Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationREWARD: Could not access LDAP to obtain domains info.REWARD: Could not access LDAP to obtain domains info.
Previous
 
Next
New Post
3/18/2008 11:41 AM
 
Ian Sampson


www.glanton.com
Joined: 1/20/2004
Posts: 35

I'm at my wits end and will gladly give anyone a USD200 Amazon gift voucher if you can get me going again (Mike - you get first shot for all your hard work!!)

I'm implementing the provider inside of a very large corporation and get the following message (DNN4.8, IIS6, provider 1.00.03 - all works beautifully on dev server with domain controller on the box):

------------------------------------------

Accessing Global Catalog: Fail

Checking Root Domain: OK

Access LDAP: Fail.

Could not access LDAP to obtain domains info. Logon failure: unknown username or bad password.

----------------------------------------------------

- I know my service account has the appropriate permissions, 
- i've added Impersonation code from Charles, commented the Authentication line from the config, uncommented the impersonation line etc.
- I've tried the service account as domain\account and as the full distinguished name "cn=.."

What's going on here?

Cheers

Ian (sampsoni @ glanton NOSPAM dot com)

Ian Sampson Glanton Solutions - DNN Partner AD-Pro - Active Directory integration for DNN Are you contented? Ask us how you can use DNN to converse, convert and connect your audience.
 
New Post
3/18/2008 12:09 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

Hi Ian

Having the authentication line commented or uncommented makes no difference as far as getting the provider working. It really only controls whether accounts are automatically logged in or not.

A couple of things we can look at. First, is the server on the domain? This is a must in my testing. Also, you say you've added impersonation code from Charles. Is this just the impersonation line in the web.config uncommented and then edited from <identity impersonate="true" /> to <identity impersonate="true" userName="domain\username" password="password" /> or did he pass you something else? Also you could try a program called LDAP Browser (http://www.ldapbrowser.com/download.htm) on the server to verify that you can get an LDAP connection to the AD.
 
New Post
3/18/2008 4:53 PM
 
Ian Sampson


www.glanton.com
Joined: 1/20/2004
Posts: 35

Thanks for getting back to me Mike.

"Is the server on the domain?"  - Yes.

"Use LDAP Browser" - I have and I've been able to to browse the directory tree after establishin a session with my service account.

Impersonation - I added the code provided by Charles Moyer as listed here. http://www.dotnetnuke.com/Community/Forums/tabid/795/forumid/89/threadid/113896/scope/posts/Default.aspx. I uncommented <identity impersonate="true" /> but did not add a userid password. If I do add a user name and password, the site crashes. preumable because I can't give the service account any higher level priviledges (e.g. as the ASPNET worker process has.)

Thanks

Ian

 

Ian Sampson Glanton Solutions - DNN Partner AD-Pro - Active Directory integration for DNN Are you contented? Ask us how you can use DNN to converse, convert and connect your audience.
 
New Post
3/18/2008 5:23 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

Oooohhh that Charles.  I thought you meant Charles Nurse had given you some code.

I think I might now why the site crashes when you change the <identity impersonate.... /> line and I need to update the documentation about it (after I test it again to be sure). I think the account you use for impersonation also has to have rights to the <DRIVE>:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\<DnnInstall> as well. It may even be the same case for Charles' code but I haven't had a chance to try his implementation.
 
New Post
3/20/2008 2:43 AM
 
Ian Sampson


www.glanton.com
Joined: 1/20/2004
Posts: 35

I'm still trying to figure out what I can't access the global catalogue

We've a number of sites running on DNN3.2.2, using the same server and the same service account and settings. Also, if I do a code comparison of the new provider versus the old ADSI authentication built in to DNN3.2.2, the pages and routines being used seem identical (Configuration.vb & utilities.vb)


Could this have anything to do with different .Net frameworks (1.1 vs 2) - it's the only thing I can think of that appears different.

 

Ian

 

Ian Sampson Glanton Solutions - DNN Partner AD-Pro - Active Directory integration for DNN Are you contented? Ask us how you can use DNN to converse, convert and connect your audience.
 
 Page 1 of 1
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationREWARD: Could not access LDAP to obtain domains info.REWARD: Could not access LDAP to obtain domains info.


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out