The User tab contains all user-specific configuration options. This includes settings like how users should be displayed, created, updated etc.
Exclude usernames from authentication
Every username you provided in here will not be authenticated during login. Instead the local WordPress password is used. This option ensures that you can set up Active Directory Integration and still log in with your WordPress administrator account. You have to explicitly declare every username you want to exclude. This means that if you want to exclude "firstname.lastname@example.org" from authentication you have to add "email@example.com" to the list and not only "administrator". If you are using the account suffix "@test.ad" and you are excluding "administrator", the user can still log in with "firstname.lastname@example.org". You have to exclude explicitly "email@example.com".
Usernames added to the list are case-insensitive.
- The first administrator of a network installation (super admin) and the first administrator of a site are implicitly never authenticated against the Active Directory. This ensures that the administrator can login at every time.
- The user who activates Next ADI is automatically added to the list of excluded usernames during the activation of the plug-in. This must not be inevitably the first administrator. You can remove this user after you have successfully tested your settings.
The Account Suffix is added to all usernames during the Active Directory authentication process. Example: An Account Suffix "@company.local" is used. When the user "my_username" logs in, the fully username is set to "firstname.lastname@example.org".
Don not forget to start the suffix with "@".
If you have multiple account suffixes like @emea.company.local, @africa.company.local put every account suffix in its own field. The primary domain name (@company.local) must reside in the last text field.
Use sAMAccountName for newly created users
By default, NADI uses the userPrincipalName as username for newly created users. In a single Active Directory domain environment this can be changed so that the sAMAccountName is used as username.
Automatic user creation
If enabled, users will be created in your WordPress instance after they have successful authenticated.
Not yet Created users will obtain the role defined under New user default role.
Automatic user synchronization
After a successful login the WordPress profile of the user will be automatically synchronized with his Active Directory account. Requires "Automatic user creation" to be enabled.
Automatic update user description
This option will only work if you have already enabled Automatic user creation and Automatic user synchronization. As the title says it will automatically update the user's description of new created users and users who login.
Default email domain
Whenever a user's Active Directory attribute mail is empty, the user's email address will be concatted by his username and the value of this option.
Email address conflict handling
This option handles email address conflicts caused by multiple user creation using the same email address. WordPress does only allow unique email addresses in an installation. You can choose between the following options
- Prevent: User is not created, if his email address is already in use by another user (recommended)
- Allow: Allow users to share one email address. (UNSAFE)
- Create: In case of a conflict the new user is created with a unique and randomly generated email address.
Prevent email change
Prevent email change will stop users authenticated by Active Directory from changing their email address in WordPress.
This option allows you to configure how users should be displayed in posts and comments. By default the sAMAccountName is used. You can choose between the following options:
- sAMAccountName (the username)
- givenName (firstname)
- SN (lastname)
- givenName SN (firstname and lastname)
- CN (Commone Name, the whole name)
- mail (email address)
Show user status
Show additional columns (ADI User, disabled) in WordPress' users list.