I'm planning to implement the AD login to the umbraco backend but i'm kind of new with the AD stuff (which I need to check with my IT team for details). So for the parts below which needs the connectionusername and connectionpassword.
Do i need to ask my IT team for like a main connectionusername and connectionpassword for the AD or will this be a user account within the AD?
You can probably use your login credentials.
Your connection string should look something like this:
connectionString="LDAP://SERVERNAME:PORT
Of course, you will need the the whole thing like in the documentation, the line starts with "add name="
If you are just starting out with AD, it would be good to use some AD tool to verify your login artifacts are correct.
There is a free tool called "Ldp.exe". It is from Microsoft and can connect to any AD server. It has a bit of a learning curve, but it should be pretty quick to use to prove that you have the right settings to put in the config file.
A final tip is that there is a thing called AD LDS. You can run your own Active Directory instance, that might be useful to you for debugging, or even production.
And my membershi provider as below which i've replaced the [username] with a read only username that i've got and the [password] with the password that i've got. Do you need cn=username in this bits?
I've got LDAP browser 4.5 with me which i can login with the connection details above. How / where do I set the specific partition that Umbraco should look for within the AD? I can view them in LDAP browser which will give me the distinguisedName (that comes with whole bunch of CN and DC stuff). Do i set this in the Connection String?
Quick question, the user that we enter below. Do they need to have all permission enable? Not sure if that's the reason as my user has only been set to have read only access.
About your earlier question, yes you set your containers and domain components to match your Users container within your domain.
I tried re-finding the documentation that speaks to it being read-only for you. I am pretty sure it is normal if you are authenticating with a regular domain user for it to be read only.
I've tested with Umbraco 7.2.6 as well (as ppl are saying that it works on that version in the forum).
The weird thing, i can login to backend Umbraco only using the readonly user that I've set in my AdMembershipProvider settings but not any other AD users. Weird.
The readonly user is in the same directory with the rest of the AD users
Figured this out on Umbraco 7.2.6, for my MembershipProvider i've removed connectionUsername and connectionPassword so i can login with the rest of the AD profiles. Thought if someone else wanted to know.
Still need to find out what's wrong with Umbraco 7.3 above with the casting issue
Unable to cast object of type 'System.Web.Security.ActiveDirectoryMembershipProvider' to type 'Umbraco.Core.Security.UmbracoMembershipProviderBase'.
User Authentication
Hi All,
I'm planning to implement the AD login to the umbraco backend but i'm kind of new with the AD stuff (which I need to check with my IT team for details). So for the parts below which needs the connectionusername and connectionpassword.
Do i need to ask my IT team for like a main connectionusername and connectionpassword for the AD or will this be a user account within the AD?
thanks
You can probably use your login credentials. Your connection string should look something like this: connectionString="LDAP://SERVERNAME:PORT
Of course, you will need the the whole thing like in the documentation, the line starts with "add name="
If you are just starting out with AD, it would be good to use some AD tool to verify your login artifacts are correct.
There is a free tool called "Ldp.exe". It is from Microsoft and can connect to any AD server. It has a bit of a learning curve, but it should be pretty quick to use to prove that you have the right settings to put in the config file.
A final tip is that there is a thing called AD LDS. You can run your own Active Directory instance, that might be useful to you for debugging, or even production.
Thanks Bill. Will try it out :)
I'm stuck on the below now which error out as follow
My connection string will be as follow
The xx value will be the IP but i'm not sure what's wrong. Any idea anyone?
Thanks
Just noticed i've got a comma after the domain url. my bad
so the change will be
Apparentlyly I'm still having issues connecting to the AD
My connection string as follow which i've replaced the [domain] with the actual domain
And my membershi provider as below which i've replaced the [username] with a read only username that i've got and the [password] with the password that i've got. Do you need cn=username in this bits?
I've got LDAP browser 4.5 with me which i can login with the connection details above. How / where do I set the specific partition that Umbraco should look for within the AD? I can view them in LDAP browser which will give me the distinguisedName (that comes with whole bunch of CN and DC stuff). Do i set this in the Connection String?
Thanks
Quick question, the user that we enter below. Do they need to have all permission enable? Not sure if that's the reason as my user has only been set to have read only access.
About your earlier question, yes you set your containers and domain components to match your Users container within your domain.
I tried re-finding the documentation that speaks to it being read-only for you. I am pretty sure it is normal if you are authenticating with a regular domain user for it to be read only.
Thanks Bill.
I've sorted out the issue with the Read Only user connection string but currently it's showing the below and I'm running Umbraco 7.4.2
Have anyone encounter this before?
Thanks
I've tested with Umbraco 7.2.6 as well (as ppl are saying that it works on that version in the forum).
The weird thing, i can login to backend Umbraco only using the readonly user that I've set in my AdMembershipProvider settings but not any other AD users. Weird.
The readonly user is in the same directory with the rest of the AD users
Figured this out on Umbraco 7.2.6, for my MembershipProvider i've removed connectionUsername and connectionPassword so i can login with the rest of the AD profiles. Thought if someone else wanted to know.
Still need to find out what's wrong with Umbraco 7.3 above with the casting issue
Hi JLon, I am also facing same casting issue. Did you find any solution for that?
Which version of Umbraco are you using Tejashri?
Hi, I am using Umbraco V7.4.3
I'm on V7.4.3 as well. Sorted on this post https://our.umbraco.org/forum/umbraco-7/using-umbraco-7/71531-active-directory-authentication-to-backoffice-is-throwing-invalidcastexception
is working on a reply...