Guide to Setup Advance Sync Addon

Overview

The Advance Sync add-on for WordPress automatically imports and synchronizes LDAP/Active Directory users with your site. This automation saves time and effort, ensuring your WordPress users are always up-to-date without the need for manual updates. Additionally, any password changes within WordPress are automatically reflected in LDAP or Active Directory, enhancing both security and convenience.

With the WordPress and BuddyPress add-on, Advance Sync also synchronizes user profile pictures between your LDAP Server or Active Directory and WordPress profiles. This feature ensures visual consistency, improving the overall user experience. Explore how Advance Sync can simplify your user synchronization between LDAP and WordPress.

Prerequisites:

• LDAP/Active Directory Login for Intranet Sites premium plugin needs to be installed and configured. [Setup Guide]
• A secure LDAP (LDAPS) connection should be established. Click Here to set up a secure LDAP (LDAPS) connection if not already configured.

Advanced Sync Features:

• Synchronize LDAP Users: Import/export and synchronize LDAP/ Active Directory users.
• Custom Search Filter: The custom search filter field provides a way to filter your LDAP users based on their LDAP attribute value. It includes LDAP Object Type, Username Attribute, and optional LDAP attributes on which you want to restrict / sync users. Ex: The below search filter synchronizes only users that belong to MyGroup in LDAP. (&(ObjectClass=user) (username=?) (memberof=cn=MyGroup, ou=MyOU, dc=yourdomain, dc=com)).
• Delete users from WordPress: If a user is deleted from the LDAP / Active Directory, one of the following two operations can be performed: Delete the users automatically from WordPress if the respective users are no longer present in the LDAP / AD. Update the role of the user in WordPress if the respective user is deleted in the LDAP / AD.
• Update LDAP User Profiles: When a user updates their information on the WordPress site, such as their name, email address, or password, the changes will be automatically reflected in the Active Directory/LDAP as well.
• Automatic user creation in LDAP/AD: Register new users in the Active Directory/LDAP Server when the new users register on the WordPress site.
• Auto-update user groups upon role change: Add or Remove users from specific LDAP groups when the user's WordPress role is changed/updated. Ex: When an administrator assigns a different role to a user on the WordPress site, such as from "subscriber" to "editor," the add-on will automatically update the user's group membership in the Active Directory/LDAP to reflect the new role.
• Schedule the user sync: Automatically synchronize users at a specific time interval. Forex: You can set intervals for Active Directory Sync / LDAP Sync as hourly, daily, or twice a day.
• Password Sync With LDAP Server: Automatically update the user's password in the LDAP server / Active Directory whenever a user changes or resets their password in WordPress.

Download and Install:

• Login to your miniOrange account to download the LDAP Premium Plugin and Sync Users LDAP Directory Add-On.

• Once you log into your miniOrange admin console, Navigate to License >> Manage Licenses >> Releases and Downloads. Click on the Download Plugin button to download the Intranet Premium Plugin and the Add-on.

• Once the plugin and add-on are downloaded, Go back to your WordPress site. Go to Plugins >> Add New.

• Click on the Upload Plugin button, and choose the .zip file of the Plugin and install the miniOrange LDAP Advance Sync Add-On.

• After installing the add-on, activate it from your Plugins page.

• Once the add-on is activated, it will be available on the WordPress Dashboard.
• Click on the Advance Sync add-on in the left-hand panel on the WordPress admin dashboard.

Configuration Steps:

Step 1: LDAP Sync Configuration:

Configure LDAP to WordPress Sync:

• Go to LDAP Sync Configuration Tab >> Configure LDAP to WordPress Sync section to configure the sync settings.
• Use the Search base and Search filter from the LDAP/AD Login for Intranet Plugin: Enabling this option allows the use of Search Base and Search Filter fields which have already been configured in the LDAP/AD Login for Intranet premium plugin.
• Search Base: This node in the LDAP tree is the starting point for the Sync Users LDAP Directory add-on. From here, the add-on will search for LDAP users to import or update in WordPress.The example below would allow importing LDAP Users present in the ou called "LDAPUsers".
  For example, if you want all users in the OU called "LDAPUsers", in the domain called "domain.com" to be automatically imported to WordPress, you could specify the Search Base as follows: ou=LDAPUsers,dc=domain, dc=com.
• Search Filter: The search Filter field provides a customized way to filter your users based on different parameters.
  Ex: If you want to filter only active AD users then you can use the below search filter: (&(objectClass=user)(objectCategory=person)(sAMAccountName=?)(!(userAccountControl=514))(!(userAccountControl=546))(!(userAccountControl=66050))(!(userAccountControl=66082))).
• Username Attribute: Enter any LDAP attribute that will be used to create a username in WordPress (for ex: cn, samaccountname).
• LDAP to WP Sync Frequency: Select the time interval at which you want to schedule the sync from your Active Directory/LDAP Server to your WordPress website.
• Unsync WordPress Users not present in LDAP: Enabling this option will allow you to perform the following operations:
  Delete the users automatically from WordPress if the respective users are no longer present in the LDAP / AD. Change the role of the users automatically from WordPress if the respective users are no longer present in the LDAP / AD.
  

Note: It is recommended to keep this option disabled till the users in WordPress and LDAP Server are perfectly synced.

• Once done please click on the Save button.

Configure WordPress to LDAP Sync:

• Go to LDAP Sync Configuration Tab >> Configure WordPress to LDAP Sync section to configure the sync settings.
• Select Your Directory Server: The users can sync/imported from various Active Directory / other LDAP Server like:
  Microsoft Active Directory. Azure Active Directory. OpenLDAP Directory. FreeIPA Directory. Many other LDAP directories.
• User Base: This is the node of the LDAP Tree under which the Sync Users LDAP Directory add-on imports users from WordPress to the LDAP/Active Directory Server. For example, if you want the users from your wp site to be automatically imported to your LDAP directory you can specify the user base as follows: ou=LDAPUsers,dc=domain, dc=com. This example will allow you to import LDAP User present in the ou called "LDAPUsers".
• LDAP Group List for New Users: This option allows you to add newly created WordPress users to a specific LDAP Group. You need to provide the distinguished name of the group where the new users should be added. You can also specify multiple groups by separating the distinguished names ( DN's) of groups with a semicolon (;).
• Sync Options: We have provided a wide range of options that will assist you to export and synchronize users from WordPress to LDAP / Active Directory:
• Add new user in LDAP when registered in WordPress: Allows you to automatically create new users in Active Directory/LDAP Server when the new users are created/registered in WordPress.
• Delete users in LDAP when deleted in WordPress: Enabling this option will automatically Delete the users from LDAP / AD when the respective users are deleted from WordPress.
• Update user profile in LDAP when updated in WordPress: Enabling this option will automatically update the users in LDAP / AD when the respective user's profile is updated in WordPress.
• Update user password in LDAP when reset in WordPress: Allows you to automatically change the user password in LDAP when the user password is changed in WordPress.

Note: You need to install the miniOrange Password Sync with LDAP Server Add-on to enable this option.

• Add/Remove user to/from groups in LDAP server when respective user role changed in WordPress: Enabling the option allows you to add/remove the LDAP/AD users from respective LDAP groups when their roles are changed in WordPress.
• Once done please click on the Save button.

Step 2: LDAP Profile Picture Mapping Configuration:

• Click on Profile Picture Mapping tab from the left navigation panel of the Advance Sync add-on.
• In the Profile Photo Attribute enter the LDAP / Active Directory attribute name that stores the user profile photo. This attribute depends on your LDAP server. You can find the user Profile Photo attribute for some of the common LDAP servers below: Microsoft Active Directory: thumbnailPhoto OpenLDAP / FreeIPA: jpegPhoto
• Once done, click on the Save Configuration button.
• Click on the Enable Profile Picture Mapping checkbox to enable profile picture mapping for WordPress users. This will enable you to sync your LDAP / Active Directory profile picture to your WordPress profile picture.
• If you are using the BuddyPress plugin, click on the Enable BuddyPress Profile Picture Mapping checkbox to enable profile picture mapping for the BuddyPress plugin. This will enable you to integrate your LDAP / AD profile picture into your BuddyPress extended user profile section.
• If a WordPress user updates his / her profile picture from their user dashboard, the new profile picture will be updated in the Active Directory. This will ensure users maintain identical profile pictures on both platforms.

Test Profile Picture Mapping Configuration:

• Here, enter the username of any ldap user to test the profile picture mapping configuration and click on the Test Configuration button.

Step 3: Schedule Users Sync Configuration:

Schedule LDAP to WordPress Sync:

• Go to Schedule Users Sync Tab >> LDAP to WordPress Sync section to sync LDAP users to WordPress.
• Enable Schedule Sync: Please check this option to enable the Scheduled Synchronization of LDAP/AD users into WordPress.
• In the LDAP to WP One Time Sync section, click on the Sync button to import/sync all the LDAP users at once.
• In the Sync Progress section, you can view the progress of user import/synchronization with the help of the progress bar.

Schedule WordPress to LDAP Sync:

• Go to Schedule Users Sync Tab >> WordPress to LDAP Sync section to sync WordPress users to LDAP.
• You can sync the users from WordPress to LDAP using their WordPress ID's. You will be required to specify a range between which you need to export/sync users from WordPress to LDAP/AD. From ID: This is the WordPress user's ID from which the export/sync operation will begin. To ID: This is the WordPress user's ID till which the users will be Synchronized to LDAP Server. For Ex: Enter From ID as 11 and To ID as 20 if you wish to export or sync all WordPress users with IDs between 11 and 20.
• Once you have specified the start and end user's IDs, a table will be displayed with all the users present in the specified user ID range. You can select the users that you want to sync using the checkbox.

Step 4: Sync Reports:

• Click on the WP to LDAP Sync Reports tab to check out the detailed report of the users that are synced from WordPress to the LDAP/ Active Directory. Here, you can also view detailed information about the synchronization of every individual WordPress user.

Step 5: Configure LDAP Self-Service Password Reset:

• To configure the SSPR, click on the Self-Service Password Reset tab in the left-side Navigation panel of the Advance Sync add-on.
• Enable the Password Synchronization checkbox and click on the Save Configuration button.

• Now, Enable to view Self-Service Password Reset Console checkbox.
  Enabling this feature allows users to securely reset their Active Directory passwords by LDAP/AD Self Service Password Reset Console Page.
• Upon enabling this option, you will be seeing two options:
  1. Use Default Password Policy
  2. Use Password Policy from LDAP/AD GPO
• Use Default Password Policy: selecting this option will use the default password policy.

• Use Password Policy from LDAP/AD GPO: Upon selection of this option, you will have to select GPO sync frequency.