LDAP AD-Roles issue. - General Discussions - General Discussions - Progress Community
 General Discussions

LDAP AD-Roles issue.

  • LDAP AD-Roles issue.
  • I'm working on creating a new SiteFinity-based intranet application for our company and have run into an Active Directory issue that seems a little strange.

     First, here is what IS working:

    1. My LDAP connection from Sitefinity works, and I can see all AD users and roles when logged in as an administrator.

    2. Users are able to log-in using their AD credentials.

     My problem is as follows:

     I can only see the roles that are mapped mapped to a user for five of our accounts.I want to authorize pages based only by their AD-Roles, but this only works for those five accounts that Sitefinity can read.

    Additionally, if I use my own AD account in the LDAP configuration, I can then see my own roles as well.

    I can see two possible issues:

    1. The service account we created (in order to give Sitefinity credentials to our AD server) might need additional permissions to read our user's roles.

    2. The five accounts that have visible roles assigned to them have a 'read' flag in AD, and are automatically picked up by SiteFinity.

    My question is this: If I'm correct in my assumption about the service account, what additional permissions do I need to give it?

  • After re-reading what I wrote, I realize that it might be confusing, so I'm going to attempt to reword my problem....

    With my current configuration, Sitefinity is unable to read the assigned Active Directory roles for 95+% of our employees (It does work for a select few, for unknown reasons). This means that authentication works, but not authorization. My goal is to use AD authorization to limit access of sensitive pages for some users based on their assigned roles, but I cannot do this right now.

     I'm unsure whether or not this is a Sitefinity issue or an Active Directory one, but I would appreciate any advice available.

  • Hello John,

    In your case I believe you need to map each of your Ldap roles to Sitefinity one, than provide the necessary permissions to the Sitefinity role. Similar issue is discussed here:
    Active Directory/LDAP Backend Access

    I hope this helps.

    Vassil Vassilev
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items