Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups�� Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAD role synchronization problem with 3.2AD role synchronization problem with 3.2
Previous
 
Next
New Post
11/11/2005 10:20 AM
 
Kevin Jenkins

Joined: 10/6/2005
Posts: 18
I've installed DNN 3.2 and I think I've configured the AD plugin correctly. We want to control access to DNN sites via AD security groups. The problem I'm having is that the AD plugin only synchronizes the roles the first time a user logs into DNN. So here's the setup:

AD Setup:
User1 is member of security group A and security group B

I create matching security roles in DNN for A and B.

User1 logs into DNN for the first time. His username and password are authenticated against AD and a user account is created for him in DNN. Roles A and B are assigned to User1 automatically.

Now...

In AD, Security Group B is removed from User1.

User1 logs back into DNN but Role B remains assigned to User1. It never synchronizes roles again.

If I delete User1 from DNN and he logs back in, roles are reassigned and he only gets Role A.

From what I've read about the module, it's supposed to synchronize on _EVERY_ login. Any ideas?

Thanks!

Kevin
 
New Post
11/11/2005 11:48 PM
 
Tam Tran

Joined: 3/20/2003
Posts: 83

You're correct

For performance, on synchronize I let the module searching for group which user belonged to only and add the user into corresponding DNN role. The module doesn't find groups user has been removed.

This will be an feature for enhancement

Tam
 
New Post
11/14/2005 10:45 AM
 
Kevin Jenkins

Joined: 10/6/2005
Posts: 18
tamttt wrote

You're correct

For performance, on synchronize I let the module searching for group which user belonged to only and add the user into corresponding DNN role. The module doesn't find groups user has been removed.

This will be an feature for enhancement

Tam




Tam, Thanks for the reply but this isn't the case for me either. Here's another case:

I add Security Group C to User1 in AD (Role C exists in DNN).

User1 logs back in to DNN and Role C is not assigned. Synchronization is not happening for adding new SG's/roles either. The synchronization only works the first time the user logs onto the DNN site. However, the documentation says synchronizations occurs every time the user logs in. Am I missing anything in the config/setup?

If AD role synchronization doesn't occur on every login will it be supported soon? It would greatly reduce redundant maintenance for AD/DNN administrators.

Thanks!

Kevin
 
New Post
11/17/2005 10:37 PM
 
Adam Larsen


Joined: 8/5/2005
Posts: 5
I am also having the same problem.  I look into the code a bit.

It looks like it will work fine if your not using form login.
But if your using form login, DNN will authenticate with it's cashed copy of your username and password and never send it to the ADSI Authentication Providor.  Or not until you change your password. Look at admin\security\signin.ascx.vb line 167.

I did some digging and it looks like you could change the password stored in the Membership providor to be random (like what is done for Windows Logins) (See Provider.Authentication.ADSI\ADSIProvider.vb Line 68 and Line 105).  But would like to know if there was a technical problem with DNN, if someone did this.  And what, if any, impact would this have on other applications using the ASP Membership providor when you switched to .net 2.0.
 
 Page 1 of 1
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAD role synchronization problem with 3.2AD role synchronization problem with 3.2


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out