schakko

There could be a problem with your network configuration. The timeout indicates that the AD endpoint can not be contacted. Please note that AD with TLS (not STARTTLS!) is running on port 689 and *not* 389.

We fixed this issue in ADI 2 by storing the UPN in the wp_user_meta.

Hey guys,
a lot is going on in this thread 😉

1. With ADI 2 the current behavior is still used. Every AD user is synchronized to WordPress. After the initial synchronization his account gets disabled in WordPress – if disabled in Active Directory. I filled an issue in our backlog but will not promise that we eventually change this behavior.

2. As mrasker already said, we will never delete anything. Deletion is evil.

3. @cityfox this seems to be an issue of BuddyPress. “blocked” is not an official WordPress role. I filled an issue in our backlog. The much cleaner solution would be that we – as the ADI team – provide a hook which is called after disabling a WordPress user. You can listen to this hook and update the WordPress role.

4. @mrasker thank you for the Kerberos hint in https://ww.wp.xz.cn/support/topic/disabled-users-not-showing-up-in-disabled-column?replies=9#post-8293125. I added this to our backlog.

semargl, please check the error.log of your Apache webserver. It might be possible that PHP’s OpenSSL support has not been compiled into the core or the php_openssl has not been loaded.

The auto-login/SSO feature highly depends upon your network environment. We are planning to release some documentation describing the problem and its possible solutions in the mid of this year.

ADI already makes use of service accounts. They are internally called “Sync Back User” and “Bulk Import User”.
For ADI 2.0 we already changed the translation to “Service Account”.