I'm working on creating a new SiteFinity-based intranet application for our company and have run into an Active Directory issue that seems a little strange.
First, here is what IS working:
1. My LDAP connection from Sitefinity works, and I can see all AD users and roles when logged in as an administrator.
2. Users are able to log-in using their AD credentials.
My problem is as follows:
I can only see the roles that are mapped mapped to a user for five of our accounts.I want to authorize pages based only by their AD-Roles, but this only works for those five accounts that Sitefinity can read.
Additionally, if I use my own AD account in the LDAP configuration, I can then see my own roles as well.
I can see two possible issues:
1. The service account we created (in order to give Sitefinity credentials to our AD server) might need additional permissions to read our user's roles.
2. The five accounts that have visible roles assigned to them have a 'read' flag in AD, and are automatically picked up by SiteFinity.
My question is this: If I'm correct in my assumption about the service account, what additional permissions do I need to give it?