Base solution for your next web application
Open Closed

LDAP changes, and module zero version ? #3615

User avatar
0
sergiop created

Hello

  1. I Need to modify the way the login works. 2.a) Only LDAP users should login. 2.b) Only LDAP users already added by admin should be able to enter the application. 2.c) When adding users to the application (by the admin) the user names should be validated against AD server. 2.d) The only "non" AD user will be the admin.

Do I need to modify the code on Abp.Zero.Ldap or any other module zero or boilerplate project, o I can do that just changing the code on asp.net zero code,?
Thank you.

Go to accepted answer
3 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @SergioP,

    You don't have to modify ABP or Module Zero source code. You can do it by modifying source code of AspNet Zero.

    You can verify user after a successfull login from AD and allow login, otherwise logout the user. You can also check if user exists on AD in user create modal.

    If you cannot manage to do that, we can try to help.

    Thanks.

  • User Avatar
    0
    sergiop created

    Thank you, it was helpful. Please do you have any tip how to query the Active Directory to find the Username entered is valid and to retrieve email, and names if exists?

    Another aspect I've noticed, is that you can set on the UserEdit Modal Window for an Active Directory User the flag IsActive=false, it is actually saved to the DB; but when the deactivated AD user login again into the application then the flag is changed automatically to IsActive=true. According to that there is no way to deactivate an AD user.

    Thank you Very much.

    EDIT: I thougth that I could use something built in Module zero or boilerplate. Finally

    var domainContext = new PrincipalContext(ContextType.Domain);            
  var foundUser = UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, usernameOrEmailAddress);

    Anyway I still do not understand why the IsActive is always set to active when an active directory user logins. Is it by design?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Yes, you can use PrincipalContext but it is not built with us, it's Microsoft's <a class="postlink" href="https://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.principalcontext(v=vs.110">https://msdn.microsoft.com/en-us/librar ... t(v=vs.110</a>).aspx.

    If user is set to active, it might be a bug, let us check this.

    Thanks.

Assignee
No one
Labels
Non yet