Next Active Directory Integration allows you to map Active Directory attributes to WordPress attributes and vice versa. On this configuration page you define your required mappings.
How it works
Every option is shown as a single row and has the following options
| Column | Property |
|---|---|
| AD attribute | Name of the attribute inside the Active Directory. You can select one of the attributes from the list |
| Data Type | Type of the Active Directory attribute. This influences how the attribute is displayed inside WordPress |
| WordPress attribute | Unique name of the attribute inside WordPress' usermeta table. All attribute values are stored in there. |
| Description | This description is shown on the user's profile page if View in User Profile is enabled |
| View in User Profile | If enabled, the attribute is shown on the user's profile page |
| Sync to AD | If enabled, the attribute will be synchronized back to the Active Directory account if the administrator has enabled the Sync to AD feature. |
| Overwrite with empty value | If enabled, the WordPress attribute will be overwritten even if the AD attribute is empty. |
Attributes
The following AD attributes will be always mapped, even if they are not explicitly mapped by your configuration because they are required to make ADI work properly:
- cn
- givenname
- sn
- displayname
- description
- samaccountname
- userprincipalname
- useraccountcontrol
You can overwrite the mapping to make them viewable but you should not synchronize them back to AD.
Data Types
Not all of the attributes can be synchronized back to the Active Directory:
| Data Type | Syncable to AD | Hint |
|---|---|---|
| string | Yes | Unicode Strings like homePhone |
| list | Yes | A list of Unicode Strings like otherHomePhone |
| integer | Yes | Integers or Large Integer attributes like logonCount |
| bool | No | Booleans use it from boolean attributes like fromEntry |
| octet | No | Octet Strings like jpegPhoto |
| time | No | UTC Coded Time like whenCreated |
| timestamp | No | Integers which store timestamps (not the unix ones) like lastLogon |
| cn | No | Common Name extracts the CN part and drops everything else - use it with manager |