schakko
Forum Replies Created
-
Hey guys, I’ve checked the behavior and I am unable to reproduce the issue. If you have a support plan, you can send a support ticket so we can move forward to check your production system.
Forum: Plugins
In reply to: [Next Active Directory Integration] Usage of another URL for custom loginHi Klaus,
you can use a custom filter as described at https://active-directory-wp.com/docs/FAQ/How_to_trigger_authentication_for_custom_URL.html 🙂Forum: Plugins
In reply to: [Next Active Directory Integration] How to use “userPrincipleName”?userPrincipalName is not automatically populated but you can just enter the attribute in the dropdown list – the list editable.
Hi @svaughn,
Due to the inner workings of NADI you can not easily copy a multi-site instance to a single-site instance. You have to update your NADI configuration settings in the single site, specifcally the “Permissions > Authorization group(s)” (https://active-directory-wp.com/docs/Configuration/Permissions.html.
As this way of migration is not supported, I am setting this post as “not a support question”. If you have a purchased Enterprise support license, please upon a ticket so we can work the next steps out.
Can you confirm that this happened with the latest version? The behaviour of the login process did not change. Maybe some other plug-in (m/b WooCommerce?) could have caused this.
Forum: Plugins
In reply to: [Next Active Directory Integration] How to use “userPrincipleName”?Hi @cwolff,
please try this out in a test environment:– Do a database backup
– You can remap the existing entries by issuing an SQL statement similar to
UPDATE wp_user u LEFT JOIN wp_user_meta m ON u.ID = m.user_id SET u.user_email = m.meta_value, u.user_login = m.meta_value WHERE m.meta_key = 'next_ad_int_userprincipalname'
– Disable (User > Use sAMAccountName for newly created users” (https://active-directory-wp.com/docs/Configuration/User.html)See https://active-directory-wp.com/docs/Configuration/Security.html:
— snip —
If enabled it is possible to authenticate by NADI imported users against the Active Directory using the XML-RPC interface. This means you can use a WordPress client like Open Live Writer to create posts on your WordPress site using NADI users. We also implemented this feature to secure that no one is able to use the WordPress XML-RPC interface to brute-force your Active Directory users. After the amount of failed login attempts has been reached, NADI will deny XML-RPC authentication request for the set amount of time. If you do not activate this option NADI will deny all XML-RPC authentication requests for NADI users.
— snap —Hi Alexander,
there is no additional plug-in required. You have to check your configuration. Please read the documentation at https://active-directory-wp.com/docs.You’ll have to check both logs.
– Is your WordPress instance a multisite instance?
In the debug.log there should something like
– “Looking up SSO profile by NETBIOS name for credential…”
– or “Looking up SSO profile by Kerberos realm for credential..”
– or “Looking up SSO profile by UPN suffix fallback for credential..”and after that “Profile match: “.
This is the interesting part.@florianbad Please check the error logs again. As I previously stated, there is no correlation between NADI’s “Sync to WordPress” feature and the SSO functionality.
@florianbad That’s good to hear 🙂
Ah okay, this is already tracked at https://github.com/NeosIT/active-directory-integration2/issues/141 and fixed in 2.2.3 which is planned to be released tomorrow 😉
@florianbad It depends upon your webserver enviroment. You can look into Apache’s error_log or a custom log configured for PHP-FPM.
@florianbad The error log you had posted in first post has no (atleast should not have) correlation to the “Sync to WordPress” feature. Can you check the PHP error log again?
– Are you using Kerberos/SSO?
– Is your WordPress instance a multisite instance?In the debug.log there should something like
– “Looking up SSO profile by NETBIOS name for credential…”
– or “Looking up SSO profile by Kerberos realm for credential..”
– or “Looking up SSO profile by UPN suffix fallback for credential..”and after that “Profile match: “.
This is the interesting part.