Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationWindows AD authentication working for the default domain only.Windows AD authentication working for the default domain only.
Previous
 
Next
New Post
5/16/2010 6:03 AM
 
Dylan (www.innosoftware.net)


Joined: 8/13/2006
Posts: 19
Hello Everyone,

I'm enjoying the latest interface for setting the Windows AD settings but it's only working for users in one domain, the root.

Currently, to keep things simple I allow the root domain to be auto discovered in the forest. I also do NOT specify a default domain. The authentication type I leave to delegation mode. I use myuser@mydomain.com as the user to read the Windows AD directory. (Note: The behavior is the same even when I specify mydomain.com as the root and default domain.)

IMPORTANT FACTOID #1: I read that the user specified for this only needs read permissions. I suspect it is more complicated than that as I outline further down.

When I login with myuser@mydomain.com and a valid password, it logs in successfully and creates the user in the DNN users table, AWESOME...

However, when I login with myotheruser@myotherdomain.com and a valid password, it fails. This other domain belongs to the same forest and is just a namespace in the Windows AD system.

Since the user I use in the extension's config area belongs to mydomain.com I figured changing this user to be myotheruser@myotherdomain.com would flip the behavior around so that myotheruser@myotherdomain.com would work and myuser@mydomain.com would stop working. Interestingly, when I change the user specified in the extension's config area it didn't do this. In fact, using myotheruser@myotherdomain.com seemed to take in the settings area --- but when I went to login as ANY user after this change it failed entirely.

I found what appears to be a tracked issue but the date doesn't show the year the issue was submitted and the fact that I can login using myuser@mydomain.com implies UPN logins DOES work in the latest version of the AD extension: http://dnnauthad.codeplex.com/WorkIte...

This leaves me wondering:

1. Are there special permission requirements for the user specified in the Windows AD authentication settings area? i.e. An AD admin that can walk the entire directory, additional domains/namespaces and all.
2. Does the myotheruser@myotherdomain.com have less permissions than myuser@mydomain.com... hence the total failure to login OR is it that myotherdomain.com is NOT the root domain?
3. Does this extension not respect/support additional domains/namespaces and you have to login only as users from your root domain?
4. Have I selected the wrong authentication type?
5. Am I missing something altogether different than my theories above?

P.S. I have read all the documentation I can get my hands on. Being that this is newer it seems the documentation is a bit superficial or outdated (previous builds). Many issues seemed focused on the SSO (single-sign-on) stuff but I'm using mixed-mode anyways and the hack-arounds out there seem okay should I require it later.

Thanks, Dylan
Dylan Lopez - Solution Developer, INNO Software Inc. E: http://www.innosoftware.net/contact.aspx P: 1-888-INNO-001 / 604-628-4467 W: http://www.innosoftware.net
 
New Post
7/8/2010 10:33 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865
Dylan,

First of all, my apologies for not answering your post until now. Outside issues have gotten in the way of me keeping the provider up to date and in answering questions here on the forum in a timely manner.

Now, onto your post. Unfortunately I don't have a sastisfactory answer for you as I don't have a multi-domain setup in order to test against. I've always hoped that I would get a volunteer on the code team that does so that we could finally give a decent answer or find a solution to the problems but so far that hasn't happened. I do know some people have gotten it working but nobody has ever supplied a step-by-step of what they did to get it working.
 
 Page 1 of 1
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationWindows AD authentication working for the default domain only.Windows AD authentication working for the default domain only.


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out