For our multisite environment, the 0.6 version of the ADAI plugin came at just the right time. We are getting ready for a fall launch of our WordPress environment at Princeton, and as soon as I upgraded to 0.6, everything worked like a charm, including SSL.
We do have a fringe issue. This issue won't prevent us from using the plugin. This might be too unique of a problem to justify a change to the plugin, but I thought that I would explain the issue we are having to see if a workaround was possible.
We have an organizational unit within our directory, in which all of the uid values are email addresses. These are part of our guest account system for provisioned users outside of our university. All Princeton users have a normal uid, for example, mdmuzzie (me). An example guest account user might log in as email@example.com (also me).
For our normal AD accounts, the uid is the same as the sAMAccountName. For my example guest account, the uid is firstname.lastname@example.org but the sAMAccountName is guest100000000002032.
I already added a filter to the wpmu_validate_user_signup function in ms-functions.php to allow the period and the @ sign, so I was able to manually add my test guest user to the system. However, that user cannot authenticate, and gets the debug message "... Authentication failed  Storing failed login for "email@example.com"
For all users, authentication does not work at all unless I configure ADAI to "Append account suffix to AD usernames before being validated," using the string "@pu.win.princeton.edu"
So what I suspect is happening is that the test user is being sent to AD as
What I think might solve this would be an alternate option to "Prepend account prefix to AD usernames before being validated" (instead of the suffix). Then I could use the string "PRINCETON\"
In our other systems PRINCETON\firstname.lastname@example.org authenticates just fine.
Does this make sense, or is there a simpler workaround? Are we unique in our use of @ signs in guest usernames?