New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationMajor issue with Active Directory 1.0.5 timing out on user loginMajor issue with Active Directory 1.0.5 timing out on user login
Previous
 
Next
New Post
3/27/2009 9:17 AM
 

Mike Horton wrote
 

I'd have to load up the code to be ultimately sure but it goes like this:

All DNN roles are loaded into an array
All the DNN roles the user belongs to are loaded into an array
The AD roles the user belongs to are loaded into an array

A loop is done between the DNN  roles the user belongs and the AD roles to verify that the user should still be in the matching DNN roles.
A loop is done between all the DNN roles and the AD roles the user belongs to to make sure the user hasn't been added to any new roles.

Unfortunately there's no easy way to signify whether a DNN role is there to act as an AD role or not so I'm forced to pull all roles. I'm always looking for faster ways to do this but I don't know if I'm going to find one and I pretty sure that's the reason why Tam (the original author of the AD authentication) only sync'd on the very first login by a user.

Thanks Mike. I can see why, perhaps, the performance is affected.

What I will need to do for now is to uncheck the Sync Roles checkbox. Ido have an option. What I will probably do is write a windows service to perform this sync at 12:00am on user accounts created in the last 24 hours. Perhaps that is something that you can look at having the DNN scheduler perform?

I suppose an alternative solution is that an extra field be made available on the Roles table which users physically check to signify that these roles should be synced with AD? Just a thought

 
New Post
3/28/2009 11:40 AM
 

Good thoughts and a scheduled job is something I can look at with DNN 5 that I couldn't with DNN 4 (the provider installer for DNN 4 wasn't as robust as it is now). Your second suggestion would require a core code change and I'd have to talk to the architects about the feasibility of it.

 
New Post
4/7/2009 6:38 AM
 

Mike
I have done some more investigation on this. When we had the original issue, it was working fine for people who had already synchronised but not for those who were connecting for the first time. So synchronisation only takes place the first time a person is authenticated and not after that. If I turn off role synchronisation for 48 hours or so and allow all the existing users to connect and authenticate, then turn role synchronisation back on, will it sync existing users, or just new users when they connect? Also where does it store the fact that the user has been synced with AD?

Thanks

 
New Post
4/7/2009 1:02 PM
 

Synchronization happens everytime a user logs in (new or old).

 
New Post
4/23/2009 5:38 AM
 

We have the exact same issue.
we're using DNN 4.9 for an intranet with about 2000 users and about 7 DNN roles.
We're currently using the 1.0.5 AD provider , but experciencing very heavy CPU load (100%) and performance issues when the option "synchronize roles" is turned on, when a user logges in.

If the options "synchronize roles" is turned of, the cpu load is acceptable.

Is there going to be a fix for this for version 4.9.x?

Could you tell me more about the windows service to sync the users once a day ?

 

 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationMajor issue with Active Directory 1.0.5 timing out on user loginMajor issue with Active Directory 1.0.5 timing out on user login


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.