that we are able to implement this feature this week. You can track the development progress at https://github.com/NeosIT/active-directory-integration2/issues/21. We work as fast as we can ??

Hi tmuikku,

I add the “Allow Down-Level Logon Name for login” feature to version 2.0.5. Can you enable it and check if your problem is now solved?

I will add support for the Down-Level Logon Name (like TEST\klammer). I dont recommend this option (which is disabled by default and can be enabled) because the Down-Level Logon Name is not unique and can cause problems. The Next ADI administrator have to make sure, that nobody has an already used Down-Level Logon Name/pre-Windows 2000 user logon name.

I will update the plugin as soon as possible.

• This reply was modified 8 years, 2 months ago by tobi823.