I'm working on creating a new SiteFinity-based intranet application for our company and have run into an Active Directory issue that seems a little strange.
First, here is what IS working:
1. My LDAP connection from Sitefinity works, and I can see all AD users and roles when logged in as an administrator.
2. Users are able to log-in using their AD credentials.
My problem is as follows:
I can only see the roles that are mapped mapped to a user for five of our accounts.I want to authorize pages based only by their AD-Roles, but this only works for those five accounts that Sitefinity can read.
Additionally, if I use my own AD account in the LDAP configuration, I can then see my own roles as well.
I can see two possible issues:
1. The service account we created (in order to give Sitefinity credentials to our AD server) might need additional permissions to read our user's roles.
2. The five accounts that have visible roles assigned to them have a 'read' flag in AD, and are automatically picked up by SiteFinity.
My question is this: If I'm correct in my assumption about the service account, what additional permissions do I need to give it?
After re-reading what I wrote, I realize that it might be confusing, so I'm going to attempt to reword my problem....
With my current configuration, Sitefinity is unable to read the assigned Active Directory roles for 95+% of our employees (It does work for a select few, for unknown reasons). This means that authentication works, but not authorization. My goal is to use AD authorization to limit access of sensitive pages for some users based on their assigned roles, but I cannot do this right now.
I'm unsure whether or not this is a Sitefinity issue or an Active Directory one, but I would appreciate any advice available.