Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Roles Sync - AD and DNN Roles #63

Open
TineHorvat opened this issue Oct 10, 2019 · 4 comments
Open

Roles Sync - AD and DNN Roles #63

TineHorvat opened this issue Oct 10, 2019 · 4 comments

Comments

@TineHorvat
Copy link

Please summarize your question in one sentence

Can someone explain how exactly should the sync of user Roles work? Are roles synced from AD when the user firstly logins or they actually need to exists before in DNN Roles?
After login they are matched and if they are the same (for example AD Role "Marketing" and DNN role "Marketing") and if the user has it, it will be added to him as he logged in? Is the process somehow different?

Give a more extended description

I've tried to manually add the names of the roles as they are in the AD, but the user after login gets only Registered and Subscribers role. Should they be set as Auto assign or something? Am I missing something?

Steps to reproduce (if needed)

Using DNN 9.4.1 and DNN.AD module 7.0.0. Users can login with their AD login data, but none of the roles are assigned to them.

Other comments or remarks

I'm a little lost right now as I don't know where to look for more info or examples. Also any help would be really appreciated ;)

Cheers
@SCullman
Copy link

Corresponding roles need to exist in DNN in advance.

A User in AD has normally a couple of AD roles, either direct or indirect. You ususally don't want to pollute DNN with all that roles.
During login DNN tests all of DNN roles whether the user belongs to that role in AD or not. AD roles are never changed, it synchronizes always from AD to DNN.

@sawest
Copy link
Collaborator

sawest commented Oct 10, 2019

@TineHorvat The role must exist in DNN first. It must match exactly. The user needs to be a member of that group on AD first. EVERY login will sync roles. If the user in AD is in a group called Finance then DNN will look for a role called Finance and add them to that role on login.

Of course this assumes you have sync turned on in the AD module settings.

@pmgerholdt
Copy link

pmgerholdt commented Sep 11, 2020
edited
Loading

Trying to use this provider for a DNN portal. It works fine for authentication, but strangely it is not consistent in adding users to a role. I have about 90 members out of 400 who are correctly added to the DNN role, and the other 300+ are not; and all of them are members of the same security group in AD that should map to this DNN role.

Any guidance or thoughts on why this isn't rock solid in this regard? I really want to use / trust this for use within DNN.

Edit:
In fact, I can manually add a person to the DNN role who is also a member of the AD group, and when they log on, they get removed from the DNN role.
So the sync action appears to be working, it's just not recognizing AD group membership correctly for some (most) folks, while it is getting it right for others.

@valadas
Copy link
Member

valadas commented Sep 11, 2020

Are you using the latest Dnn version, there was a fix relating to users cache in 9.7.1 ? Not sure if that is your issue, but just wondering if it may have a effect here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@TineHorvat @SCullman @valadas @sawest @pmgerholdt