ldap authentication to AD works for groups except "domain users" - Is this issue with whitespace? ( apache6 )
Do I need to edit this row somehow to support whitespacE?
roleSearch="(member={0})"
+1
A:
User objects aren't typically added to Domain Users. It's usually marked as their primary group in the user object. I would avoid using membership in Domain Users for role-based security as it will complicate any role provider that you need to write. For most purposes, membership in Domain Users simply means that you have an account in the domain. This can easily be checked by doing a lookup on the user object itself. I've only had one situation in which I've used Domain Users -- this was in a Windows login access solution -- and that was as a fallback to keep using our group-based access when the original group management scheme broke down for political reasons.
tvanfosson
2009-09-17 12:18:24
How can I meka a lookup on the user itself??
Tom
2009-09-17 14:34:35
If you can authenticate the user, it's almost certain that the user is in Domain Users -- you would have had to modify the default primary role in AD for it to be any different.
tvanfosson
2009-09-17 17:16:56