I see in the AbpZeroTemplate CoreModule that there are the lines
//Enable LDAP authentication (It can be enabled only if MultiTenancy is disabled!)
//Configuration.Modules.ZeroLdap().Enable(typeof(AppLdapAuthenticationSource));
however in the LdapSettingProvider there are LDAP settings that are Tenant scoped.
//LDAP settings
new SettingDefinition(LdapSettingNames.IsEnabled, "false", L("Ldap_IsEnabled"), scopes: SettingScopes.Application | SettingScopes.Tenant, isInherited: false),
new SettingDefinition(LdapSettingNames.ContextType, ContextType.Domain.ToString(), L("Ldap_ContextType"), scopes: SettingScopes.Application | SettingScopes.Tenant, isInherited: false),
new SettingDefinition(LdapSettingNames.Container, null, L("Ldap_Container"), scopes: SettingScopes.Application | SettingScopes.Tenant, isInherited: false),
new SettingDefinition(LdapSettingNames.Domain, null, L("Ldap_Domain"), scopes: SettingScopes.Application | SettingScopes.Tenant, isInherited: false),
new SettingDefinition(LdapSettingNames.UserName, null, L("Ldap_UserName"), scopes: SettingScopes.Application | SettingScopes.Tenant, isInherited: false),
new SettingDefinition(LdapSettingNames.Password, null, L("Ldap_Password"), scopes: SettingScopes.Application | SettingScopes.Tenant, isInherited: false),
I have read the section in the Boilerplate documentation on LDAP that also seems to indicate that the LDAP can be set up per tenant on a multi tenant system.
I am not sure what to enter for the Ldap ContextType, Container, Domain, Username or Password. When I do enter an Active Directory account I get an error telling me the "Email Address is required" and then the typical UnknownExternalLogin"
Any help would be appreciated. Thanks.
2 Answer(s)
-
0
Even if I set the Configuration.MultiTenancy.IsEnabled to false in the AbpZeroTemplateCoreModule.cs I still get the same UnknownExternalLogin error when I try to login with a domain account.
I thought it would add the entry in the AbpUsers table but it doesn't
-
0
Hi,
LDAP is designed for single tenant apps but it can be converted for multi tenant apps with a custom work. In your case, you can create a similar implementation like this class <a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/blob/master/src/Abp.Zero.Ldap/Ldap/Authentication/LdapAuthenticationSource.cs">https://github.com/aspnetboilerplate/mo ... nSource.cs</a> and use it in your app.
In this way, you can debug the code and can find the problem.
Normally, a new user should be created but maybe you don't have right to read user's email from Ldap, is that possible ?
