New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthentication3.2 Security Role sync problem?  Check here after you tried everything else3.2 Security Role sync problem? Check here after you tried everything else
Previous
 
Next
New Post
12/15/2005 4:48 PM
 

I think there might be several 3.2 security role syncronization bugs out there currently but one that me two weeks to figure out is fixed and it might help out other people.

Before attempting this fix, make sure you have your DNN role name match the AD group sAMAccountName and you have Synchronize Roles checked in the Authentication module.

The problem I was having is that under DNN 3.2 users were not being added to their correct security role.  I checked to make sure the DNN security role name matched the AD sAMAccountName exactly and still no luck.

I believe the problem lies in the way my AD is set up.  We are in a legacy mixed mode AD so while the AD groups were being found, no members were being found for the group and thus the user never was added to the DNN role.

I had to modify the ADSI Provider source code to get it to work.  The code to change in the Utilities.vb file of the Authentication.ADSI project.  There are two methods to change:  GetGroupEntryByName and GetGroupEntriesByName.  Both methods should be changed the same way.  I replaced the first couple of lines so that the search for the group entry object does not use the wrapped objects but instead uses a new DirectoryEntry object and DirectorySearcher object.  Here is a VB code snippet:

Public Shared Function GetGroupEntryByName(ByVal GroupName As String) As DirectoryEntry

Dim objLDAP As New DirectoryEntry

If Not objLDAP.Exists("LDAP://rootDSE") Then

   Return Nothing

End If

Dim objSearch As New DirectorySearcher(objLDAP)

objSearch.Filter = String.Format("(&(objectClass=group)(sAMAccountName={0}))",GroupName)

Dim objSearchResult As SearchResult = objSearch.FindOne()

Dim groupEntry As DirectoryEntry = objSearchResult.GetDirectoryEntry()

The rest of the code is the same.  This is a pure hack but it works.  Hopefully Tam and team will correct this for the next version.

If you want my code or just the compiled assemblies email me at mgilbert at tavilo dot com.

 
New Post
12/17/2005 5:19 PM
 
I'm a little confused about the need to modfy the core code.  I've gotten AD security groups syncing with DNN roles working in properly a Win2k3 Mixed mode domain without any code modification.  If anything it works so well I need some type of control of the syncing.  I'd really enjoy seeing DNN not syncing with any of the AD BuiltIn security groups.
 
New Post
12/17/2005 5:19 PM
 
I'm a little confused about the need to modfy the core code.  I've gotten AD security groups syncing with DNN roles working in properly a Win2k3 Mixed mode domain without any code modification.  If anything it works so well I need some type of control of the syncing.  I'd really enjoy seeing DNN not syncing with any of the AD BuiltIn security groups.
 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthentication3.2 Security Role sync problem?  Check here after you tried everything else3.2 Security Role sync problem? Check here after you tried everything else


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.