1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Active Directory Users & Roles

Active Directory Users & Roles

10 posts, 0 answered
  1. György
    György avatar
    4 posts
    Registered:
    01 Jan 2009
    25 Nov 2010
    Link to this post
    Hi Telerik,

    I am trying Sitefinity 4.0 RC to connect my enterprise Active Directory, but I can not figure out the correct settings for membership providers, role providers and the LDAP settings.

    In a new installation I enabled the LdapRoles and LdapUsers providers (Administration -> Settings menu) and fill out the DefaultLdapConnection in the LDAP Connection section:
    Server Name: the domain controller IP address
    ConnectionDomain: the target domain
    ConnectionUsername: domain\Administrator
    ConnectionPassword: password
    UserDns: ou=...,dc=...,dc=...
    RolesDns:  ou=...,dc=...,dc=...

    In the Administration -> Users menu appear a new tab 'LdapUsers', but there are no users under it, and in the Administration -> Roles menu appear a new tab 'LdapRoles', but there are no roles under it.

    What am I miss?

    Thanks.
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 May 2017
    25 Nov 2010
    Link to this post
    Hi György,

    Most probably the LDAP is not configured properly or it is not responding due to some reason. Could you also check the  HttpRequests and HttpResponse of web services used to get your users when you click on LDAP button.

    Below is  sample configuration of the LDAP - App_Data\Sitefinity\Configuration\SecurityConfig.config

    <LdapConnections>
            <connections>
                <LdapConnection
                     name="DefaultLdapConnection"
                     serverName="host.com"
                     connectionDomain="host"
                     connectionUsername="HostUser"
                     connectionPassword="password" maxReturnedUsers="200"
                     usersDN="OU=UsersGroup,OU=MyUnit,DC=host,DC=com"
                     userFilter="(&(objectClass=user)(!(objectClass=computer)))" maxReturnedRoles="200"
                     rolesDns="OU=UsersGroup,OU=BG,DC=host,DC=com"
                     roleFilter="(objectClass=group)" />
            </connections>
            <ldapMapping>
                <typesMapping>
                    <type name="RoleMapping">
                        <propertiesMapping>
                            <mapping propertyName="Name" ldapField="sAMAccountName" />
                            <mapping propertyName="Id" ldapField="objectGUID" />
                            <mapping propertyName="LastModified" ldapField="whenChanged" />
                        </propertiesMapping>
                    </type>
                    <type name="UserMapping">
                        <propertiesMapping>
                            <mapping propertyName="Id" ldapField="objectGUID" />
                            <mapping propertyName="Comment" ldapField="info" />
                            <mapping propertyName="FirstName" ldapField="givenName" />
                            <mapping propertyName="UserName" ldapField="sAMAccountName" />
                            <mapping propertyName="Email" ldapField="mail" />
                            <mapping propertyName="LastName" ldapField="sn" />
                            <mapping propertyName="LastActivityDate" ldapField="whenChanged" />
                            <mapping propertyName="LastLoginDate" ldapField="lastLogon" />
                            <mapping propertyName="CreationDate" ldapField="whenCreated" />
                            <mapping propertyName="LastModified" ldapField="whenChanged" />
                            <mapping propertyName="memberOf" ldapField="memberOf" />
                            <mapping propertyName="IsApproved" ldapField="userAccountControl" />
                        </propertiesMapping>
                    </type>
                </typesMapping>
            </ldapMapping>
        </LdapConnections>




    All the best,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. György
    György avatar
    4 posts
    Registered:
    01 Jan 2009
    26 Nov 2010
    Link to this post
    Hi Ivan,

    Thanks for the replay. I can connect our Active Directory, so I am happy. :)

    Next question: We have two domains. Is it possible to connect the two domains in the same time?
    I can create two LDAP connections, but how can I bind these connections to each membership and role providers?

    Thanks.
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 May 2017
    26 Nov 2010
    Link to this post
    Hi György,

    It is possible

    1. Crate a new mebership provider of type Telerik.Sitefinity.Security.Ldap.LdapMembershipProvider

    2. Create two parameters - applicationName and connection. - you can copy the applicationName from the default provider. The important part here
    is conneciton parameter.

    3. Go to LDAP settings and create a new Ldap connection with all parameter
    4. Return back to your provider parameters and set the connection

    Greetings,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. György
    György avatar
    4 posts
    Registered:
    01 Jan 2009
    26 Nov 2010
    Link to this post
    Hi Ivan,

    Thanks for the suggestion. I tried it, but I am not happy. :(
    I created a new (second) membership and role provider and a new (second) LDAP connection. To the providers I created an applicationName and a connection parameter. In the connection parameter's value filed I wrote the newly created LDAP connection's name.
    When I get the users (Administration -> Users) from the first provider it is working correctly, but from the second provider there is no user. Wen I get the roles (Administration -> Roles) from the first povider it is working correctly, but from the second provider I get the same roles as from the first provider.
    If I clear the default LDAP connection setting (Administration -> Settings, LDAP Connections section) I get no users and roles from any providers.
    This seems to me only the default provider working correctly.

    Here is my SecurityConfig.config snippet:
    <roleProviders>
        <add connection="LdapConnection1" applicationName="LdapBackend/" enabled="True" name="LdapRoles1" />
        <add connection="LdapConnection2" applicationName="LdapBackend/" enabled="True" name="LdapRoles2" />
    </roleProviders>
    <membershipProviders>
        <add connection="LdapConnection1" applicationName="LdapBackend/" enabled="True" name="LdapUsers1" />
        <add connection="LdapConnection2" applicationName="LdapBackend/" enabled="True" name="LdapUsers2" />
    </membershipProviders>
    <LdapConnections defaultLdapConnection="LdapConnection1">
        <connections>
            <LdapConnection serverName="host.local" serverPort="389" connectionDomain="host" connectionUsername="UserName" connectionPassword="password" useSSL="False" resultCacheExpiration="0" maxReturnedUsers="10" usersDN="OU=ou1,DC=host,DC=local" userFilter="(&(!(objectClass=computer))(objectClass=person))" maxReturnedRoles="10" rolesDns="OU=ou1,DC=host,DC=local" roleFilter="(objectClass=group)" connectWithLogonCredentials="False" authenticationType="Basic" name="LdapConnection1" />
            <LdapConnection serverName="host.local" serverPort="389" connectionDomain="host" connectionUsername="UserName" connectionPassword="password" useSSL="False" resultCacheExpiration="0" maxReturnedUsers="10" usersDN="OU=ou2,DC=host,DC=local" userFilter="(&(!(objectClass=computer))(objectClass=person))" maxReturnedRoles="10" rolesDns="OU=ou2,DC=host,DC=local" roleFilter="(objectClass=group)" connectWithLogonCredentials="False" authenticationType="Basic" name="LdapConnection2" />
        </connections>
    </LdapConnections>

    Thanks.
  6. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 May 2017
    01 Dec 2010
    Link to this post
    Hello György,

    Could you try to use different applicationName for the second LDAP provider.

    Kind regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  7. György
    György avatar
    4 posts
    Registered:
    01 Jan 2009
    03 Dec 2010
    Link to this post
    Hi Ivan,

    I renamed the applicationName parameter at the second newly created providers. The Roles working properly (there are roles under the two LDAP roles tab), but Users does not work (only one ldap users connection works, the other still gets 'No records').

    Here is my scenario:
    - I created a new project with Sitefinity Project Manager (4.0.941.0)
    - I went the new project's Administration -> Setings menu
    - I modified the default settings at the 'DefaultLdapConnection' in the 'LDAP connections' section to fit our infrastructure
    - I enabled the built in 'LdapUsers' provider at the 'Membership providers' section and set the connection parameter to 'DefaultLdapConnection'
    - I enabled the built in 'LdapRoles' provider at the 'Role providers' section and set the connection parameter to 'DefaultLdapConnection'

    At this point everyting is worked perfectly, there are users in the Administration -> Users menu under the 'LdapUsers' tab and there are roles in the Administration -> Roles menu under the 'LdapRoles' tab.

    Continue:
    - I created a new LDAP connection at the 'LDAP connections' section
    - I created a new provider at the 'Membership providers' section, set the connection parameter to the newly created LDAP connection and set the applicationName parameter othet then the first LDAP provider
    - I created a new provider at the 'Role providers' section, set the connection parameter to the newly created LDAP connection and set the applicationName parameter othet then the first LDAP provider

    At this point there are two LDAP tab in the Administration -> Roles menu and it works perfectly. In the Administration -> Users menu there are two LDAP tab, but only the first ('LdapUsers') tab gets users. Under the newly created tab I get 'No records'. If I switch the connection strings between the built in providers (LdapUsers, LdapRoles) and the newly created providers, still the built in providers gets users.

    What am I miss?

    Thanks.
  8. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 May 2017
    08 Dec 2010
    Link to this post
    Hi György,

    Do you use a single LDAP with a different queries? If this is the case then there should not be a problem to see your users properly.

    There is a  problem if you have two or more LDAP but they are different types like Microsoft LDAP and OpenLDAP.

    Kind regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  9. Matt
    Matt avatar
    22 posts
    Registered:
    25 Jan 2008
    15 Dec 2010
    Link to this post
    I have followed similar steps (except just for a single AD provider), but do not see LdapUsers under Administration->Users or LdapRoles under Roles.

    I have tried adding the ldapMappings shown above, but a couple minutes after I save the file, the changes disappear. The correct values still show in the GUI, though.

    snippet:

        <roleProviders>
            <add connection="DefaultLdapConnection" enabled="True" name="LdapRoles" />
        </roleProviders>
        <membershipProviders>
            <add connection="DefaultLdapConnection" enabled="True" name="LdapUsers" />
        </membershipProviders>
        <LdapConnections>
            <connections>
                <LdapConnection serverName="dc.domain.com" connectionDomain="domain.com" connectionUsername="username" connectionPassword="password" usersDN="OU=...." rolesDns="OU.." name="DefaultLdapConnection" />
            </connections>
        </LdapConnections>
    </securityConfig>

  10. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 May 2017
    15 Dec 2010
    Link to this post
    Hi Matt,

    If the values are in the GUI they should be in the configuration. The Settings uses config files as a storage. You will not see users if

    1. The settings to LDAP are not correct.
    2. The application is not estarted and your changes are not applied.

    Best wishes,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
10 posts, 0 answered