Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Connie DeCinko 931 posts 1160 karma points
    Oct 04, 2013 @ 19:06
    Connie DeCinko
    0

    Member created and logs in but Member Groups not assigned

    Great package so far. I was going to build my own but your's gets me to the finish line much faster. I stumbled upon the issue with my Intranet site not looking like one to IE and having to add it to my Intranet zone. You might add that information to the install instructions.

    Normal AD users are able to view the site, no issues. When a user browses to a site I've set Public Access permissions on, they correctly and transparently are sent to my autologin page, their Member record is created with all the details including email. What is not happening, the groups they are assigned to in AD are not being assigned to them in Umbraco. I cannot go in and manually assign them as my AD user does not have permission to edit, just view.

    Also, I read someone else having a concern about the Member password in Umbraco not being updated when it changes in AD. Has this been changed in the current version of this project?

     

  • Connie DeCinko 931 posts 1160 karma points
    Oct 04, 2013 @ 19:39
    Connie DeCinko
    0

    Additional information:  This is the same issue I had with setting up AD for back office login.  If the AD is not in the same domain as the web server, it's next to impossible to get group information.

    System.DirectoryServices.AccountManagement.PrincipalOperationException: Information about the domain could not be retrieved (1355).

    In the other instance I had to use a different method but that was only checking to see if the user logging in was in one group.

    Any ideas how to tackle this?

  • Kevin Jump 2342 posts 14889 karma points MVP 8x c-trib
    Oct 04, 2013 @ 20:06
    Kevin Jump
    0

    you can use domains outside of the one the webserver is in (assuming it can see it - there is a trust between domains, etc) through the settings

    <section name="ADSettings" type="LDL.Web.Security.ActiveDirectory.ADSettingsConfigSection, LDL.Web.Security.ActiveDirectory" />
    
    <ADSettings defaultUsername="ADUsername" defaultPassword="ADPassword">
      <ADSettings>
        <add server="server1" domain="domain1" container="DC=xxx, DC=yyy" />
        <add server="server2" domain="domain2" container="DC=xxx, DC=yyy, DC=zzz" />
      </ADSettings>
    </ADSettings>
    
    • in terms of groups, if the role provider is working it should see the groups you have named in the web.config - check for things like case of groups is ok, the provider will trace the groups out so adding ?umbDebugShowTrace=true should so you something in the trace.

    The password of the user isn't stored in umbraco - the login is always performed against the AD - so their is no password to sync with the umbraco db.

  • Connie DeCinko 931 posts 1160 karma points
    Oct 04, 2013 @ 20:14
    Connie DeCinko
    0

    Setting up a trust between the servers will never happen, my admin won't allow it.  In Microsoft's flawed wisdon, they allow us to see many details about an AD member but doing something like GetGroups() causes an error.  The information is in the string MemberOf but then I'd have to parse it out which won't be fun.  Looks like I'll have to resort to the old DirectorySearcher filter method.

     

  • Kevin Jump 2342 posts 14889 karma points MVP 8x c-trib
    Oct 04, 2013 @ 20:24
    Kevin Jump
    0

    you might be able to get it to work without a trust, but probably with a lot more tweaking which you're probably not going to be allowed to do.

    We did start to go down the DirectorySearch root, in the end we did the DomainPrincipal because that does nested group membership (not always an issue)

  • Connie DeCinko 931 posts 1160 karma points
    Oct 04, 2013 @ 23:08
    Connie DeCinko
    0

    Ok, did some rework of the code and got it to work.  Now, need to see what happens for an existing Member who is added to additional groups.  Do they get added or do groups only get assigned when the Member is first created?  How about if a Member is removed from an AD group?

     

  • Kevin Jump 2342 posts 14889 karma points MVP 8x c-trib
    Oct 04, 2013 @ 23:32
    Kevin Jump
    0

    the groups aren't really there, The package replaces the membership role provider so no groups go into the umbraco DB wherever groups are listed by umbraco it's roleprovider telling it the groups.

    It gets the user's groups dynamically when they logon (from the AD) - so if they are removed in the AD they go in umbraco.

  • Connie DeCinko 931 posts 1160 karma points
    Oct 10, 2013 @ 03:03
    Connie DeCinko
    0

    How do I view the Trace.Writes so I can try and debug my install?

     

  • Kevin Jump 2342 posts 14889 karma points MVP 8x c-trib
    Oct 10, 2013 @ 09:38
    Kevin Jump
    0

    On an masterpage based site add ?umbdebugshowtrace=true to the URL

    you need to ensure Use Debug mode is set to true in your web.config

    <add key="umbracoDebugMode" value="true" />
    

    not sure how or if you can do this with an MVC based project.

Please Sign in or register to post replies

Write your reply to:

Draft