How To: Integrate Gallery Server Pro with Active Directory - Knowledge Base - Gallery Server Pro

Welcome Guest! To enable all features please Login or Register.

Notification

Error

Gallery Server Pro » Gallery Server Pro » Knowledge Base » How To: Integrate Gallery Server Pro with Active Directory

2 Pages12 >

How To: Integrate Gallery Server Pro with Active Directory

Options

Previous Topic Next Topic

Roger Martin		#1 Posted : Tuesday, 20 May 2008 8:57:17 AM(UTC)
Rank: Administration Joined: 3/08/2007(UTC) Posts: 3,298 Location: Fort Atkinson, WI		You can configure Gallery Server Pro to use your existing accounts in Active Directory. This allows your users to log in with the same username and password they use to access the network, reducing account duplication and maintenance issues while offering better security. Accounts can be added to roles just like with a regular installation. Step by step instructions are in the Admin Guide in the section Integrate Gallery Server Pro with Active Directory. Roger Martin Creator and Lead Developer of Gallery Server Pro
Back to top		WWW \| Edit by user

User Profile View All Posts by User

Paul		#2 Posted : Tuesday, 28 October 2008 9:56:31 PM(UTC)
Rank: Member Joined: 28/10/2008(UTC) Posts: 8 Location: Shanghai		I installed Pro 2.1 on W2K3 with a local SQL 2K server. Pro 2.1 works fine with SQL2K and when I tried to modify web.cofig following above steps to access the Active Directory, error show up as: syntax error at line 141 at the C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, cannot find connectionstring "LocalSqlServer". <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/> Is that related to the use of SQL Server? SQL is now in mixed mode and I have defined sa passwords during the setup.
Back to top

User Profile View All Posts by User

Roger Martin		#3 Posted : Wednesday, 29 October 2008 12:35:35 AM(UTC)
Rank: Administration Joined: 3/08/2007(UTC) Posts: 3,298 Location: Fort Atkinson, WI		It looks like you didn't comment out the SQL Membership provider. Review the steps above to see how to do this (it's near the beginning). Roger Martin Creator and Lead Developer of Gallery Server Pro
Back to top		WWW

User Profile View All Posts by User

Paul		#4 Posted : Wednesday, 29 October 2008 3:38:17 AM(UTC)
Rank: Member Joined: 28/10/2008(UTC) Posts: 8 Location: Shanghai		On the contrary, it seems the above error happened after I have commented out the <membership defaultProvider="SqlMembershipProvider"> section. If the <membership defaultProvider="AspNetActiveDirectoryMembershipProvider"> section was added without commenting the defaultProvider="SqlMembershipProvider" section, the error shown was the repeating error of defaultProvider="AspNetActiveDirectoryMembershipProvider"> I tried to run the installer again using sa passwords and explicit IP addresses for SQL server, it runs well at default installation. However I cannot get through the web.config once editing the membership section for AD membership. I'm now using the web_sqlserver_3.5.config as the installation template for web.config. The W2k3 server runs on .Net3.5 SP1. Appreciate if any more clues can be provided.
Back to top

User Profile View All Posts by User

Roger Martin		#5 Posted : Wednesday, 29 October 2008 3:47:20 AM(UTC)
Rank: Administration Joined: 3/08/2007(UTC) Posts: 3,298 Location: Fort Atkinson, WI		Why do you have a provider named AspNetSqlMembershipProvider? Seems to me you should only have one membership provider specified in web.config, and it should be named AspNetActiveDirectoryMembershipProvider. Roger Martin Creator and Lead Developer of Gallery Server Pro
Back to top		WWW

User Profile View All Posts by User

Paul		#6 Posted : Wednesday, 29 October 2008 4:35:12 AM(UTC)
Rank: Member Joined: 28/10/2008(UTC) Posts: 8 Location: Shanghai		Looks like AspNetSqlMembershipProvider comes default in machine.config. The machine.config shown was located in the .NET Framework2.0 folder (C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config). There was no such membership providers in the web.config.
Back to top

User Profile View All Posts by User

Roger Martin		#7 Posted : Wednesday, 29 October 2008 4:43:37 AM(UTC)
Rank: Administration Joined: 3/08/2007(UTC) Posts: 3,298 Location: Fort Atkinson, WI		Oh, I see. Add a <clear /> to the membership section so that it is not inherited from the parent config file. I edited the original topic to include it, so refer to it to see how it is done. Roger Martin Creator and Lead Developer of Gallery Server Pro
Back to top		WWW

User Profile View All Posts by User

Paul		#8 Posted : Wednesday, 29 October 2008 5:15:53 AM(UTC)
Rank: Member Joined: 28/10/2008(UTC) Posts: 8 Location: Shanghai		Thank you, <clear/> solves the error. Now I am stucked at the AspNetActiveDirectoryMembershipProvider line. How can I determine the correct version number of the webserver? I tried 2.0.0.0 and 2.0.3600.0 and don't know if the version number is giving the error.
Back to top

User Profile View All Posts by User

Roger Martin		#9 Posted : Wednesday, 29 October 2008 5:43:13 AM(UTC)
Rank: Administration Joined: 3/08/2007(UTC) Posts: 3,298 Location: Fort Atkinson, WI		I am sorry, but I don't know the answer to that. You'll have to google around. Roger Martin Creator and Lead Developer of Gallery Server Pro
Back to top		WWW

User Profile View All Posts by User

sam		#10 Posted : Wednesday, 29 October 2008 8:18:47 AM(UTC)
Rank: Advanced Member Joined: 5/08/2007(UTC) Posts: 157 Location: England		Hi heres How asp version I donated. Did you?
Back to top

User Profile View All Posts by User

Paul		#11 Posted : Wednesday, 29 October 2008 12:14:56 PM(UTC)
Rank: Member Joined: 28/10/2008(UTC) Posts: 8 Location: Shanghai		Thank you Sam, Actually I tried 2.0.50727.0 or 2.0.5072.7 but error remains the same as using 2.0.0.0 etc. It looks like this section only accepts version number in x.x.x.x format such that the numbers shown on the properties of ASP.net 2.050727 will not work directly as the version number. This is exactly the the line in the membership defaultProvider section <add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnection" enableSearchMethods="true" connectionUsername="helpdesk@mydomain.com connectionPassword="password"/> The webserver (not a member in the domain) has full network access rights to the domain controller and the username and password should be working over drive mapping test. This is what is added section in <connectionStrings> <add name="ADConnection" connectionString="LDAP://10.8.0.14/CN=users,DC=mydomain.com,DC=MYDOMAIN,DC=com"/> The LDAP for the domain controller should be working well as I have other LDAP clients accessing the Windows 2K3 Domain user database over LDAP. Error show was at the line in <add name="AspNetActiveDirectoryMembershipProvider"... Any suggestion appreciated.
Back to top

User Profile View All Posts by User

Paul		#12 Posted : Wednesday, 29 October 2008 12:29:05 PM(UTC)
Rank: Member Joined: 28/10/2008(UTC) Posts: 8 Location: Shanghai		I noticed the version number was also shown on the bottom the debug page as 2.0.50727.3053 (although 3053 was not shown in the properies of the website). I put in this version number and error remain the same. (I assume this version number is right) If I removed the "connectionUsername=..." section, the debug page will show unable to establish secure sever connection.
Back to top

User Profile View All Posts by User

Roger Martin		#13 Posted : Thursday, 30 October 2008 1:53:26 AM(UTC)
Rank: Administration Joined: 3/08/2007(UTC) Posts: 3,298 Location: Fort Atkinson, WI		I opened Win Explorer on my Win Server 2008 machine (.NET 3.5 SP1) and navigated to C:\Windows\assembly\ to take a look at System.Web.dll. There it is reported to have version 2.0.0.0. I would expect - but am not sure - that you want to make sure web.config matches this number. You will also see the PublicKeyToken in this directory, so make sure that matches as well. Perhaps you have another issue altogether. If you provide the error message we'll try to give you a hand. Roger Martin Creator and Lead Developer of Gallery Server Pro
Back to top		WWW

User Profile View All Posts by User

Paul		#14 Posted : Thursday, 30 October 2008 2:42:25 AM(UTC)
Rank: Member Joined: 28/10/2008(UTC) Posts: 8 Location: Shanghai		Thank you very much Roger. The System.Web.dll showed the same token and version 2.0.0.0. If the password username and password were right, the only error message shown was server returned a reference, error at source D:\Websites\PhotoGallery\web. line 94 <add name="AspNetActiveDirectoryMembershipProvider... An interesting thing is that when I enter a wrong user password, it will return error saying "unable to establish secure server connection" Looks like the authentication did happened the Active Directory Level.
Back to top

User Profile View All Posts by User

Roger Martin		#15 Posted : Thursday, 30 October 2008 2:51:03 AM(UTC)
Rank: Administration Joined: 3/08/2007(UTC) Posts: 3,298 Location: Fort Atkinson, WI		Please provide the full text of the error message, including the call stack (stack trace) if shown. I can't google for help based on what you provided. I agree that it looks like AD is authenticating, so you are making progress... Roger Martin Creator and Lead Developer of Gallery Server Pro
Back to top		WWW

User Profile View All Posts by User

Paul		#16 Posted : Thursday, 30 October 2008 3:02:41 AM(UTC)
Rank: Member Joined: 28/10/2008(UTC) Posts: 8 Location: Shanghai		Hope this will provide some clues When password is right: Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. Parser Error Message: A referral was returned from the server. Source Error: Line 92: <providers> Line 93: <clear/> Line 94: <add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnection" enableSearchMethods="true" connectionUsername="helpdesk@mydomain.com" connectionPassword="********"/> Line 95: </providers> Line 96: </membership> Source File: D:\Websites\PhotoGallery\web.config Line: 94 Version Information: Microsoft .NET Framework Version:2.0.50727.3053; ASP.NET Version:2.0.50727.3053
Back to top

User Profile View All Posts by User

Paul		#17 Posted : Thursday, 30 October 2008 3:06:47 AM(UTC)
Rank: Member Joined: 28/10/2008(UTC) Posts: 8 Location: Shanghai		This is the error when I the password was wrong Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. Parser Error Message: Unable to establish secure connection with the server Source Error: Line 92: <providers> Line 93: <clear/> Line 94: <add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnection" enableSearchMethods="true" connectionUsername="helpdesk@mydomain.com" connectionPassword="wrong"/> Line 95: </providers> Line 96: </membership> Source File: D:\Websites\PhotoGallery\web.config Line: 94 Version Information: Microsoft .NET Framework Version:2.0.50727.3053; ASP.NET Version:2.0.50727.3053
Back to top

User Profile View All Posts by User

Roger Martin		#18 Posted : Thursday, 30 October 2008 3:25:52 AM(UTC)
Rank: Administration Joined: 3/08/2007(UTC) Posts: 3,298 Location: Fort Atkinson, WI		There are a lot of Google hits on that error. This one says the AD connection string may be incorrect. You didn't provide your connection string, so I can't tell if it is right. Even if you did provide it, I still might not be able to tell if it is correct, since I don't know your network. You might try putting together a little .vbs script to test your connection string, or do some other test to verify the string. That will narrow down the cause between GSP and your connection string. You also might review the Google hits on that error. I only looked at the first few... Roger Martin Creator and Lead Developer of Gallery Server Pro
Back to top		WWW

User Profile View All Posts by User

Paul		#19 Posted : Thursday, 30 October 2008 4:45:56 AM(UTC)
Rank: Member Joined: 28/10/2008(UTC) Posts: 8 Location: Shanghai		Great thanks!! You are absolutely right about the connection string being incorrect. The Windows domain name I was using was seperated by two dots. Domain name: mydomain.com.cn DC server name: myserver Domain controller IP: 10.8.0.14 So instead of this LDAP://10.8.0.14/CN=Users,DC=mydomain.com.cn,DC=myserver,DC=COM"/ become the working string like this LDAP://10.8.0.14/CN=Users,DC=mydomain,DC=COM,DC=CN"/ By the way the GSP server is not a member server in the domain. Now I'll proceed with assigning user roles. Appreciate you help again!
Back to top

User Profile View All Posts by User

mbayhylle		#20 Posted : Wednesday, 3 December 2008 9:19:33 AM(UTC)
Rank: Newbie Joined: 3/12/2008(UTC) Posts: 1 Location: Kansas City		Thanks for all that you've done with this product. Has anyone had any luck integrating this into an AD structure with a parent + subdomain structure? Or is there a way to authenticate through the top-most domain down through the child?
Back to top		WWW

User Profile View All Posts by User

Rss Feed

Atom Feed

Users browsing this topic
Guest (2)

2 Pages12 >

Gallery Server Pro » Gallery Server Pro » Knowledge Base » How To: Integrate Gallery Server Pro with Active Directory

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.