ad user not able to login even on assiging sitecore\Sitecore Client Users role

5

I have integrated active directory module with sitecore, I am able to see the users from ad in sitecore user manager. Now i want to verify if the ad user can login to sitecore. I assigned sitecore\Sitecore Client Users role for the user and tried to login as

Username: domain\username Password: pw

I see a wierd error when login button is hit. Below is the error.

But when i check the set as administrator check box for this user, i am able to login with Username: domain\username Password: pw

Any help is appreciated. Thanks.

Server Error in '/' Application.

Creating an instance of the COM component with CLSID {080D0D78-F421-11D0-A36E-00C04FB950DC} from the IClassFactory failed due to the following error: 800401e4 Invalid syntax (Exception from HRESULT: 0x800401E4 (MK_E_SYNTAX)).

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.Runtime.InteropServices.COMException: Creating an instance of the COM component with CLSID {080D0D78-F421-11D0-A36E-00C04FB950DC} from the IClassFactory failed due to the following error: 800401e4 Invalid syntax (Exception from HRESULT: 0x800401E4 (MK_E_SYNTAX)).

Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: 


[COMException (0x800401e4): Creating an instance of the COM component with CLSID {080D0D78-F421-11D0-A36E-00C04FB950DC} from the IClassFactory failed due to the following error: 800401e4 Invalid syntax (Exception from HRESULT: 0x800401E4 (MK_E_SYNTAX)).]
   System.Web.Security.DirectoryInformation.GetADsPath(String dn) +108
   System.Web.DataAccess.ActiveDirectoryConnectionHelper.GetDirectoryEntry(DirectoryInformation directoryInfo, String objectDN, Boolean revertImpersonation) +42
   System.Web.Security.ActiveDirectoryMembershipProvider.ValidateUserCore(String username, String password) +1970
   System.Web.Security.ActiveDirectoryMembershipProvider.ValidateUser(String username, String password) +39
   LightLDAP.SitecoreADMembershipProvider.ValidateUser(String username, String password) +193
   Sitecore.Data.DataProviders.NullRetryer.Execute(Func`1 action, Action recover) +394
   Sitecore.Security.SitecoreMembershipProvider.ValidateUser(String username, String password) +319
   System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs e) +105
   System.Web.UI.WebControls.Login.AttemptLogin() +160
   System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +93
   System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +84
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3804
sitecore
role
user-roles
asked on Stack Overflow Sep 16, 2014 by Newbie • edited Sep 16, 2014 by Newbie

4 Answers

6

I came across similar issue for my one of my web app. If you are still facing this problem, you can fix this by going to Advanced Settings of the IIS App pool of your application and setting "Load User Profile" option to True.

answered on Stack Overflow Jan 6, 2016 by Nirmal Thakur
0

@MattGartman here are the membership and role poviders

<membership defaultProvider="sitecore" hashAlgorithmType="SHA1">
      <providers>
        <clear />
        <add name="sitecore" type="Sitecore.Security.SitecoreMembershipProvider, Sitecore.Kernel" realProviderName="switcher" providerWildcard="%" raiseEvents="true" />
        <add name="sql" type="System.Web.Security.SqlMembershipProvider" connectionStringName="core" applicationName="sitecore" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="256" />
        <add name="switcher" type="Sitecore.Security.SwitchingMembershipProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/membership" />
    <add name="ad" type="LightLDAP.SitecoreADMembershipProvider" connectionStringName="ADConnString" applicationName="sitecore" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" connectionUsername="domain\username" connectionPassword="pw" connectionProtection="Secure" attributeMapUsername="sAMAccountName" enableSearchMethods="true" customFilter="(memberOf=CN=RegionsComSitecore,OU=Groups,DC=c,DC=pk,DC=com)" />
      </providers>
    </membership>
    <roleManager defaultProvider="sitecore" enabled="true">
      <providers>
        <clear />
        <add name="sitecore" type="Sitecore.Security.SitecoreRoleProvider, Sitecore.Kernel" realProviderName="switcher" raiseEvents="true" />
        <add name="sql" type="System.Web.Security.SqlRoleProvider" connectionStringName="core" applicationName="sitecore" />
        <add name="switcher" type="Sitecore.Security.SwitchingRoleProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/roleManager" />
    <add name="ad" type="LightLDAP.SitecoreADRoleProvider" connectionStringName="ADConnString" applicationName="sitecore" username=" domain\username" password="pw" attributeMapUsername="sAMAccountName" cacheSize="2MB" customFilter="(memberOf=CN=RegionsComSitecore,OU=Groups,DC=c,DC=pk,DC=com)" />
      </providers>
    </roleManager>

here is the ldap.config

<pipelines>

  <initializeAdUserEntry>
    <!-- 
    Use the processor if all new user should have a predefiled value in a property.
    The PropertyName parameter defines the name of the property.
    The DefaultValue parameter defines the default value of the property.
    -->
    <!--
    <processor type="LightLDAP.Pipelines.InitializeAdEntry.SetPropertyValue, LightLDAP">
      <PropertyName desc="AD property name ">type the property name here</PropertyName>
      <DefaultValue desc="AD property name ">type the default property value here</DefaultValue>
    </processor>
    -->
    <!-- 
      Use the processor if all new roles should be a member of the predefined role. 
      The RoleName parameter defines the name of the main role. 
    -->
    <!--
    <processor type="LightLDAP.Pipelines.InitializeAdEntry.AddToRole, LightLDAP">
      <RoleName desc="AD group">type role name here</RoleName>
    </processor>
    -->
    <processor type="LightLDAP.Pipelines.InitializeAdEntry.CommitChanges, LightLDAP"/>        
  </initializeAdUserEntry>

  <initializeAdRoleEntry>
    <!-- 
    Use the processor if all new user should have a predefiled value in a property.
    The PropertyName parameter defines the name of the property.
    The DefaultValue parameter defines the default value of the property.
    -->
    <!--
    <processor type="LightLDAP.Pipelines.InitializeAdEntry.SetPropertyValue, LightLDAP">
      <PropertyName desc="AD property name ">type the property name here</PropertyName>
      <DefaultValue desc="AD property value ">type the default property value here</DefaultValue>
    </processor>
    -->
    <!-- 
      Use the processor if all new roles should be a member of the predefined role. 
      The RoleName parameter defines the name of the main role. 
    -->
    <!--
    <processor type="LightLDAP.Pipelines.InitializeAdEntry.AddToRole, LightLDAP">
      <RoleName desc="AD group">type role name here</RoleName>
    </processor>
    -->
    <processor type="LightLDAP.Pipelines.InitializeAdEntry.CommitChanges, LightLDAP"/>
  </initializeAdRoleEntry>

</pipelines>

<settings>
  <!-- Defines the logging level of the module. If true, dumps every action entry into the log. 
          Default is false
       -->
  <setting name="LDAP.Debug" value="true" />

  <!-- Defines if the configuration assumes indirect membership on common operations.
          This setting affects the membership verification during login and user access check.
          Default is false
     -->
  <setting name="LDAP.IncludeIndirectMembership" value="false" />

  <!-- Defines if a certain profile should be applied for each user by default.
          If the setting is not specified or is empty, no particular profile item is used.
          Default is ""
     -->

  <!-- ENABLE SORT OPERATION
         Determines whether the sorting is enabled 
    -->
  <setting name="LDAP.EnableSorting" value="false" />

  <!-- Default Sort Key-->
  <setting name="LDAP.SortKey" value="codePage" />

  <!-- LDAP GET ALL USERS SIZE LIMIT
         Determines the max number of returned users for GetAll method
    -->
  <setting name="LDAP.SizeLimit" value="1000" />

  <!-- LDAP FIND USERS SIZE LIMIT
         Determines the max number of returned users for GetAll method
    -->
  <setting name="LDAP.FindSizeLimit" value="100" />


  <!-- LDAP USER CACHE SIZE
         Determines the size of the ldap users cache.
         Specify the value in bytes or append the value with KB, MB or GB
         A value of 0 (zero) disables the cache.
    -->
  <setting name="LDAP.Caching.UserCache" value="2MB" />

  <!-- LDAP MEMBEROF CACHE SIZE
         Determines the size of the ldap users cache.
         Specify the value in bytes or append the value with KB, MB or GB
         A value of 0 (zero) disables the cache.
    -->
  <setting name="LDAP.Caching.MemberOfCache" value="2MB" />

  <!-- LDAP MEMBERS CACHE SIZE
         Determines the size of the ldap users cache.
         Specify the value in bytes or append the value with KB, MB or GB
         A value of 0 (zero) disables the cache.
    -->
  <setting name="LDAP.Caching.MembersCache" value="2MB" />

  <!--  SETTINGS PROPERTY VALUE FACTORY
        Returns an SettingsPropertyValueFactory interface that resolves the active directory properties.
    -->
  <setting name="LDAP.SettingsPropertyValueFactory" value="LightLDAP.SettingsPropertyValueFactory, LightLDAP" />

  <!-- RECONNECT PERIOD
         Determines a reconnect period for attempts to restore connection after the connection gets break.
    -->
  <setting name="LDAP.ReconnectPeriod" value="0.00:00:10" />

  <!-- TIME OUT NOTIFICATION
         Determines a timeout for notification.
    -->
  <setting name="LDAP.NotificationTimeOut" value="1.00:00:00" />

  <!-- FULL NAME PROPERTY NAME
         Determines the full name property mapping.
    -->
  <setting name="LDAP.FullName" value="ad|unicode string|displayName" />

  <!-- DELETE USER SCOPE
         Determines the scope of the "delete user" operation.
    -->
  <setting name="LDAP.DeleteScope" value="Subtree" />

  <!-- MAX VALUE RANGE
         Determines the maximal value of an AD range attribute.
    -->
  <setting name="LDAP.MaxValueRange" value="1500" />

</settings>

answered on Stack Overflow Sep 16, 2014 by Newbie
0

For AD Enabled login, try login from /sitecore/admin/ldaplogin.aspx page.

answered on Stack Overflow Sep 16, 2014 by xoail
0

I know this question is old, but I've had this issue recently and spent quite a bit of time researching the cause and solution via Microsoft docs, etc. There is sometimes an issue caused by the IIS refresh process when trying to access certain interfaces within com objects that are dynamically loaded from various DLL written in C++. These kind of DLLs/interfaces can be tricky and confusing. I have found that the best solution is to avoid some calls to the User Group principal objects that are given by this interface. If you are calling a method that looks something like: [Some user object].IsMemberOf([Some group object]). Try changing the code to avoid calling any function on the user object. From the example above, you could change the code to look like this:

foreach (var user in [Some group object].GetUsers())
{
    if (user.SamAccountName == [Some user object].SamAccountName)
    {
        // Do your work here
    }
}

Of course, the operations that you are performing in your code may not be the same as my example above, but hopefully that gives a basic understanding of the type of operations you may need to avoid.

answered on Stack Overflow May 21, 2018 by Kevin K.

User contributions licensed under CC BY-SA 3.0