Partial LDAP roles retrieval in GE Manager Permissions page

Permanently deleted user

22 Juni 2017 13:25

Hi everyone,

 

I am just wondering if it is only me or others also facing this issue. We have LDAP configured with GE Identity server integration to authenticate users and authorize them based on AD roles. Once I am creating or configuring a site and search a role name from LDAP by visiting the Site - Permissions tab, selecting ‘Geocortex Identity Server – Role’ from the roles combobox and try to write a role name in the textbox, it doesn’t give me certain roles as per the configured roles criteria in the rolesManager.config file. The suggested list contains some of the roles based on the configured criteria but not all when I type search key phrase. Even if I write the complete role name and hit refresh button, it doesn’t recognize it.

 

 

 

Please share your thoughts or any hint regarding where I might be going wrong. I am using GE 4.3 with Silverlight 2.4 Viewer.  Here are my config files details:

 

 

 

connectionStrings.config

 

<connectionStrings>

 

  <!-- Configuration database -->

 

  <add name="IdentityServerConfiguration"

 

       connectionString="Data Source=|DataDirectory|\IdentityServerConfiguration.sdf"

 

       providerName="System.Data.SqlServerCe.4.0" />

 

  <!-- Users database -->

 

  <add name="ProviderDB"

 

       connectionString="Data Source=|DataDirectory|\IdentityServerUsers.sdf"

 

       providerName="System.Data.SqlServerCe.4.0" />

 

  <!--  -->

 

  <add name="ADConnString"

 

       connectionString="LDAP://dc.domainname.com:636/ou=usersgroup,dc=domainname,dc=com" />

 

  <!--  -->

 

  <add name="ADRolesConnString"

 

       connectionString="LDAP://dc.domainname.com:636/ou=securedRoles groups,dc=domainname,dc=com" />

 

</connectionStrings>

 

 

 

roleManager.config

 

<roleManager enabled="true" defaultProvider="ActiveDirectoryRoleProvider">

 

  <providers>

 

    <add name="DefaultRoleProvider"

 

         type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=44bf5555ad999e66"

 

         connectionStringName="ProviderDB"

 

         applicationName="/" />

 

    <add name="XmlRoleProvider"

 

         type="Geocortex.IdentityServer.Integration.Membership.XmlRoleProvider, Geocortex.IdentityServer.Integration"

 

         userList="App_Data/GlobalSecurityProvider.xml" />

 

    <!--     -->

 

    <add name="ActiveDirectoryRoleProvider"

 

         type="Geocortex.IdentityServer.Integration.Membership.ActiveDirectoryRoleProvider, Geocortex.IdentityServer.Integration"

 

         activeDirectoryUsersConnectionString="ADConnString"

 

         activeDirectoryGroupsConnectionString="ADRolesConnString"

 

         securityGroupsOnly="false"

 

                 groupsToUse="USERS_*" />

 

  </providers>

 

</roleManager>

 

 

 

membership.config

 

<membership defaultProvider="ActiveDirectoryMembershipProvider">

 

  <providers>

 

    <add name="DefaultMembershipProvider"

 

         type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=44bf5555ad999e66"

 

         connectionStringName="ProviderDB"

 

         enablePasswordRetrieval="false"

 

         enablePasswordReset="true"

 

         requiresQuestionAndAnswer="false"

 

         requiresUniqueEmail="false"

 

         maxInvalidPasswordAttempts="3"

 

         minRequiredPasswordLength="15"

 

         minRequiredNonalphanumericCharacters="0"

 

         passwordAttemptWindow="3"

 

         applicationName="/" />

 

    <add name="XmlMembershipProvider"

 

         type="Geocortex.IdentityServer.Integration.Membership.XmlMembershipProvider, Geocortex.IdentityServer.Integration"

 

         userList="App_Data/GlobalSecurityProvider.xml" />

 

    <add name="ActiveDirectoryMembershipProvider"

 

         type="System.Web.Security.ActiveDirectoryMembershipProvider"

 

         connectionStringName="ADConnString"

 

         connectionUsername="domain\userName"

 

         connectionPassword="userPassword"

 

         attributeMapUsername="sAMAccountName"

 

         enableSearchMethods="true" />

 

        <!-- -->

 

  </providers>

 

</membership>

 

 

0

• 

  Kevin Penner

  22 Juni 2017 18:24

  Is it possible that you have more than ~1000 roles?

  0
• 

  Permanently deleted user

  22 Juni 2017 18:51

  Hi Kevin,

   

  Thanks for your reply. Yes we have a couple of thousand AD groups overall, however do you think if it will make a difference when we are providing a prefix to narrorw them. Our required prefixed criteria groups are less than 15 only. 

  0
• 

  Kevin Penner

  26 Juni 2017 17:17

  Hi Mohammad,

   

  I have a hunch that we might store those role names in our security store to facilitate the autocomplete lookup and might be hampered by a query limit. I'd check to see where the autocomplete data is stored and if those missing roles are in the stored data. For this, please open a support ticket. Once you are in touch with someone, please let them know that I might have an idea what's going on and I can update them over a coffee to see if that is indeed the case.

   

  -Kevin

  0
• 

  Permanently deleted user

  26 Juni 2017 20:16

  Thanks Kevin, I will do that.

  0

Du måste logga in om du vill lämna en kommentar.