November Happy Hour will be moved to Thursday December 5th.

AI OnAI Off

Access is denied when saving editor/admin profile (AD)

Jonas Boman
Jonas Boman
Vote:
 

Hi.

FIrst a little context:

Using a connection to company AD in customer site so users (e g editors and admins) can login into CMS. 

Recently added a custom ActiveDirectoryMembershipProvider to that the approval sequence would search users against the AD, instead of the tblSyncedUser, since the syncronization never worked.  The custom provider overrides the FindUsersByName method replacing the wildcard character from '%' to '*'. Nothing apart from that.

This however seems to impact when user changes its profile.
For example changing Personal Language (UI Language Settings) under Display Options and hitting Save.

This action results in an error message: 

at System.DirectoryServices.Interop.UnsafeNativeMethods.IAds.SetInfo() at System.DirectoryServices.DirectoryEntry.CommitChanges() at 
System.Web.Security.ActiveDirectoryMembershipProvider.UpdateUser(MembershipUser user) at System.Web.Security.MembershipUser.Update() at 
EPiServer.UI.Memberships.DefaultUserProvider.UpdateUser(IUIUser user, IEnumerable`1& errors) at 
EPiServer.UI.Edit.UserMembership.SaveMembershipUser(IEnumerable`1& errors) at EPiServer.UI.Edit.UserMembership.SaveButton_Click(Object sender, EventArgs e)

Access is denied.

I would guess the Save events tried to save to the AD but the credentials does not have Save-permissions?

Can anyone confirm this and/or have a way forward in resolving this?

Using the latest cms in major version 11.

Thanks!

#288942
Oct 10, 2022 9:49
Ynze
Ynze
Vote:
 

Hi Jonas,

What was the problem with the user synchronization? 

It's hard to tell what could be the underlying problem with updating the user, but it looks like you need to sort out how the user can be updated in the AD. As a side note, you might have an easier time sorting this out after upgrading to version 12 of the CMS, since user management has changed alot.

#289579
Oct 13, 2022 23:10
Jonas Boman
Jonas Boman
Vote:
 

Hi Ynze. Thanks for your response.

The syncing of user never did work in current AD connection. Changing to a custom ActiveDirectoryMembershipProvider overriding findUser method solved the bit with being able to list AD users in Content Aproval Module, though. But when doing this, the SaveUser action cannot be performed, probably due to access restriction to the ldap user.

Upgrading to 12 is not something we wish to do at this point.

#289580
Oct 14, 2022 6:24
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.