LDAP Authentication

If you have questions about using mojoPortal, you can post them here.

You may want to first review our site administration documentation to see if your question is answered there.

This thread is closed to new posts. You must sign in to post in the forums.
10/21/2013 5:55:51 PM
Sandy@HH
Gravatar
Total Posts 53
View Posts

LDAP Authentication

Hi Joe

We have set up LDAP for Authentication on our intranet. However, it looks like staff can log in with either their username or email address. If they log in with the email address it looks like it doesn't authenticate properly. It adds them to the member list, but does not show their name. As Administrator, if I try to manage the user, I cannot add in the email address. I get the error "Must use a valid email address". Have we missed something in our set up?

Thanks
Sandy

10/22/2013 2:07:09 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: LDAP Authentication

Hi Sandy,

If a user is authenticated via ldap then a corresponding mojoPortal siteUser is created in the database but we don't know any other information about the user such as name. We take a guess for the email I think at least with Active Directory. The user or an admin may need to update the account to correct the email or name.

When the site user is created in the database a random password is created with that row that could also be used to login if database authentication is also enabled along with ldap authentication. The user could obtain that password by password recovery. We don't store the ldap password anywhere.

If the users already has mojoportal accounts before you changed to ldap and if database authentication is also enabled then they can login also with the previous user accounts. When they later logged in with ldap nothing connected that with their previous accounts, a new mojoPortal account was created basedon the ldap authentication and nothing grants the new account any roles unless an admin does it whereas their previous accounts may have had roles previously granted.

You should be able to grant the needed roles to the new accounts that were created at the first ldap login for the user. Then you can delete their old account and update the ldap account with the email address that was on the users previous mojoportal account.

Not being able to edit the email is a separate issue. Is there anything unusual about the email address? Can you reproduce the problem by creating a user on our demo site and then editing the email?

It won't let you use the same email on more than one mojoportal account though so you cannot update the new user that uses ldap to have an email address that is already in use on a different mojoportal user account so you would have to delete that old user to do it.

Hope that helps,

Joe

 

You must sign in to post in the forums. This thread is closed to new posts.