To keep everything updated with current user data you can enable a synchronization from WordPress back to your Active Directory.
Sync to Active Directory
Enable sync to AD
By enabling this option ADI will automatically synchronize the user's profile back to the Active Directory if they have changed.
The synchronization is automatically triggered whenever a user profile gets updated.
Use Sync To AD service account
By enabling this option users will not be asked for their Active Directory password when updating their WordPress user profile. Instead a dedicated Active Directory service account is used.
NOTICE: The password of this service account is stored encrypted, but USE IT AT YOUR OWN RISK. To avoid this you have to grant your users the permission to change their own Active Directory attributes.
Setting the Active Directory permissions
Without setting the the Active Directory permissions persisting the attributes in the Active Directory will silently fail. In the
logss/debug.log you will see the error
adLDAP last error: Insufficient access
To set the permissions you have to follow these steps:
|Use ADSI Edit to connect to your Active Directory|
|Navigate to the Organizational Unit where your users reside and select Properties from the context menu|
|On the tab Security choose the name SELF (SELBST) and enable the permission Write|
|Click on the button Advanced, navigate to the access permission Write for the principal SELF and click on Edit|
|Select This object and all descendant objects from the Applies to select list|
|Save the settings|
Service account username
If Use Sync To AD service account is enabled the username of the service account must be defined. Please note that you have to explicitly add the domain information by appending the domain suffix.
Service account password
This option defines a NEW password for the Sync to AD service account. Leave this field blank if you don´t want to change the password.
The authentication code must be used if you want to trigger the synchronization with help of a cron job. The menu option Sync to AD shows you the code snippets for wget and curl.