Halil,
I'm not certain I fully understand how to enable LDAP integration. I've Enabled LDAP in the CoreModule.cs as follows:
//Enable this line to create a multi-tenant application.
//Configuration.MultiTenancy.IsEnabled = true;
//Enable LDAP authentication (It can be enabled only if MultiTenancy is disabled!)
Configuration.Modules.ZeroLdap().Enable(typeof(AppLdapAuthenticationSource));
I'm not sure of the next steps? Do I need to drop in a LdapSettingProvider and LdapSettings class, then call Configuration.Settings.Providers.Add<LdapSettingProvider>?
Are changes needed in the AccountController to support LDAP.
Thanks for your assistance, MPM
9 Answer(s)
-
0
No, that's all. Run the application, login and open settings page, you will see LDAP settings. It's completely integrated to the system. See TenantSettingsAppService to know how to get/set LDAP settings.
-
0
BTW, LDAP automatically works without configuration if you are in a domain and application has no restriction. Just try to enter with your LDAP user if you are in a domain.
-
0
Hi again,
Sorry, I missed to say that "you should enable it on Setting page". See screenshot below:
[attachment=0:121pq9mp]ldap-settings.png[/attachment:121pq9mp]
Then you will be able to login with your LDAP (Active Directory) user name and password.
-
0
When you say " application has no restriction" are you meaning there is some setup to allow some defaults to work within the AD configurations?
I have everything setup now, LDAP is enabled (MT disabled, admin logs in correctly), but when logging into the application with an LDAP account it simply errors with either an internal error or invalid credentials. Does the AD account need to create it's own user in the Iteration Zero project, or are there changes in the Zero Localization files to accommodate AD containers, domains and admin users rights?
-
0
Hi,
Can you share exact logged error message (in Logs folder of web project). Did you enter domain, user and password in settings page? It may be because of your domain user has no permission to quest user/pass informations. You may ask to your system administrator.
Actually, LDAP authenticate check code is very simple. You can see <a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/blob/master/src/Abp.Zero.Ldap/Ldap/Authentication/LdapAuthenticationSource.cs#L42">https://github.com/aspnetboilerplate/mo ... rce.cs#L42</a>
I simple creates a PrincipalContext and uses ValidateCredentials. You can create a simple console app and try it natively.
-
0
ERROR 2015-06-23 13:09:49,494 [292 ] .Mvc.Controllers.AbpHandleErrorAttribute - System.Data.Entity.Validation.DbEntityValidationException: Validation failed for one or more entities. See 'EntityValidationErrors' property for more details.**EDIT
This error is with LDAP working, but something else is wrong. I tested with incorrect domain information and got a different error, then with incorrect user information and got a login invalid error. It seems to be working correctly but after it authenticates this error comes up.
I think I have found out the issue here. I will let you know if I found a fix, thanks.
-
0
Hi,
If you can reach to EntityValidationErrors, it can help you to understand the problem better. For that please check this post: <a class="postlink" href="https://github.com/aspnetboilerplate/aspnetboilerplate/issues/62#issuecomment-54001552">https://github.com/aspnetboilerplate/as ... t-54001552</a> Then add a breakpoint in HandleEvent method. When error occurs, this method will handle the exception and you can see all details of the exception on debug.
-
0
<cite>hikalkan: </cite> No, that's all. Run the application, login and open settings page, you will see LDAP settings. It's completely integrated to the system. See TenantSettingsAppService to know how to get/set LDAP settings.
That worked perfectly, thank you.
-
0
I'm also trying to get LDAP authentication working, but getting 'an internal error occured during your request' when I enter a valid domain username password.
Also, I have some questions that are not answered in documentation:
- Do I need to configure user accounts within the admin console in advance?
- What format should the username be entered? DOMAIN\Username, <a href="mailto:[email protected]">[email protected]</a> ?
- How do I govern what pages an ldap authenticated user can access?
- What IIS authentication settings should be enabled I use LDAP within Zero? Anonymous? Windows Auth? Both/None?
Thanks, Andy
