LDAP - Users and Roles Not Appearing

Posted by Community Admin on 03-Aug-2018 20:57

LDAP - Users and Roles Not Appearing

Sitefinity - General Discussions

All Replies

Posted by Community Admin on 10-Mar-2011 00:00

Using 4.0.1210.  I have enabled LDAP on my site.  I know I am able to query the database correctly because if I try to log in using my LDAP account and it authenticates the account.  I then get the error "You were automatically navigated from ... because you are not authorized to access that page".  

So, then I sign in using my default provider.  But when I sign in to try to modify the users or roles my LdapUsers has no accounts in it.  Doesn't make sense to me since I clearly am authenticating against my LDAP.

Anyone have an idea.  Or may be a step by step map of how to go from A to B with LDAP? 

One other thing I have noticed is that by security.config file doesn't have may of the "standard" sections in it.  When I add those sections by hand they get overwritten by the application the minute I log in.

Posted by Community Admin on 16-Mar-2011 00:00

Hi Dale,

I had problems when first setting up LDAP too.  Unfortunately you don't really get any errors back which makes it hard to figure out.

I got to where you are, and in my case I didn't have a proper usersDN set up.  There were some odd accounts that had duplicated emails, and this was causing exceptions as SF tried to populate it.  (You could see it was starting to populate users in the sf_users table, but the exceptions cause it not to show any accounts on the users page).  Try narrowing it down; it worked for me.

I'm not sure what you mean by "standard" sections - do you mean things like the default LdapUsers membership provider, DefaultLdapConnection, etc.?  They're populated seperately (not sure where) - you'll definitely see a <remove name=".." /> should you delete one from the administration.

Good luck!

Posted by Community Admin on 18-Mar-2011 00:00

Hello Dale,

As Michael says it is most probable that this can be caused by loading some incorrect accounts from  your ldap that don't have usernames. Two things that i want to ask you to check, try to see in the sf_users table in the sitefinity database has records with user_name NULL or with duplicate emails. If there are such records it means you got some problematic accounts from the LDAP. Also check your UserFilter in the LDAP connection, the one that is by default: (&(objectClass=user)(!(objectClass=computer))) . If you use some LDAP browser tool with the same filter(or if you have modifed it - with your modified) - you can debug if you are getting some weird records from the LDAP (without usernames). We are defnetly coming with a fix for not importing problematic records soon, but currently the only solution is to try to fix your UserFilter not to have problematic records.
For LDAP browsing you can use for example this one http://www.ldapadministrator.com/download.htm (the ldap browser tool)

Kind regards,
Nikolay Datchev
the Telerik team

Vote for the 7 Telerik products at the 2011 Great Indian Developer Awards!

This thread is closed