Title: Next Active Directory Integration Author: neosit Published: September 7, 2016 Last modified: March 29, 2026 --- Search plugins ![](https://ps.w.org/next-active-directory-integration/assets/banner-772x250.png? rev=2517660) ![](https://ps.w.org/next-active-directory-integration/assets/icon-256x256.png?rev =2517660) # Next Active Directory Integration By [neosit](https://profiles.wordpress.org/neosit/) [Download](https://downloads.wordpress.org/plugin/next-active-directory-integration.3.2.2.zip) * [Details](https://wordpress.org/plugins/next-active-directory-integration/#description) * [Reviews](https://wordpress.org/plugins/next-active-directory-integration/#reviews) * [Installation](https://wordpress.org/plugins/next-active-directory-integration/#installation) * [Development](https://wordpress.org/plugins/next-active-directory-integration/#developers) [Support](https://wordpress.org/support/plugin/next-active-directory-integration/) ## Description _Next Active Directory Integration_ allows WordPress to authenticate, authorize, create and update users against Microsoft Active Directory. _NADI_ ist a complete rewrite of its predecessor Active Directory Integration and therefore an own plugin. You can easily import users from your Active Directory into your WordPress instance and keep both synchronized through _Next Active Directory Integration’s_ features. Even if _NADI_ is available for free we hope you purchase a plan to let us continue the work on Next Active Directory Integration. You can purchase commercial support plans at [https://www.active-directory-wp.com/shop-overview/](https://www.active-directory-wp.com/shop-overview/). The support plans give you access to our premium extensions and guarantee an ongoing development of the plug-in. #### Features * Authenticating WordPress users against one or multiple AD Server * Authorizing users by Active Directory group memberships * Managing Active Directory authentication for WordPress Multisite installations * Single Sign On with Kerberos sponsored by [Colt Technology Services](http://colt.net) and [Digital Elite](https://app.digitalelite.co.uk/) * Automatically create and update WordPress users based upon their Active Directory membership * Mapping of Active Directory security groups to WordPress roles * Protection against brute force password hacking attacks * User and/or admin e-mail notification on failed login attempts * Multi-language support (at the moment only English is included) * Determining WordPress display name from Active Directory attributes * Synchronizing Active Directory attributes and WordPress user meta information in both ways * Embed customized Active Directory attributes in WordPress user’s profile * Enable/disable password changes for local (non-Active Directory) WordPress users * Disable user accounts in WordPress if they are disabled in Active Directory. * Set users local WordPress password on first and/or on every successful login * Option to disable fallback to local (WordPress) authentication. * Support for Active Directory forest environments. * and much much more #### Premium Extensions As an owner of a valid support plan you have access to the following premium extensions: * Profile Pictures: Synchronize profile photos from Active Directory to WordPress without a 3rd party plug-in * BuddyPress profile photo: Synchronize profile photos from Active Directory to BuddyPress * Buddy Press simple attributes: Synchronize attributes from Active Directory/NADI to BuddyPress’ custom profiles * Login with Ultimate Member: Let UM users log in by using NADI * Login with WooCommerce: Let WooCommerce users log in by using NADI * WP-CLI: Execute common NADI tasks (Sync to WordPress, Sync to AD) with help of WP-CLI * Active Directory Forest: Be able to use one WordPress instance with your whole Active Directory forest environment #### Requirements * WordPress since 5.6 * PHP >= 8.2 * LDAP support * OpenSSL Support for TLS (recommended) ## Screenshots * [[ * Generic profile options * [[ * Environment options to connect to your Active Directory domain * [[ * User settings * [[ * Password settings * [[ * Permissions for authorization groups and role equivalent groups * [[ * Security * [[ * Attribute mapping from Active Directory to WordPress * [[ * Sync to Active Directory * [[ * Sync to WordPress * [[ * Logging * [[ * Extend WordPress’ user list with Active Directory information * [[ * Profile assignment in WordPress Multisite * [[ * Custom _NADI_ profile in WordPress Multisite environment ## Installation #### Requirements To install Next Active Directory Integration you need at least WordPress 5.6 and PHP 8.2. Although only tested with Apache 2.2 and 2.4 _NADI_ should work with all other common web servers like nginx and IIS. Next Active Directory Integration requires a few PHP modules to be enabled. Please verify in your `php.ini` that _ldap_ and _openssl_ are activated. ``` ; required by *NADI* extension=php_ldap.dll extension=php_openssl.dll ``` #### Important NADI requires PHP 8.2 or later. The reason is that security support for PHP version prior 8.2 have been dropped by the maintainers as you can see in the official PHP documentation http://php.net/supported-versions.php. For security reasons and in order to use NADI in 2024 we hereby politely encourage you to migrate your environments to at least PHP 8.2 until then. Thank you all for your support and understanding. Best regards, your NADI team. #### Installation **NADI** can be easily installed from the [WordPress Plugin Directory](https://codex.wordpress.org/Managing_Plugins#Installing_Plugins). It is also possible to download the latest version from [https://downloads.wordpress.org/plugin/next-active-directory-integration.zip”](https://downloads.wordpress.org/plugin/next-active-directory-integration.zip) and unpack the folder to your _wordpress/wp-content/plugins_ directory. Developers can clone the [Git Repository](https://github.com/NeosIT/active-directory-integration2) inside their _wordpress/wp-content/plugins_ directory and download the dependencies with _composer_. #### Single Site * Visit your WordPress blog and login into your WordPress dashboard as _Administrator_ * Click on the _Plugins_ in the left the navigation bar * Activate the _Next Active Directory Integration_ plug-in #### Network installation * Visit your WordPress network dashboard as _Super Admin_ * Click on the _Plugins_ link in the left the navigation bar * Activate the _Next Active Directory Integration_ plug-in. In a WordPress network installation _NADI_ should be _Network activated_. You can enable/disable _NADI_ for specific blogs by using the _Profiles_ feature of _NADI_. It is **not** possible to activate _NADI_ for a site inside a network. ## FAQ Please read the [FAQ](https://docs.active-directory-wp.com/FAQ/index.html) of our [official documentation](https://docs.active-directory-wp.com/Getting_Started.html). ## Reviews ![](https://secure.gravatar.com/avatar/c7142972c57747cd54fb6cbf370abcc02240070fecd829df777733ad68348060? s=60&d=retro&r=g) ### 󠀁[Works as intended](https://wordpress.org/support/topic/works-as-intended-241/)󠁿 [itsenaf](https://profiles.wordpress.org/gamerz36/) August 8, 2024 Thank you for your work in this plugin and make it available for us. It does excatly what I was looking for :). Maybe you add try-catch to your code, that those themes who break the monolog.logger.php will skip it. ![](https://secure.gravatar.com/avatar/ced77774a0c39bb16592835bb8c2118597ddb65bcdffa18ba46032548aa2a334? s=60&d=retro&r=g) ### 󠀁[Doesn’t work with Synology AD (SAMBA)](https://wordpress.org/support/topic/doesnt-work-with-synology-ad-samba/)󠁿 [rrinzema](https://profiles.wordpress.org/rrinzema/) January 8, 2021 5 replies Doesn’t work when using a Synology NAS as LDAP/AD server. Error: Creating adLDAP object failed. Bind to Active Directory failed. Check the login credentials and/ or server details. [AD: Strong(er) authentication required] [AD error code: 8]. or error code -1, depending on which config is chosen. Probably a Synology problem, still: too bad! ![](https://secure.gravatar.com/avatar/2ccb8b9873e411c1f53e043fbd21bf331d03e6383e2c85f98ea4ea143ece59ec? s=60&d=retro&r=g) ### 󠀁[Best LDAP Plugin!](https://wordpress.org/support/topic/best-ldap-plugin-2/)󠁿 [Lucas M](https://profiles.wordpress.org/lucasmaues/) January 16, 2020 Work for all your Active Directory login needs. Thanks! ![](https://secure.gravatar.com/avatar/e744204bfa5e7418280f2ad7e78d8f79308940de033b567bff6c483326c91c41? s=60&d=retro&r=g) ### 󠀁[The Only Choice](https://wordpress.org/support/topic/the-only-choice/)󠁿 [Paul Scollon](https://profiles.wordpress.org/scollonp/) November 22, 2019 Don’t look at any other plugin for Active Directory Integration, this is the only one worth considering by far! Easy setup, you just need to know the Base DN and stuff.. any decent IT person should be able to manage it easily. ![](https://secure.gravatar.com/avatar/a3d65dbb7c58b7892c698cf0dc222f33f6cd231c13196f29a067dedd4d7e529c? s=60&d=retro&r=g) ### 󠀁[Once you figure out your configuration, it work perfectly!](https://wordpress.org/support/topic/once-you-figure-out-your-configuration-it-work-perfectly/)󠁿 [Bernhard Kau](https://profiles.wordpress.org/kau-boy/) November 13, 2019 I had some issues finding out how to configure it correctly. I usually login with“ INTERN\john.doe”, but a format like this was not valid. I found out that I had to use “john.doe@intern.example.com” and to add the two suffixes “@intern.example.com” as well as “@example.com”. I activated the automatic user creation and all worked easily. Awesome work! ![](https://secure.gravatar.com/avatar/4265112fc355a98511f2836b465cd2f1f8ea985321109bcf1d74156141699f9c? s=60&d=retro&r=g) ### 󠀁[.](https://wordpress.org/support/topic/11258313/)󠁿 [Jacqueline](https://profiles.wordpress.org/jlkfes/) February 28, 2019 . [ Read all 15 reviews ](https://wordpress.org/support/plugin/next-active-directory-integration/reviews/) ## Contributors & Developers “Next Active Directory Integration” is open source software. The following people have contributed to this plugin. Contributors * [ neosit ](https://profiles.wordpress.org/neosit/) * [ dreitier ](https://profiles.wordpress.org/dreitier/) * [ dreitierci ](https://profiles.wordpress.org/dreitierci/) * [ schakko ](https://profiles.wordpress.org/schakko/) [Translate “Next Active Directory Integration” into your language.](https://translate.wordpress.org/projects/wp-plugins/next-active-directory-integration) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/next-active-directory-integration/), check out the [SVN repository](https://plugins.svn.wordpress.org/next-active-directory-integration/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/next-active-directory-integration/) by [RSS](https://plugins.trac.wordpress.org/log/next-active-directory-integration/?limit=100&mode=stop_on_copy&format=rss). ## Changelog For detailed information you can visit the official [GitHub repository of Next Active Directory Integration](https://github.com/NeosIT/active-directory-integration2) #### 3.2.2 * FIXED: Validation of Base DNs with PHP 8.5 fails with PPH 8.5 (#216) * CHANGED: Minimum supported PHP version is now 8.2 * CHANGED: Update to PHPUnit 11.5.55 #### 3.2.1 * CHANGED: WordPress 6.9 compatibility has been checked * CHANGED: Update to twig/twig:3.22.0 to fix security issues with Twig <= 3.19. x #### 3.2.0 * FIXED: Restore paginated user sync support for PHP >= 8.0 (#211) * FIXED: Field ‘wp_users.users_email’ does not get updated even if settings therefore are enabled (#213) #### 3.1.10 * FIXED: Lazy loading of option descriptions/title to prevent E_NOTICEs in WordPress 6.8 with debugging enabled (#209) #### 3.1.9 * CHANGED: WordPress 6.8 compatibility has been checked #### 3.1.8 * CHANGED: WordPress 6.7.1 compatibility has been checked * FIXED: Dependencies updated like PHPUnit (#201) * FIXED: E_WARNING “Undefined array key ‘HTTP_REFERER’” (#206) * FIXED: Moved loading of textdomain to init callback (#204) * FIXED: Check for false value if hostname or port contains invalid value and ldap_connect fails (#203) #### 3.1.7 * CHANGED: WordPress 6.7 compatibility has been checked * FIXED: build process for PHP 8.1 with box-project/box environment #### 3.1.6 * CHANGED: Update to twig/twig:3.14.0 to fix security issue with Twig <= 3.11.1(# 200) * CHANGED: Compatibility with upcoming version PHP 8.4 has been checked (#199) * FIXED: Fix deprecated ldap_connect signature (#198) * CHANGED: Update PHPUnit to 9.6.20 (#197) * FIXED: SQL injection in Multisite WordPress when being already authenticated as network admin (#196) #### 3.1.5 * CHANGED: WordPress 6.6 compatibility has been checked #### 3.1.4 * CHANGED: WordPress 6.5 compatibility has been checked #### 3.1.3 * CHANGED: Re-enable linter support (#189) * CHANGED: Drop PHP 8.0 support from CI (#189) #### 3.1.2 * CHANGED: WordPress 6.4 compatibility has been checked #### 3.1.1 * FIXED: Issue when Sync to WordPress disables non-existing WP user (#191) #### 3.1.0 * FIXED: Do not map mismatched objectGUIDs (#188) * FIXED: Duplicate search for user by sAMAccountName during login (#187) #### 3.0.6 * FIXED: Dreitier\Ldap\Connection::filterDomainMembers throws fatal error when invalid SID is returned (#186) * FIXED: Twig functions in default namespace conflict with other WordPress plug- ins (#185) * FIXED: Conversion of empty or string-based LDAP timestamp attributes (#184) * CHANGED: WordPress 6.3 compatibility has been checked #### 3.0.5 * FIXED: WP_MS_Sites_List_Table not found when running in Multisite (#183) #### 3.0.4 * CHANGED: WordPress 6.2 compatibility has been checked #### 3.0.3 * FIXED: Postpone stub creation in favor of other autoloaders (#181) * FIXED: Check for availability of PHP 8.0 or deactivate plug-in (#179) * FIXED: Class Dreitier\Util\Logger\LogFacade not found (#178) * FIXED: Deprecation notice with PHP 8.x for null constructor parameters of WordPressErrorException #### 3.0.2 * FIXED: Provide stub for Logger class (#177) #### 3.0.1 * FIXED: Include PHP 8.2 into test suite (#175) * FIXED: class ShowSingleSignOnLink not found (#176) #### 3.0.0 * FIXED: Usage of custom auto-loader and strauss to prevent conflicting namespaces(# 165) * FIXED: Detect and use constant NEXT_ACTIVE_DIRECTORY_INTEGRATION_ENCRYPTION_KEY to be able to change WordPress’ AUTH_SALT (#173) * CHANGED: Upgraded monolog/monolog to 2.8.0 to make NADI working with WP-Rocket(# 169) * CHANGED: PHP 8.0 runtime is now required (#170) #### 2.3.8 * FIXED: Detect and use constant NEXT_ACTIVE_DIRECTORY_INTEGRATION_ENCRYPTION_KEY to be able to change WordPress’ AUTH_SALT (#173) #### 2.3.7 * FIXED: ldap_search fails on PHP 7.4 (#171) #### 2.3.6 * FIXED: With PHP 8.1, ldap_get_entries expects an LDAP\Result instance as second parameter (#166) * FIXED: Deprecation warning when Test Authentication is triggered with PHP 8.1(# 168) * ADDED: Notification in WordPress’ plug-in page for upcoming v3 * ADDED: Compatibility with new Premium Extensions which are already using v3’s code #### 2.3.5 * FIXED: Blank configuration page with PHP >= 8.0 and missing AUTH_SALT constant(# 164) #### 2.3.4 * CHANGED: twig/twig dependency updated to 3.4.3 (#162) * CHANGED: WordPress 6.1 compatibility has been checked * ADDED: deprecation warning for the PHP 7.x branch #### 2.3.3 * CHANGED: “master” branch has been replaced with “main” branch. * ADDED: lifecycle hooks after the authentication has succeeded, so Wordfence can be used (#160) * CHANGED: WordPress 6.0 compatibility has been checked #### 2.3.2 * FIXED: Critical WordPress error if a matching profile for SSO authentication can not be found (#152, NADISUP-7) * FIXED: Uncaught TypeError when checking userAccountControl attribute (#151) * FIXED: For specific Active Directory forest structures, the NETBIOS name can not be resolved during verification of the credentials (#153, NADISUP-8) * ADDED: Option for specifying a custom login page URI; special thanks to GitHub user _czoIg_ for contributing this functionality (#154) #### 2.3.1 * CHANGED: WordPress 5.9 compatibility has been checked * REMOVED: CI testing support for PHP 7.3 as mentioned in README.md #### 2.3.0 * FIXED: when a user can not be found by email address, findByProxyAddress returns false. Configured _Sync to WordPress_ credentials are still required for logging in with email addresses. (#146) * FIXED: when using SSO-based logins, the “Exclude usernames from authentication” option still applies (#142) * ADDED: hooks for checking if NADI’s authentication applies for a given username(# 142) * CHANGED: WordPress 5.8.1 compatibility has been checked * CHANGED: WordPress 5.8.2 compatibility has been checked * REMOVED: Parameter $useLocalWordPressUser in NextADInt_Adi_Mail_Notification (# 135) * REMOVED: Option ‘Automatic user creation’. This option has been implicitly enabled for all installations and is no longer required (#134) * CHANGED: PHP 8.1 compatibility has been checked; Twig has to be updated with the next release (#148) #### 2.2.3 * FIXED: Sync to WordPress fails if user is no longer present in Active Directory(# 141) #### 2.2.2 * FIXED: Boolean options can’t be persisted correctly with 2.2.1 (#140) #### 2.2.1 * FIXED: Missing meta_key “domainsid” results in TypeError or NextADInt_ActiveDirectory_Context:: isMember (#133) * FIXED: Warning: Trying to access array offset on value of type null (#139) #### 2.2.0 * ADDED: Kerberos principals are no longer treated as userPrincipalNames (ADI-715) * ADDED: When using Kerberos SSO principals, you can map the Kerberos realm to multiple UPN suffixes (requires _Active Directory Forest_ premium extension) ( ADI-715) * ADDED: When using NADI in an AD forest, you can now specify all SIDs of the connected domains (requires _Active Directory Forest_ premium extension) (ADI-715) * FIXED: When using a Global Catalog (GC), users with same sAMAccountName but different userPrincipalNames are not assigned correct during authentication (NADIS-133) * FIXED-SECURITY: Users with same UPN prefix and password but different UPN suffix would be logged in with the wrong account (ADI-716) * CHANGED: WordPress 5.6.1 compatibility has been checked * CHANGED: WordPress 5.7 compatibility has been checked * CHANGED: PHP 8.0 compatibility has been added (ADI-718, #132, #137) * FIXED: Deprecation warning when trying to send mail notification for blocked users (ADI-719) * FIXED: Option “Blog admin sets the option value.” had no effect in Multisite environments (#124) * DEPRECATION-WARNING: For the upcoming release 2.3.0 we will remove “Internal password migration” (#136), “Automatic user creation” (#134) and “Email address conflict handling” (#133) * DEV: Slightly transition new issues to GitHub instead of internal Jira #### 2.1.12 * ADDED: allow self signed certificates (#107) * CHANGED: notices for minimum PHP version 7.2 due to EOL of PHP 7.1 * FIXED: Test compatibility with latest stable PHPUnit version * FIXED: PHP 7.4 compatibility and deprecation of some ldap_* functions (#127) * FIXED: various typos and formatting errors in the administration user interface * ADDED: hook for triggering Sync To WordPress and Sync To AD (ADI-526) #### 2.1.11 * CHANGED: Tested compatibility with upcoming version 5.4 of WordPress #### 2.1.10 * CHANGED: minimum PHP version to PHP 7.2 due to EOL of PHP 7.1 * CHANGED: Twig version updated to 1.41.0 (ADI-707) * FIXED: When a non-existing user inside in WordPress authenticates in a multisite environment the first time, a warning is triggered (ADI-705) * FIXED: A deleted user from Active Directory is mapped to the wrong user in WordPress; thanks to _T. Kowalchuk_ (ADI-702) * FIXED: PHP warning if user is deleted from Active Directory (ADI-701) * FIXED: PHP error if touching of log file failed * FIXED: “-DISABLED” suffix is added everytime a user is synchronized (ADI-697, NADIS-110) * ADDED: hook next_ad_int_user_before_disable (ADI-699) * FIXED: curly brace access (#119) #### 2.1.9 * ADDED: Premium extension [WP-CLI](https://active-directory-wp.com/premium-extension/) to execute “Sync to WordPress/AD” with wp-cli to circumvent webserver/proxy timeouts( NADIS-98) * ADDED: option to disable SSO when using XML-RPC (ADI-679, NADIS-92) * FIXED: when changing the sAMAccountName or userPrincipalName in the AD a new user would have been created in WordPress (ADI-688, NADIS-89) * FIXED: Ultimate Member premium plug-in no longer works with new NADI version ( ADI-687, NADIS-96) * FIXED: bug in adLDAP library; when LDAPS is enabled a custom port would not have been applied (ADI-690, NADIS-94) * ADDED: hook next_ad_int_user_create_email which is executed when “Duplicate email prevention” is set to “Create” (ADI-691) * FIXED: various issues with “Duplicate email prevention”; refactored logic (ADI- 691) * FIXED: NADI got disabled when using any WP-CLI command (ADI-692) * ADDED: logging configuration can be set with filters (ADI-693) #### 2.1.8 * FIXED: compatibility issues when using the Woffice theme (ADI-659) * FIXED: missing email parameter when creating users; thanks to _nefarius_ (#74, ADI-615) * FIXED: an issue with the ‘Prevent email change’ option, https://wordpress.org/ support/topic/new-user-creation-error/; thanks to _mlipenk_ (ADI-670) * ADDED: new hook to hide the ‘Log in using SSO’ option, https://wordpress.org/ support/topic/remove-link-log-in-using-sso-on-login-page/; thanks to _vyatcheslav_( ADI-672) * FIXED: refactored post authentication logic into separate services (ADI-671, ADI-673) #### 2.1.7 * FIXED: the hooks auth_before_create_or_update_user and auth_after_create_or_update_user were not registered so the SSO authentication always failed silently (ADI-668) #### 2.1.6 * FIXED: custom authentication filters were not registered properly and this fixes SSO related issues (ADI-665) * FIXED: test authentication will now properly check for authorization groups again #### 2.1.5 * FIXED: replaced all references to the deprecated each-function with foreach ( ADI-628) * FIXED: authorization groups will now properly prevent users from logging in, https://wordpress.org/support/topic/authorization-groups-not-working/; thanks to _shmew22_, _pokertour_ (ADI-664, #92) * FIXED: the menu-visibility options were missing inside the profile-tab, https:// wordpress.org/support/topic/menu-items-missing-3/; thanks to _5tu_ (ADI-663); * ADDED: 2 new filters to allow for custom validation during the authentication process; thanks to _Destabilizator_ (ADI-657, #89) #### 2.1.4 * FIXED: isUserAuthorized() prevented login for users successfully authenticated via SSO at Active Directory due username was passed instead of guid * FIXED: HelperTabs not opening anymore due bootstrap css .hidden class overwrites WordPress css .hidden class * FIXED: verify connection input and button share the same element ID causing a DOM error in the browser console log * ADDED: SSO Username variable helper tab content now contains a table including all supported variables and their current $_SERVER values #### 2.1.3 * ADDED: added message on the profile configuration page to inform customers about end of PHP version <7.1 support * ADDED: json response for “Sync to WordPress” triggered via powershell * ADDED: improved logging in within the Connection.php class * ADDED: missing German translations * ADDED: PHP_AUTH_USER to SSO username variables * FIXED: app.config and password.controller.config being flagged by customer firewalls/ security plugins which resulted in them not being loaded properly (renamed them) * FIXED: redirect to target site not working properly after being authenticated via NADI SSO * FIXED: isUserAuthorized() not working properly with UPNs * FIXED: “Set local Password” not working if “Automatic user update” was enabled at the same time * FIXED: “Overwrite with empty value” not working anymore #### 2.1.2 * FIXED: NTLM authentication not working if samAccountName of a user does not match the part of the UPN in front of the suffix * REMOVED: NADI support license nag message on WordPress plug-in page #### 2.1.1 * ADDED: proxy address login; special thanks to _nedwidek_ for contributing this functionality (#59) * ADDED: profile picture ad attributes to the ad attributes dropdown at the ad attributes configuration page * ADDED: claims based authentication; special thanks to _rgottsch_ for contributing this functionality (#44) * ADDED: new option to decide if you want to grant smart card users access to the WordPress environment * ADDED: links to the specific documentation pages for each configuration page * ADDED: powershell script to trigger “Sync to WordPress” and “Sync to AD”; special thanks to _nemchik_ for contributing this (#64) * FIXED: it is now possible to enter an empty base dn (#49) * FIXED: adjusted base DN description * FIXED: typo in LoginService.php (#59) * REMOVED: whitespaces inside the rendered curl and wget tags * REMOVED: old code that caused an warning with PHP 7.2.0 changes to count() and sizeOf() #### 2.1.0 * ADDED: NADI is now using Monolog for everything related to logs * ADDED: added a button to manually persist “Logging” configurations * FIXED: user attributes are now correctly logged * FIXED: fixed a problem where the port configuration for LDAPS was not used * FIXED: updated twig to the latest 1.x version. (2.x requires >= PHP 7.0.0) * ADDED: debug logs messages will be not displayed in the frontend log anymore in order to prevent an overflow * ADDED: dummy logger in order to prevent outdated premium extensions from crashing * REMOVED: removed log4php from NADI #### 2.0.14 * ADDED: added frontend information banners for NADI premium extensions * ADDED: added frontend information about why “Sync to WordPress” can not be started * FIXED: members of not mapped security groups will now receive the default role“ Subscriber” * FIXED: “Clean existing Roles” is now default set to false * ADDED: added new style for configuration page * FIXED: fixed some style issues * ADDED: added logic to determine if a NADI option already exists in the DB to prevent the problem saving options with default value true * ADDED: added detailed log on which UAC flag is responsible for users not being imported * FIXED: fixed logs destroying the user profile while trying to update a user profile/ also caught exception * FIXED: fixed template conditions causing problems in Microsoft Edge #### 2.0.13 * FIXED: switched from mcrypt to defuse/php-encryption * FIXED: decoupled password update from user update to allow for automatic password updates without ‘auto update user’ set to true * FIXED: marked brute force protection deprecated * FIXED: minor bugs when using ldap over ssl * ADDED: sync to ad now uses the GUID for synchronization * FIXED: verify domain controller connectivity before incrementing brute force protection counter * FIXED: custom attributes inside the user profile will prioritize the custom description; thanks to _mzemann_ * FIXED: changed the look of Sync to AD, Sync to WordPress and Test authentication * ADDED: added row to users list for premium extension (custom user role management) * FIXED: added the complete dirname when using require_once inside index.php (# 47) #### 2.0.12 * ADDED: internationalization for all plugin strings, see https://translate.wordpress. org/projects/wp-plugins/next-active-directory-integration (ADI-432, ADI-436) * FIXED: roles are now mapped using the GUID instead of sAMAccountName (ADI-428) * ADDED: option for preventing disabled users to be synchronized to WordPress ( ADI-223) * ADDED: validation for Base DN * FIXED: problem when sending brute force protection notifications via email (ADI- 464) * FIXED: non NADI users being blocked by the brute force protection * FIXED: brute force protection now checks for the whole username (ADI-424) * FIXED: updating user profiles without bind user (ADI-439) * FIXED: countdown for brute force protection (ADI-456) #### 2.0.11 * ADDED: NTLM support for SSO (sponsored by Vogels – www.vogels.com) * ADDED: implementation of hooks to provide an API (ADI-145) * ADDED: premium extensions available for support license subscribers * ADDED: log reason for not being able to increase max_execution_time (ADI-396) * ADDED: log message that AD security group could not be found (ADI-397) * ADDED: improve logging number of users to import from AD to WordPress (ADI-414) * FIXED: synchronization does not work b/c getDomainSid returns “S-0” (ADI-412) * FIXED: “Test authentication” does not allow characters like a backward slash ( ADI-421) * FIXED: permanent redirects after successful authentication (ADI-422) * FIXED: error “the current user is being initialized without using $wp->init()” when using BuddyPress (ADI-416) * FIXED: blocking of users with long user names (ADI-330) * FIXED: get_blog_details replaced with get_site to maintain compatibility with WordPress 4.7+ (ADI-419) * FIXED: restrict output of debug LDAP user information to only an amount of characters( ADI-420) * FIXED: Sync to WordPress: default WordPress role “Subscriber” is not assigned( ADI-401) * FIXED: Users with admin role granted by WordPress lose their role when logging into the site for the first time (ADI-380) #### 2.0.10 * ADDED: option to enable/disable authentication using XML-RPC * FIXED: reworked user interface * FIXED: sync ends after deleted account is no longer present in Active Directory * FIXED: integration tests * FIXED: emails will not be sent to administrators; thanks to _kyleflan_ (#27) * FIXED: users can now be disabled from WordPress * ADDED: HTTP_X_REMOTE_USER is now an option in the SSO configuration; thanks to _laughtonsm_ (#29) #### 2.0.9 * FIXED: add missing default value for method parameter #### 2.0.8 * FIXED: remove PHP 5.6 code; thanks to _requincreative_ (#22) #### 2.0.7 * ADDED: custom user roles can be used in “Role equivalent groups” * ADDED: the logger is disabled by default (and can be enabled inside the configuration) * ADDED: log file path can be configured (default is wp-content/plugins/next-active- directory-integration/logs/debug.log) #### 2.0.6 * FIXED: show activation notice only after activating this plugin (https://wordpress. org/support/topic/activate-plugin-notification-bug/); thanks to bobchou9 * FIXED: SSO/verify-password errors by un-quoting values in $_GET/$_POST/$_SERVER. WordPress quotes all entries in $_GET/$_POST/$_SERVER automatically; thanks to plantjes (#20) #### 2.0.5 * FIXED: check if AD result is not empty before accessing distinguished name; thanks to petterannerwall (#16) * ADDED: optional support for Down-Level User Name (like TEST\klammer) (#18) #### 2.0.4 * ADDED: make log pattern configurable (https://wordpress.org/support/topic/please- add-timestamps-to-the-debug-log-file/); Thanks to tmuikku #### 2.0.3 * FIXED: brute force protection is now be disabled; thanks to Munnday (David Munn)(# 14) * FIXED: the max count of login tries and the block time are now editable #### 2.0.2 * FIXED: SSO caused a PHP error during login; thanks to Jason Taylor and Munnday( David Munn) (#13) #### 2.0.1 * FIXED: missing german translation #### 2.0.0 * ADDED: support for WordPress Multisite through profiles * ADDED: Profiles can be customized, including the permission of every option * ADDED: support for PHP7 * ADDED: detailed documentation at https://www.active-directory-wp.com/docs/Getting_Started. html * ADDED: experimental support for multiple Active Directory domains; see FAQ * ADDED: easier handling and description of encryption methods for LDAP * ADDED: additional columns in Multisite overview for networks and users * ADDED: user names can be explicitly excluded from authentication * ADDED: menu entries of _Next ADI_ can be hidden * ADDED: _Next ADI_ can be disabled per Multisite site environment * CHANGED: large user interface improvements * CHANGED: complete rewrite of the PHP backend * CHANGED: userPrincipalName is leading attribute for user identification instead of sAMAccountName * FIXED: Role Equivalent Groups can be mapped to multiple WordPress roles instead of only one * and much much more we can not list here. Please take the time and read the official documentation 🙂 #### 1.x (Active Directory Integration) * deprecated and no further development ## Meta * Version **3.2.2** * Last updated **2 weeks ago** * Active installations **2,000+** * WordPress version ** 5.6 or higher ** * Tested up to **6.9.4** * Tags * [active directory](https://wordpress.org/plugins/tags/active-directory/)[authentication](https://wordpress.org/plugins/tags/authentication/) [ldap](https://wordpress.org/plugins/tags/ldap/)[sso](https://wordpress.org/plugins/tags/sso/) [windows](https://wordpress.org/plugins/tags/windows/) * [Advanced View](https://wordpress.org/plugins/next-active-directory-integration/advanced/) ## Ratings 4.8 out of 5 stars. * [ 15 5-star reviews ](https://wordpress.org/support/plugin/next-active-directory-integration/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/next-active-directory-integration/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/next-active-directory-integration/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/next-active-directory-integration/reviews/?filter=2) * [ 1 1-star review ](https://wordpress.org/support/plugin/next-active-directory-integration/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/next-active-directory-integration/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/next-active-directory-integration/reviews/) ## Contributors * [ neosit ](https://profiles.wordpress.org/neosit/) * [ dreitier ](https://profiles.wordpress.org/dreitier/) * [ dreitierci ](https://profiles.wordpress.org/dreitierci/) * [ schakko ](https://profiles.wordpress.org/schakko/) ## Support Issues resolved in last two months: 1 out of 1 [View support forum](https://wordpress.org/support/plugin/next-active-directory-integration/) ## Donate Would you like to support the advancement of this plugin? [ Donate to this plugin ](https://active-directory-wp.com)