LDAP Question in User Module

I understand that Sitefinity can link to the LDAP (Active Directory). Is it possible to sync all the existing users in the LDAP to Sitefinity user module so the existing LDAP users do not need to register again in the website? Also, if it can be synced, can this action to be scheduled in a specific period of time in order to keep the most updated user from LDAP? And What if there are some users being removed in LDAP, can this change reflect in the Sitefinity User Module?

Thanks.

Evan

Hi Evan,

Once you configure the LDAP settings Sitefinity will pull the users from the active directory depending on those settings. Additionally once they are in Sitefinity they will be registered, however you will need to grant them permissions (assign the appropriate role to the user).

If you are referring to one time login and not register - Yes, it is possible to setup SSO with Windows authentication. In this case scenario the user has to enter his/her password only the first time logging into the backend. 

Sitefinity does not store the AD users in its database but it is pulling them directly through the LDAP provider. If a user is removed from the AD the change will take immediate effect in the system. 

Hi Pavel,

I have successfully hooked Sitefinity up to my LDAP provider and can see my AD users on the Sitefnity "Users" page.

Question: when I edit the Sitefinity profile of an AD user (for example, when I set "This user can access site backend" to true), where is that setting stored in the Sitefinity database? I have not been able to locate where the setting is stored.

Hello Vince,

This information is stored in the sf_users table. Take a look at the is_backend_user column.