Forums (Obsolete)

Member

mosgath - 11/9/2012 11:14:01 AM

Limit Domain Roles created in Kentico

We are looking into enabling Mixed Mode Authentication. External users would use Kentico Security and internal users would use Active Directory. With Mixed mode, we are able to login without specifying the domain in the login. Is there a way to limit which roles from the Active Directory are actually imported as Kentico Roles? In my local sandbox, I have this enabled but a large number of roles are getting added to Kentico and would never be used for authorization within the website as they are for other specific uses within the enterprise. These just muddy the water within Kentico and make administration of the roles cumbersome. Using the AD import utility also does not work for us. It crashes when I try to limit the import to only a few groups or users. I would assume that even if I did use this, when user gets added all their roles would be imported as well.

Kentico Support

kentico_jurajo - 11/12/2012 4:21:28 AM

RE:Limit Domain Roles created in Kentico

Hi,

Using the import tool is the right way how to do it - so, if you could describe us the issues and errors you are getting, it would be much appreciated and we will be happy to help you.

Or, you can disable the import of AD roles at all using this web.config key:

<add key="CMSImportWindowsRoles" value="false"/>

Then none of the roles will be imported.

Best regards,
Juraj Ondrus

Member

mosgath - 11/12/2012 8:25:30 AM

RE:Limit Domain Roles created in Kentico

Thanks. The web.config key should do what we need. Below are the steps I take to run the import that fails:

Basically, I run the Kentico Active Directory Import Utility 7 (version 7.0.4640.25391).
Select new import profile. Click next.
Enter SQL Server name. Use Windows Auth.
Establish Connection and select database. Click Next.
Use current Domain Controller and current user account.
Click Test Connection. Test successful. Click next

Select Import Users: Only Selected.
Select Import Groups: Only Selected.
Checked Options:
Update user and Role Data
Update user membership in roles
Delete users and roles that were deleted in Active Directory
Log import process to file

Select Site:
Corporate Site

Click Next
Use defaults field assignments. Click next.

Active Directory Structure loads. This takes several minutes.

Then, I scroll the list and get CMS AD Import has stopped working. A Kentico Dialog is prompt appears to be attempting to open, but it doesn't contain anything.

If I click debug error, it shows the error as unhandled exception: System.ComponentModel.Win32Exception

System.Windows.Forms.dll 2.050727.5460 (Win7SP1GDR.050727-5400)
Call Stack Location: System.Windows.Forms.Dll!System.Windows.Forms.NativeWindow.CreateHandle(System.Windows.Forms.CreateParams cp) +0x495 bytes

Sometimes, I am able to get pass this screen but I get an error on the next screen and then it will crash.

I thought it may have something to do with having a large AD being retrieved.


Kentico Support	kentico_jurajo - 11/14/2012 2:11:31 AM RE:Limit Domain Roles created in Kentico Hi, That is strange. How many users and groups are in the AD (and they are being loaded). Also, would it be possible to run the AD import again and create a full memory dump and then send it to use for inspections (debugging demo - how to create dump). Thank you. Best regards, Juraj Ondrus