|
|
Rank: Member
Joined: 10/8/2009
Posts: 17
Location: Leeds
|
Hi there, I'm desperately trying to get active directory integrated with Gallery Server, looks like I'm nearly there however I'm seeing the attached error when trying to view the available roles in IIS 7. AD roles errorThe system.web.security is already in the GAC, and I also tried to add the <add type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" /> to the administration config as a desperate measure but not having any luck seeing the roles. If it helps I can see a list of users from AD but not the roles. Any advice?
|
|
Rank: Administration
Joined: 8/3/2007
Posts: 1,996
Location: Fort Atkinson, WI
|
I assume you have been following the steps in this thread? And you are using the SqlRoleProvider or SQLiteRoleProvider for role management, right? Other than that, I don't know what else to say. I don't spend much time with AD and if you already tried the advice in the error message, then about all I can say is to Google around to see if anyone else has had the issue. If you figure it out, please post your solution to help the next person.
Roger Martin Creator and Lead Developer of Gallery Server Pro
|
|
Rank: Member
Joined: 10/8/2009
Posts: 17
Location: Leeds
|
Yeah I did follow that thread, and I am using the sql role provider too. I logged in using the the admin account created during the install, and then changed the config to use AD and was able to see all the user list from AD, when I try to set myself as systems admin role I get a privilege error. Do I need permissions to manage the domain? Can I manually add myself into the role using sql?
I only really want a few users to be able to log-in to administer the albums using their AD accounts.
|
|
Rank: Administration
Joined: 8/3/2007
Posts: 1,996
Location: Fort Atkinson, WI
|
Pretty much everything I know about AD is in this thread, so I may not be much help in troubleshooting. One thing, though, that I am confused about is this: You posted a screen shot that occurs when you try to view the roles in IIS Manager, but my instructions for setting up AD never ask you to view the roles.
Roger Martin Creator and Lead Developer of Gallery Server Pro
|
|
Rank: Member
Joined: 10/8/2009
Posts: 17
Location: Leeds
|
Hi Roger, No problems, the company I work for will only use the solution if I can integrate with active directory, so I really want to get this working. I will try for a few hours today, the reason I hit this problem is when completing the following step. Quote:If you are using IIS 7, the answer is easy. Open up IIS Manager, navigate to the Gallery Server Pro web app, and click .NET Users. A list of your AD users appears. Double click the one that you want to be the administrator, and add the user to the System Administrator role in the dialog box. The next time you log on to Gallery Server Pro you will have administrative access. The problem maybe trust or permissions related. Cheers, Riyaz
|
|
Rank: Administration
Joined: 8/3/2007
Posts: 1,996
Location: Fort Atkinson, WI
|
I saw the ".NET Roles" in the title of the error message you posted and assumed it appeared when you clicked the .NET Roles link in IIS Manager. Are you saying it is appearing when you click the .NET Users link? If so, then that clears up my confusion, unfortunately I still don't know what the cause is.
The best thing I can suggest is to do an internet search on the error message. Since it is not GSP-specific, you may find a good number of hits.
Roger Martin
Creator and Lead Developer of Gallery Server Pro
|
|
Rank: Member
Joined: 10/8/2009
Posts: 17
Location: Leeds
|
Hi Roger,
Apologies for the delayed reply, keep getting distracted with other work but I think the problem is I only want the application to have read-only permissions to the AD, so after hacking the DB i can log-in using my active directory password but when I try to edit the users and add them to a role it tried to update active directory too.
I am however looking into why I can't access the role provider from IIS 7 , it appears to be complaining about the connection string being blank and even through I'm using the name="SqlServerDbConnection" IIS seems to think I'm using name="SQLiteDbConnection".
Thanks for your help on this and hopefully I'll be there soon.
Cheers,
Riyaz
|
|
Rank: Member
Joined: 10/8/2009
Posts: 17
Location: Leeds
|
Hi Roger, I have managed to get this working, seems like the connection string to the DB being picked up by IIS is the SQL lite one, so I had to manually add it and it started to pick up the roles. However I am only able to have read-only permissions to active directory, in IIS when you visit the users area and add somebody to a role, there is an email address from active directory being displayed, so I think when you click update you get an error (I assume from AD - Screen shot here - Ad role error) but it does sometimes update the DB to add the role to the user. Would it be possible to to decouple the active directory and membership items in the web admin itself? this way we can manage AD users from the web admin with read only AD access? Here is a pic of the same error in the web admin - AD role web admin errorCheers, Gaj
|
|
Rank: Administration
Joined: 8/3/2007
Posts: 1,996
Location: Fort Atkinson, WI
|
Gaj,
I will add this as a feature request and will try to get it into the next version. I am kind of surprised that IIS Manager has the same limitation as GSP, since there isn't a reason (I can think of) to require AD edit permission when all you want to do is update the role membership.
Roger Martin
Creator and Lead Developer of Gallery Server Pro
|
|
Rank: Member
Joined: 10/8/2009
Posts: 17
Location: Leeds
|
I know what you mean, I was surprised myself. However it looks like I'll be installing this on a production server soon so thats good news and thanks for all your effort on this.
|
|
|
Guest |