Support » Plugin: Next Active Directory Integration » Synch group members from AD

  • After installing NEXT AD Integration Plugin and successfully configuring AD integration, tried to synch a custom AD Group. The log shows the user group contains no members:
    [INFO ] Start of Sync to WordPress
    [INFO ] LDAP connection is encrypted with “starttls”
    [INFO ] In group ‘TestAD’ are 0 members.
    [INFO ] Number of users to import/update: 10 (0 seconds)
    … then successfully update attributes of users that were already credeted manually by logging in with their AD credentials.
    I tried to change the group location to be in the same OU as specified in Environment/Base DN, didn’t make any difference.

Viewing 15 replies - 1 through 15 (of 21 total)
  • Plugin Author FatSquirrel

    (@fatsquirrel)

    Hey vsrybnyy2016,

    the root cause of your problem seems to be the group you are trying to import. The group TestAD has no members and the users can not be imported. Try to check if the group actually contains users by editing your ad.

    As long as it says, there are 0 members in the TestAD group, no users will be imported.

    Please let us know, if your issue continues to cause problems.

    Hi,

    I am experiencing the same issue as above but there are definitely members in the group(s) I’m referencing. Individual users I’ve logged in manually (using their AD credentials) work OK.

    The output log says:

    [INFO ] Start of Sync to WordPress 
    [INFO ] LDAP connection is *not* encrypted 
    [INFO ] In group 'All Staff' are 0 members. 
    [INFO ] In group 'ICT ServiceDesk' are 0 members. 
    [INFO ] In group 'id:513' are 0 members. 
    [INFO ] In group 'TestGroup' are 0 members. 
    [INFO ] Number of users to import/update: 4 (1 seconds) 

    In “All Staff” I have over 700 users (all within the base DN).

    (The 4 users mentioned at the bottom are ones I’ve logged in manually)

    Any ideas?

    I think I have identified the issue in our case.

    The command $this->getDomainSid() is returning “S-0” for us, but our user object Sids are “S-1-*”. This is causing a step in the process to filter these users out which is why all groups are being reported as having zero members. Manually setting $siteDomainSid to be “S-1” has allowed a test group to be processed.

    We do have a legacy trusted domain but the server (and all our users) are on the same domain so I’m not sure of the mismatch here.

    Hello,
    i have the same issue . can you just tell me how do you set $siteDomainSid “S-1”.

    Regards

    Hi all,

    @dantefs – I am having the same issue, but cannot locate $this->getDomainSid(), where is it being called?

    @author – are you able to clarify if this is a plugin error or user error?

    Many thanks,

    Kyle

    Plugin Author schakko

    (@schakko)

    We have to a look at this in the next weeks. I can not reproduce this error on the fly in our environment. Would you re-verify your AD connection settings to see if or if not the domain SID is set?

    i find it ..
    it’s in the file domainsid.twig ..
    wich is in C:\wamp\www\wp-content\plugins\next-active-directory-integration\views\option\element

    hope it’s help you …

    @schakko – reverified and get this:

    WordPress Site is currently connected to Domain: S-0

    The file above seems not to be the qood one…

    for @schakko :

    Yes it’s write : WordPress Site is currently connected to Domain: S-0

    Plugin Author schakko

    (@schakko)

    @kyleabailey That is … interesting. Can you verify that your administrator account you use for the verification process has a valid SID? You can issue the following command to get the object SID of the Administrator

    dsquery * -filter (samAccountName=Administrator) -attr ObjectSID

    Is this what you were wanting to see? Apologies, but I’m not an expert in AD!

    dsquery * -filter (samAccountName=intranet) -attr ObjectSID
      ObjectSID
      S-1-5-21-153560078-3546688951-4114284364-10588
    • This reply was modified 4 years, 4 months ago by kyleabailey.
    Plugin Author schakko

    (@schakko)

    That was what I asked for, thank you 🙂
    This is the response I had expected. I will take a deeper look into this contemporary.

    I actually edited my file “Connection.php” (in \wp-content\plugins\next-active-directory-integration\classes\Ldap) and added (at line 568)
    $siteDomainSid = "S-1";

    There may be a more elegant way of achieving the same thing, but this worked for me.

    No problem, let me know if there is anything I can do to help.

    Thanks,

    Kyle

    Plugin Author schakko

    (@schakko)

    Ok guys, I took a deeper look into this. I could reproduce the issue if the Active Directory account has no UPN suffix assigned.

    e.g.:

    – NADI configuration
    — AD username: intranet@my.ad
    — AD password: $my_password
    – AD configuration
    — sAMAccountName: intranet
    — userPrincipalName: intranet
    — UPN suffix: <empty>

    The authentication works but NADI can not resolve the AD attributes of the intranet@my.ad account as the userPrincipalName does not exist.

    Solution: In the “Active Directory User and Computer MMC” > “Account” > “User logon name”: Make sure, that the first box (User logon name) contains your username (“intranet”) and in the second select list behind your UPN suffix is selected (“@my.ad”).

    Let me know if this worked.

Viewing 15 replies - 1 through 15 (of 21 total)
  • The topic ‘Synch group members from AD’ is closed to new replies.