3

I'm configuring the Active Directory Module 1.2 for CMS 7.2-8.0 and despite the fact that everything works great, I prefer to use integrated security (following the customer's policy). However, the manual does not say anything about using integrated security for the role provider. The LightLDAP.SitecoreADRoleProvider has username and password properties and doesn't use a connectionstring for this:

<roleManager defaultProvider="switcher" enabled="true" xdt:Transform="SetAttributes" xdt:Locator="Match(enabled)">
  <providers>
    <add name="ad" xdt:Transform="Insert" xdt:Locator="Match(name)"
      type="LightLDAP.SitecoreADRoleProvider"
      connectionStringName="ADSitecoreUsers"
      applicationName="sitecore"
      username="usr"
      password="pass"
      attributeMapUsername="sAMAccountName" cacheSize="2MB" />
  </providers>
</roleManager>
<profile defaultProvider="switcher" enabled="true" inherits="Sitecore.Security.UserProfile, Sitecore.Kernel" xdt:Transform="SetAttributes" xdt:Locator="Match(enabled)">
  <providers>
    <add xdt:Transform="Insert" xdt:Locator="Match(name)" name="ad" type="LightLDAP.SitecoreADProfileProvider"
      connectionStringName="ADSitecoreUsers"
      applicationName="sitecore"
      username="usr"
      password="pass"
      sitecoreMapDomainName="ad" />
  </providers>
</profile>

looking this question up in Google is quite hard, because of course, Integrated Security is part of the functionality the AD module delivers, so each hit is about integrated security as well, but I'm looking for the provider to configure with integrated security (my app pool user is a service account that has been logged in via the app pool and that user has the correct rights on AD and databases).

Rob Habraken
  • 479
  • 4
  • 7
  • The provider *does* use a connectionstring - `connectionStringName`, but I don't think it is possible to specify the username/password in the connString like you can with SQL though. Have you tried omitting the username/password properties? I was able to do that in a Sitecore 6.4 install but servers were all hosted in-house. – jammykam Dec 11 '15 at 11:18
  • Yes, indeed. By "has username and password properties and doesn't use a connectionstring for this" I meant it doesn't use the connection string for the credentials. But your suggestion is a good one, didn't expect that to work, but based on your 6.4 experience I'll try omitting those values and using integrated security within the referenced connection string. – Rob Habraken Dec 11 '15 at 12:56

1 Answers1

3

Just finished setting up AD integration without username and password. From my experience, if the server is joined to the domain or a domain that has trust with the users domain it should not require a username and password. I just omitted the connectionUsername and connectionPassword attributes from the config.

However, we do not allow changing username and passwords (that writes back to AD) in our setup, so your mileage may vary based on your setup.

Asbjørn Rygg
  • 31
  • 3