I am trying to configure active directory module for sitecore.
I installed the package for AD module and verified the various files that gets included in the sitecore.
I did the below configuration to strat with
1. Connection string
<add name="ADConnString" connectionString="LDAP://ldapserver.corp.pk.com:389,DC=corp,DC=pk,DC=com" />
2. Membership provider
<membership defaultProvider="sitecore" hashAlgorithmType="SHA1">
<providers>
<clear />
<add name="sitecore" type="Sitecore.Security.SitecoreMembershipProvider, Sitecore.Kernel" realProviderName="switcher" providerWildcard="%" raiseEvents="true" />
<add name="sql" type="System.Web.Security.SqlMembershipProvider" connectionStringName="core" applicationName="sitecore" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="256" />
<add name="switcher" type="Sitecore.Security.SwitchingMembershipProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/membership" />
<add name="ad" type="LightLDAP.SitecoreADMembershipProvider" connectionStringName="ADConnString" applicationName="sitecore" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" connectionUsername="****" connectionPassword="****" connectionProtection="Secure" attributeMapUsername="sAMAccountName" enableSearchMethods="true" customfilter="(memberOf=CN=SitecoreUsers,OU=Groups,DC=corp,DC=pk,DC=com)" />
</providers>
</membership>
3. Role provider
<roleManager defaultProvider="sitecore" enabled="true">
<providers>
<clear />
<add name="sitecore" type="Sitecore.Security.SitecoreRoleProvider, Sitecore.Kernel" realProviderName="switcher" raiseEvents="true" />
<add name="sql" type="System.Web.Security.SqlRoleProvider" connectionStringName="core" applicationName="sitecore" />
<add name="switcher" type="Sitecore.Security.SwitchingRoleProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/roleManager" />
<add name="ad" type="LightLDAP.SitecoreADRoleProvider" connectionStringName="ADConnString" applicationName="sitecore" username="ldapuser" password=" ldappw" attributeMapUsername="sAMAccountName" cacheSize="2MB" />
</providers>
</roleManager>
4. Added domain in App_config/Security/Domains.config
<domain name="ad" ensureAnonymousUser="false" />
5. Added swtiching providers for membership and role providers
<switchingProviders>
<membership>
<provider providerName="sql" storeFullNames="true" wildcard="%" domains="*" />
<provider providerName="ad" storeFullNames="false" wildcard="*" domains="ad" />
</membership>
<roleManager>
<provider providerName="sql" storeFullNames="true" wildcard="%" domains="*" ignoredUserDomains="" allowedUserDomains="" />
<provider providerName="ad" storeFullNames="false" wildcard="*" domains="ad" />
</roleManager>
</switchingProviders>
I did browse to ProvidersStatus page and i see active directory module being correctly setup with sitecore
When i browse to sitecore Desktop -> security tools -> user manager.. i dont see the users in the list but on the domains section i see the new domain 'ad'
When i look at the log.. i see the below error
ERROR Active Directory existing checking exception: System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): The user name or password is incorrect.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_NativeObject()
at LightLDAP.MembershipResolver.DirectoryEntryExists(String path, String username, String password, AuthenticationTypes types)
ERROR The AD membership provider couldn't be initialized: The user name or password is incorrect.
Exception: System.DirectoryServices.DirectoryServicesCOMException
Message: The user name or password is incorrect.
I verified the username and password to connect to Active directory server and they seem to be correct.. i have no clue why i am not able to see the users at all :(
Any help is appreciated. Thanks.
Make sure you provide a domain name for your user account in your membership.providers entry i.e. connectionUsername="domain\username"
I ran into this exact problem recently; even though I could browse the LDAP tree in an external browser (Softerra's) without specifying a domain, Sitecore would not connect unless a domain was specified.
And if you are like I was, you don't know the "domain" name - as it's now an LDAP tree. Try building the domain name using the root values in your connection string. For me it was the top two DC's: connection string:
<add name="ad" connectionString="LDAP://mycompany.gbl:389/OU=Users,DC=mycompany,DC=gbl"/>
translated to:
connectionUsername="mycompany.gbl\myconnectaccount"
I noticed you have a custom filter applied to the membership provider. My first debugging step would be to remove that custom filter and see if you start getting users back. It could be the filter is returning objects your user does not have access to.
Otherwise, the existing comments around verifying user account permission are correct. The log message indicates a username/password issue. You can try to diagnose this by using a tool such as AD Explorer. Specify the credentials and connection data you are using and see if you can connect to the repository.
User contributions licensed under CC BY-SA 3.0