More in this section
Forums / General Discussions / LDAP AD-Roles issue.

LDAP AD-Roles issue.

The forums are in read-only mode. In case that you want to directly contact the Progress Sitefinity team use the support center. In our Google Plus group you can find more than one thousand Sitefinity developers discussing different topics. For the Stack Overflow threads don’t forget to use the “Sitefinity” tag.
3 posts, 0 answered
  1. lgroup
    lgroup avatar
    7 posts
    28 Dec 2006
    11 Jul 2014
    Link to this post

    I'm working on creating a new SiteFinity-based intranet application for our company and have run into an Active Directory issue that seems a little strange.

     First, here is what IS working:

    1. My LDAP connection from Sitefinity works, and I can see all AD users and roles when logged in as an administrator.

    2. Users are able to log-in using their AD credentials.

     My problem is as follows:

     I can only see the roles that are mapped mapped to a user for five of our accounts.I want to authorize pages based only by their AD-Roles, but this only works for those five accounts that Sitefinity can read.

    Additionally, if I use my own AD account in the LDAP configuration, I can then see my own roles as well.

    I can see two possible issues:

    1. The service account we created (in order to give Sitefinity credentials to our AD server) might need additional permissions to read our user's roles.

    2. The five accounts that have visible roles assigned to them have a 'read' flag in AD, and are automatically picked up by SiteFinity.

    My question is this: If I'm correct in my assumption about the service account, what additional permissions do I need to give it?

  2. lgroup
    lgroup avatar
    7 posts
    28 Dec 2006
    14 Jul 2014 in reply to lgroup
    Link to this post

    After re-reading what I wrote, I realize that it might be confusing, so I'm going to attempt to reword my problem....

    With my current configuration, Sitefinity is unable to read the assigned Active Directory roles for 95+% of our employees (It does work for a select few, for unknown reasons). This means that authentication works, but not authorization. My goal is to use AD authorization to limit access of sensitive pages for some users based on their assigned roles, but I cannot do this right now.

     I'm unsure whether or not this is a Sitefinity issue or an Active Directory one, but I would appreciate any advice available.

  3. Vassil Vassilev
     Vassil Vassilev avatar
    308 posts
    21 Jan 2015
    16 Jul 2014
    Link to this post
    Hello John,

    In your case I believe you need to map each of your Ldap roles to Sitefinity one, than provide the necessary permissions to the Sitefinity role. Similar issue is discussed here:
    Active Directory/LDAP Backend Access

    I hope this helps.

    Vassil Vassilev
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
3 posts, 0 answered