Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationWhy is admin role not added automatically on synchronize roles?Why is admin role not added automatically on synchronize roles?
Previous
 
Next
New Post
12/10/2008 5:03 AM
 
Ronald

Joined: 10/28/2008
Posts: 10

Hi,

A short question. I have an AD group called Intranet Admin that users can be added to if they must have this role in DNN. However, role synchronization does not work for the portal administrator role. Why is that?

The actual code that prevents synchronization from happening is found in DotNetNuke.Authentication.ActiveDirectory.UserController method AddUserRoles:

                'Put the AD Group rolenames into an arraylist.
                For Each authenticationGroup In colGroup
-->                 If Not (authenticationGroup.RoleID = objPortal.AdministratorRoleId) Then
                        arrDNNRoleNames.Add(authenticationGroup.RoleName)
                    End If
                Next
 

Kind regards,

Ronald Wildenberg
ITQ Celerior
 
New Post
12/10/2008 6:13 AM
 
Chris Hammond


Chris Hammond's Avatar

Chris Hammond's Avatar

Chris Hammond's Avatar

www.christoc.com
Joined: 1/14/2003
Posts: 7319

My guess, without seeing all the code (just your snippet) is that possible that arraylist of roles is the list of roles that gets created in DNN? Or is this the arraylist of roles for a specific user?

If it's the list of roles to be created, the administrator role would already exist and not need to be created.

Sorry if I am off base, I don't have the provider source in front of me to check it out currently.

Chris Hammond
Former DNN Corp Employee, MVP, Core Team Member, Trustee
Christoc.com Software Solutions DotNetNuke Module Development, Upgrades and consulting.
dnnCHAT.com a chat room for DotNetNuke discussions
 
New Post
12/10/2008 8:11 AM
 
Ronald

Joined: 10/28/2008
Posts: 10

You're slightly of base I'm afraid...

Role synchronization in the Active Directory authentication provider does not add or remove roles in DNN. Instead it adds/removes users to existing DNN roles based on group membership in Active Directory. This all works ok (except for bug 8903) except when the role is the portal administrator role.

I do not understand why this is explicitly disabled. If I add/remove a user to an AD group that represents the portal administrator role, why would this not be synchronized to DNN?
 
New Post
12/10/2008 10:31 AM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

We had numerous requests to not add/remove users from the Administrator role for security reasons. For example, at the college I work at there are numerous users who are administrators but there's no way I would want them having administrator permissions on my portal (a. it's not needed and b. they'd have no idea what they were doing). I'll admit some lack of fore-sight when I wrote the code to just check against the administrator roleID rather than checking against the actual DNN default Administrator's role. Feel free to post a bug report in the DNN Public section of Gemini (http://support.dotnetnuke.com) and I'll look at fixing it for the 01.00.06 release (I just submitted the .05 release last night).
 
New Post
12/11/2008 4:00 AM
 
Ronald

Joined: 10/28/2008
Posts: 10

The fact that too many users are added to the Administrator role is caused by the default name of the role: Administrator. There's a fair chance that such a group exists somewhere in the AD. The first thing I did was change the role name to Intranet Admin. Once you've done that, there's no problem anymore.

So what you'd ideally want is the option to change role names (via the user interface, not in the database). Do you know why this is disabled? It would be a lot easier to synchronize AD groups and DNN roles when this would be possible.

I'll post a feature request for changing role names and another one for synchronizing the administrator role in the AD authentication provider.
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationWhy is admin role not added automatically on synchronize roles?Why is admin role not added automatically on synchronize roles?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out