Guide to Setup Advanced Sync Addon

Overview

The Advanced Sync add-on for WordPress automatically imports and synchronizes LDAP/Active Directory users with your site. This automation saves time and effort, ensuring your WordPress users are always up-to-date without the need for manual updates. Additionally, any password changes within WordPress are automatically reflected in LDAP or Active Directory, enhancing both security and convenience.

With the WordPress and BuddyPress add-on, Advanced Sync also synchronizes user profile pictures between your LDAP Server or Active Directory and WordPress profiles. This feature ensures visual consistency, improving the overall user experience. Explore how Advanced Sync can simplify your user synchronization between LDAP and WordPress.

Prerequisites:

• LDAP/Active Directory Login for Intranet Sites premium plugin needs to be installed and configured. [Setup Guide]
• A secure LDAP (LDAPS) connection should be established. Click Here to set up a secure LDAP (LDAPS) connection if not already configured.

Advanced Sync Features:

• Synchronize LDAP Users: Import/export and synchronize LDAP/ Active Directory users.
• Custom Search Filter: The custom search filter field provides a way to filter your LDAP users based on their LDAP attribute value. It includes LDAP Object Type, Username Attribute, and optional LDAP attributes on which you want to restrict / sync users. Ex: The below search filter synchronizes only users that belong to MyGroup in LDAP. (&(ObjectClass=user) (username=?) (memberof=cn=MyGroup, ou=MyOU, dc=yourdomain, dc=com)).
• Delete users from WordPress: If a user is deleted from the LDAP / Active Directory, one of the following two operations can be performed: Delete the users automatically from WordPress if the respective users are no longer present in the LDAP / AD. Update the role of the user in WordPress if the respective user is deleted in the LDAP / AD.
• Update LDAP User Profiles: When a user updates their information on the WordPress site, such as their name, email address, or password, the changes will be automatically reflected in the Active Directory/LDAP as well.
• Automatic user creation in LDAP/AD: Register new users in the Active Directory/LDAP Server when the new users register on the WordPress site.
• Auto-update user groups upon role change: Add or Remove users from specific LDAP groups when the user's WordPress role is changed/updated. Ex: When an administrator assigns a different role to a user on the WordPress site, such as from "subscriber" to "editor," the add-on will automatically update the user's group membership in the Active Directory/LDAP to reflect the new role.
• Schedule the user sync: Automatically synchronize users at a specific time interval. Forex: You can set intervals for Active Directory Sync / LDAP Sync as hourly, daily, or twice a day.
• Password Sync With LDAP Server: Automatically update the user's password in the LDAP server / Active Directory whenever a user changes or resets their password in WordPress.

Download and Install:

• Login to your miniOrange account to download the LDAP Premium Plugin and Sync Users LDAP Directory Add-On.

• Once you log into your miniOrange admin console, Navigate to License >> Manage Licenses >> Releases and Downloads. Click on the Download Plugin button to download the Intranet Premium Plugin and the Add-on.

• Once the plugin and add-on are downloaded, Go back to your WordPress site. Go to Plugins >> Add New.

• Click on the Upload Plugin button, and choose the .zip file of the Plugin and install the miniOrange LDAP Advanced Sync Add-On.

• After installing the add-on, activate it from your Plugins page.

• Once the add-on is activated, it will be available on the WordPress Dashboard.
• Click on the Advanced Sync add-on in the left-hand panel on the WordPress admin dashboard.

Configuration Steps:

Step 1: LDAP Sync Configuration:

Configure LDAP to WordPress Sync:

• Go to LDAP Sync Configuration Tab >> LDAP to WordPress Sync section to configure the sync settings.
• Use the Search base and Search filter from the LDAP/AD Login for Intranet Plugin: Enabling this option allows the use of Search Base and Search Filter fields which have already been configured in the LDAP/AD Login for Intranet premium plugin.
• Search Base:This is the LDAP Tree under which we will fetch the users for synchronization.
  Provide the distinguished name of the Search Base object. You can also select the search bases by clicking on the Search Bases / Base DNs button.
  For example, cn=Users,dc=domain,dc=com.


Note:If you have users in different locations in the directory(OU's), separate the distinguished names of the search base objects by a semi-colon(;).
eg. cn=Users,dc=domain,dc=com; ou=people,dc=domian,dc=com



• Search Filter: The search Filter field provides a customized way to filter your users based on different parameters.
  Ex: If you want to filter only active AD users then you can use the below search filter: (&(objectClass=user)(objectCategory=person)(sAMAccountName=?)(!(userAccountControl=514))(!(userAccountControl=546))(!(userAccountControl=66050))(!(userAccountControl=66082))).
• Username Attribute: Enter any LDAP attribute that will be used to create a username in WordPress (for ex: cn, samaccountname).
• LDAP to WP Sync Frequency: Select the time interval at which you want to schedule the sync from your Active Directory/LDAP Server to your WordPress website.
• Unsync WordPress Users not present in LDAP: Enabling this option will allow you to perform the following operations:
1. Delete the users automatically from WordPress if the respective users are no longer present in the LDAP / AD.
2. Change the role of the users automatically from WordPress if the respective users are no longer present in the LDAP / AD.


Note:It is recommended to keep this option disabled till the users in WordPress and LDAP Server are perfectly synced.



• Once done please click on the Save button.

Configure WordPress to LDAP Sync:

• Go to LDAP Sync Configuration Tab >> WordPress to LDAP Sync section to configure the sync settings.
• Search Base:This is the LDAP Tree under which we will fetch the users for synchronization.
  Provide the distinguished name of the Search Base object. You can also select the search bases by clicking on the Search Bases / Base DNs button.
  For example, cn=Users,dc=domain,dc=com.
• LDAP Group List for New Users: This option allows you to add newly created WordPress users to a specific LDAP Group. You need to provide the distinguished name of the group where the new users should be added. You can also specify multiple groups by separating the distinguished names ( DN's) of groups with a semicolon (;).
• Sync Options: We have provided a wide range of options that will assist you to export and synchronize users from WordPress to LDAP / Active Directory:
1. Add new user in LDAP when registered in WordPress: Allows you to automatically create new users in Active Directory/LDAP Server when the new users are created/registered in WordPress.
2. Delete users in LDAP when deleted in WordPress: Enabling this option will automatically Delete the users from LDAP / AD when the respective users are deleted from WordPress.
3. Update user profile in LDAP when updated in WordPress: Enabling this option will automatically update the users in LDAP / AD when the respective user's profile is updated in WordPress.
4. Update user password in LDAP when reset in WordPress: Allows you to automatically change the user password in LDAP when the user password is changed in WordPress.
5. Add/Remove user to/from groups in LDAP server when respective user role changed in WordPress: Enabling the option allows you to add/remove the LDAP/AD users from respective LDAP groups when their roles are changed in WordPress.
• Once done, please click on the Save button.

Step 2: LDAP Profile Picture Mapping Configuration:

• Click on Profile Picture Mapping tab from the left navigation panel of the Advanced Sync add-on.
• In the Profile Photo Attribute enter the LDAP / Active Directory attribute name that stores the user profile photo. This attribute depends on your LDAP server. You can find the user Profile Photo attribute for some of the common LDAP servers below: Microsoft Active Directory: thumbnailPhoto, OpenLDAP / FreeIPA: jpegPhoto
• Click on the Enable Profile Picture Mapping checkbox to enable profile picture mapping for WordPress users. This will enable you to sync your LDAP / Active Directory profile picture to your WordPress profile picture.
• If you are using the BuddyPress plugin, click on the Enable BuddyPress Profile Picture Mapping checkbox to enable profile picture mapping for the BuddyPress plugin. This will enable you to integrate your LDAP / AD profile picture into your BuddyPress extended user profile section.


Note: Enable the BuddyPress Profile Picture Mapping options after testing the configuration successfully.



• If a WordPress user updates his / her profile picture from their user dashboard, the new profile picture will be updated in the Active Directory. This will ensure users maintain identical profile pictures on both platforms.
• Once done, click on the Save Configuration button.

Test Profile Picture Mapping Configuration:

• Here, enter the username of any ldap user to test the profile picture mapping configuration and click on the Test Configuration button.

Step 3: Schedule Users Sync Configuration:

Schedule LDAP to WordPress Sync:

• Go to Schedule Users Sync Tab >> LDAP to WordPress Sync section to sync LDAP users to WordPress.


Note:To enable Schedule Sync, the LDAP to WordPress Sync settings needs to be configured under LDAP Sync Configuration Tab.



• Enable Schedule Sync: Please check this option to enable the Scheduled Synchronization of LDAP/AD users into WordPress.
• LDAP to WP Sync Frequency: In this dropdown list you can select the sync frequency as hourly, daily, twice daily.
• In the LDAP to WP One Time Sync section, click on the Sync button to import/sync all the LDAP users at once.
• In the Sync Progress section, you can view the progress of user import/synchronization with the help of the progress bar.

Schedule WordPress to LDAP Sync:

• Go to Schedule Users Sync Tab >> WordPress to LDAP Sync section to sync WordPress users to LDAP.


Note:To enable sync users you need to configure WordPress to LDAP Sync settings under LDAP Sync Configuration.



• You can sync the users from WordPress to LDAP by selecting the users. You can also select users by searching their usernames.
• Once you have selected the users that you want to sync, click on the Sync Users button.

Step 4: Sync Reports:

Schedule LDAP to WordPress Sync:

Note:This report shows the status of the last sync from LDAP to WordPress.



• Schedule Periodic Reports Cleanup: Here you can select the frequency as weekly, monthly and yearly to cleanup the reports.

Schedule WordPress to LDAP Sync:

Note:This report shows the status of the last sync from WordPress to LDAP.



• Schedule Periodic Reports Cleanup: Here you can select the frequency as weekly, monthly and yearly to cleanup the reports.

Step 5: Configure LDAP Self-Service Password Reset:

• To configure the SSPR, click on the Self-Service Password Reset tab in the left-side Navigation panel of the Advanced Sync add-on.
• Enable Self Service Password Reset in Active Directory: After enabling this option, you will see an option as Display Self Service Password Reset Console.
• Now, Enable the Display Self-Service Password Reset Console checkbox.
  Enable this option to allow AD users to securely reset their passwords in Active Directory through the LDAP/AD Self-Service Password Reset Console Page.
• Upon enabling this option, you will be seeing two options:
  1. Use Password Policy from LDAP/AD GPO.
  2. Use Default Password Policy.
• Use Password Policy from LDAP/AD GPO: Upon selection of this option, you will have to select GPO sync frequency (Daily, Weekly, Monthly).
• Use Default Password Policy: selecting this option will use the default password policy.