A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More

AI OnAI Off

Problem with ActiveDirectoryMembershipProvider

Jens Johansson
Jens Johansson
Vote:
  
 
I´m trying to configure a site to use ActiveDirectoryMembershipProvider 
& ActiveDirectoryRoleProvider but I have run in to some problems.
 
In the AD the users are in one OU and the groups are in an other OU. If I in the web.config 
points the both providers to same connectionstring, I don't find any users or I don't find 
any groups when I search Users/Groups in admin mode.
 
If I use two seperate connectionstrings that points at diffrent OU's I can find both the 
users and groups in admin mode. But then I get another problem, I want to have a job 
that every night updates the users profiledata with info from the AD, I have an exmpel:
 
private static void smallexample()
{
int xout;
string username;
string s = "sAMAccountName";
string filter;
WebProfile prof;
ActiveDirectoryRoleProvider acrProvider = (ActiveDirectoryRoleProvider)Roles.Provider; 
DirectoryDataFactory newfactory = acrProvider.DirectoryDataFactory;
MembershipUserCollection adUsers = Membership.Providers["ActiveDirectoryMembershipProvider"].GetAllUsers(0, 4000, out xout);
foreach (MembershipUser membUser in adUsers)
{
username = membUser.UserName.ToString() ?? string.Empty; ;
if (username != string.Empty)
{
filter = System.String.Format("(&({0}={1})(objectClass=user))", s, username);
newfactory.AddPropertyToLoad("name");
newfactory.AddPropertyToLoad("givenName");
newfactory.AddPropertyToLoad("sn");
newfactory.AddPropertyToLoad("company");
newfactory.AddPropertyToLoad("department");
newfactory.AddPropertyToLoad("street");
newfactory.AddPropertyToLoad("postalCode");
newfactory.AddPropertyToLoad("mobile");
DirectoryData dd = newfactory.FindOne(filter, System.DirectoryServices.SearchScope.Subtree);
if (dd != null)
{
prof = WebProfile.GetProfile(username);
prof.FirstName = dd.GetFirstPropertyValue("givenName");
prof.LastName = dd.GetFirstPropertyValue("sn");
prof.Company = dd.GetFirstPropertyValue("company");
prof.Title = dd.GetFirstPropertyValue("department");
prof.Address = dd.GetFirstPropertyValue("street");
prof.ZipCode = dd.GetFirstPropertyValue("postalCode");
prof.Save();
}
}
}
 
This example works fine, if both providers point at the OU where the users are. 
But if the roleprovider points at the OU where the groups are, this row:
 
MembershipUserCollection adUsers = Membership.Providers["ActiveDirectoryMembershipProvider"].GetAllUsers(0, 4000, out xout);
 
fails to find any users.
 
Is there a way to make this work, without changeing the AD (which isn't possible)?
 
I also have an other problem, if I try to se the details for a group in 
admin mode I get an error:
 
 
 Object reference not set to an instance of an object.
 
Is ther anyone who has any ideas?
 
Best regards,
 
/Jens
#28752
Mar 20, 2009 12:17
Jens Johansson
Jens Johansson
Vote:
 

I'm using CMS 5 R2 SP1

 /J

#28753
Mar 20, 2009 12:24
Vote:
 

The problem is that the RoleProvider must be able to get the user (to implement the functions GetRolesForUser(), IsUserInRole() et.c. ).

The original code for the ActiveDirectoryRoleProvider uses the same connectionstring for both users and roles, but there is nothing preventing you from modifying the provider to actually use a different connectionstring when issuing requests for users.

/johan

 

#28812
Mar 23, 2009 14:06
Pascal Schmitt
Pascal Schmitt
Vote:
 

Hi Jens

Did you find any solution yet for your issue with the two different OU for groups and users?

Best xuan

#45484
Nov 09, 2010 8:27
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.