schakko

– As it is just a warning and not an error it is not so dramatic.
– Please check which AD users generates the above warning. My first guess is that you are synchronizing a service account not having the required LDAP “useraccountcontrol” attribute in his LDAP object schema.

The error you described (“The username or/and email address provided already exist, or result associated, to another existent user account on our forum database.”) seems to originate from the “WP w3all phpBB” plug-in. Please get in contact with their support team as we can’t reproduce this error.

Regarding the warning: We are not able to reproduce this behavior with WordPress 4.9.x or 5.x, so my guess is that some of your other installed plug-ins interfer. Do you have any mail or user profile related plug-ins installed like BuddyPress?
Can you change the PreventEmailChange.php file so that the line 87 looks like

add_filter('send_email_change_email', '__return_false');

/* ADD */
if (!is_object($user) || !property_exists($user, 'ID')) {
  global $wp_actions;
  print_r($wp_actions['user_profile_update_errors']);
  debug_print_backtrace();
  exit;
}
/* end ADD */

//
$samAccountName = get_user_meta($user->ID, NEXT_AD_INT_PREFIX . 'samaccountname', true);

When you try to reproduce the error you should get a stacktrace and all other registered actions for the specific part of code.

Regarding the feature itself: Users who have been added manually in WordPress and have not been authenticated yet by NADI are still able to change their email address. We have adjusted the documentation accordingly.

@canadabri
Can you provide an anonymized debug.log? Without this we are not able reproduce your issue.

NADI does only support synchronization of usernames from the Active Directory to WordPress but not the password. Passwort checks are delegated to the Active Directory.

@5tu Thank you for the reply! I just took a look into it and can confirm it is a bug. I have already fixed but not released it yet. It will be fixed in version 2.1.5.

To circumvent this bug for yet, you can execute the following SQL statement by hand:

UPDATE wp_options SET option_value = ‘1’ WHERE option_name = ‘next_ad_int_bo_v_show_menu_sync_to_wordpress’ OR option_name = ‘next_ad_int_bo_v_show_menu_sync_to_ad’ OR option_name = ‘next_ad_int_bo_v_show_menu_test_authentication’;

Please note that the username (e.g. “microscopicearthling”) in WordPress is *not* sufficient for synchronizing users. You need to append your domain’s UPN suffix by using the User > Account Suffix parameter. With the parameter set, on login the UPN suffix is automatically appended (“microscopicearthling” becomes “microscopicearthling@emea.company.local”). With the full UPN NADI lookup the username inside the Active Directory.
Please also note that for security reasons your first WordPress user will never be authenticated against the AD and so won’t be synchronized during the login process.

– You should be able to log in with your user’s WordPress account who has installed WordPress originally. This user can disable NADI.
– You can move the directory wp-content/plugins/next-active-directory-integration to another folder to disable the plug-in by hand.

That being said we are not aware of any NADI issues after applying x509 certificates for TLS/SSL encryption.