ldap - Sitecore Active Directory Indirect Membership -

-

we have sitecore 6.5 ad module 1.0.4.

users in ad group department\sitecoreusers can login sitecore, users in department\sitecore_role1 group cannot login though department\sitecore_role1 group member of sitecore_users.

the ldap.includeindirectmembership set true , groups have membership in domain\sitecoreusers show in role manager. have tried adding sitecore_role1 role member of sitecore\sitecore client users, still did not allow sitecore_role1 members login.

do of our ad users have added both sitecore_role group , sitecore_users group? thought belonging member groups should allow them login sitecore. can please set me straight?

i have worked though sitecore ad module admin guide , think have set correctly, here think relevant settings review.

the connection string being used is:

<add name="wudosisconnectionstring" connectionstring="ldap://wudosis.wustl.edu:389/dc=department,dc=ourorg,dc=edu"/>

and our ad set 

- department     + groups         * sitecore             - sitecore_users             - sitecore_role1 (member of sitecore_users)             - sitecore_role2 (member of sitecore_users)

the items in system.web/membership/prividers, rolemanager, , profile have customfilter = (memberof=cn=sitecore_users,ou=sitecore,ou=groups,dc=department,dc=ourorg,dc=edu)

the correct syntax getting descendent members of ad group is:

(memberof:1.2.840.113556.1.4.1941:=cn=sitecore_users,ou=sitecore,ou=groups,   dc=department,dc=ourorg,dc=edu)

if want include group in result along members , members of member-groups, use:

(|(&amp;(objectcategory=group)(cn=sitecore_users))   (memberof:1.2.840.113556.1.4.1941:=cn=sitecore_users,ou=sitecore,ou=groups,   dc=department,dc=ourorg,dc=edu))

note & value replaces normal ampersand because line included in site's web.config , ampersands not valid xml characters.

the comment @jensmikkelsen made led me change thinking how sitecore ad module working thinking how ldap filters work. more research on stackoverflow led stackoverflow answer had link ldap documentation. additional google search lead more ldap syntax documentation.

the key solution realize memberof did not work way thought. rather cascading down through group membership, returns direct members. in order further down membership chain using ldap_matching_rule_in_chain necessary. looks this:

(memberof:1.2.840.113556.1.4.1941:=(cn=group1,ou=groupsou,dc=x))

using jen's idea of using active directory browser work out correct filter led me values above. used both active directory browser because allowed me change user , active directory administration center because easier figure out how enter ldap filter same way use customfilter value in sitecore ad module.


Comments

Post a Comment

Popular posts from this blog

plot - Remove Objects from Legend When You Have Also Used Fit, Matlab -

-
Image
i've plotted data points , fitted exponential curve between them using 'fit' in matlab. problem fit-function got fitted line wanted plot, markers on top of regular markers. solved problem plotting wanted markers on top of unwanted couldn't seen. problem. when want show legends dots in there. how can remove markers legend without removing fitted line since both of them hidden inside fit-function? can stop 'fit' plotting unwanted markers? so, want remove blue dot called 'hoff' in picture below. you can leave out legend-entries manually leaving out handles of lines, dont want in legend. try this: %if plot something, want showing in legend, save handle: h_line = plot(x,y) %you dont want show line? dont anything, plot it: plot(mymarker) %then set legend-> can add text legend-entries %a cell-array containing strings want show up: legend([h_line another_line],{'text1' 'text2'}) with example (see comments) came solution:
Read more

java - Why does my date parsing return a weird date? -

-
here code using: string string = "08/07/2013".replace('/', '-'); date date = new simpledateformat("yyyy-mm-dd").parse(string); why date return: "wen jan 3 00:00:00 est 14"? not @ date format told use. edit: need format because database using requires format. the format use parse date string, not match it. using yyyy 08 . use following format: new simpledateformat("dd-mm-yyyy") and why @ replacing / - ? can build pattern original string only: string string = "08/07/2013" date date = new simpledateformat("dd/mm/yyyy").parse(string); and if want date string in yyyy-mm-dd format, can format date using dateformat#format(date) method: string formatteddate = new simpledateformat("yyyy-mm-dd").format(date); see also: change date format in java string simpledateformat java doc
Read more

Need help in packaging app using TideSDK on Windows -

-
i developed application using tidesdk on windows , when click launchapp works fine. moved package , installed imagemagick , wix 3.0 required packaging on windows. clicked on package runtime , cannot guess packaged app is? found file 'installer' in workspace when click on it says installer not find application path . think application not being packaged properly. here log see in tidesdk: preparing package desktop app runtime. 1 moment... staging trial -> copying contents d:\lab\tidesdk\trial d:\lab\tidesdk\trial\packages\win32\bundle\trial -> copying installer c:\programdata\tidesdk\sdk\win32\1.3.1-beta\installer d:\lab\tidesdk\trial\packages\win32\bundle\trial -> copying runtime d:\lab\tidesdk\trial\packages\win32\bundle\trial -> date: d:\lab\tidesdk\trial\packages\win32\bundle\trial\modules\app\1.3.1-beta -> date: d:\lab\tidesdk\trial\packages\win32\bundle\trial\modules\codec\1.3.1-beta -> date: d:\lab\tidesdk\trial\packages\win32\bundle\trial\mod
Read more