MENU

AD Integration

Activate the Active Directory integration

Lisa has integrated support to authenticate against Active Directory, this is achieved through an External-users plugin.

To activate the plugin one must select the plugin in the global settings dialog. It can be accessed in the shortcuts section on the dashboard.

 

In the external users dialog select the AdProvider from the Available plugins.

 

Then a valid active directory username and password must be supplied. The user must have permissions to view information about other users.

Map roles with the role map

In the role mapping section, Ad-roles can be mapped to Lisa-roles.
The format is ExternalRole=LisaRole1[,LisaRole2, LisaRole3...]

Example: HL Veflausnir=Administrator,Kennarar

Will map users in the "HL Veflausnir" Ad-role to both the Administrator and Kennarar lisa roles.

* can be used as a wildcard

Example: *=Webuser

Will map everyone to the Webuser Role

Map roles with role names

Lisa roles can also be mapped by creating a role with the same name and prefixing it with the "ext:"

Example: "ext:HL Veflausnir"

Map properties

To map properties either name the property "ext:NameOfProperty" or set the default value as "ext:NameOfProperty".

When the user logs in these properties will be populated automatically with data from Ad.

Get an image from ActiveDirectory

To sync the profile image from Active Directory the property is set as before but an id of an itemgallery category must be set in the tag field.  All images will then be saved in that category.

 

View available properties and roles

In the properties dialog for users there is a tab name External properties. There is a list of all properties and roles available in the external provider for that user.

IIS setup

  • Disable anonymous authentication
  • Enable Integrated Windows authentication
  • Enable Forms authentication

Notes

  • Avoid using host-headers containing underscores, since the underscore is an invalid FQDN character.  If your host-header contains an underscore, IE will not accept any cookies from the domain and it will cause all kinds of problems with mixed mode authentication (Forms+IWA) when the application pool is running in integrated mode

Troubleshooting

If you are having problems with the integration, create a new .aspx file in the root folder of you website and call it adtest.aspx.  Copy-paste the following code into the file and save it:

<%@ Page Language="C#" %>  
<%  
Response.Write("LOGON_USER Variable:" + HttpContext.Current.Request.ServerVariables["LOGON_USER"]);  
Response.Write("
"); Response.Write("Roles: " + string.Join(",", Roles.GetRolesForUser())); Response.Write("
"); Response.Write("Is logged on: " + (Membership.GetUser() != null).ToString()); Response.Write("
"); if(Membership.GetUser() != null) Response.Write("Membership user: " + Membership.GetUser().UserName); Response.Write("
"); Response.Write("SessionID:" + Session.SessionID); %>
Now launch a browser and browse to http://<yoursite>/adtest.aspx and examine the output.

You should see something like this:

LOGON_USER Variable:SKYRR\haukurh
Roles: Everyone,Ad_Webusers,Lisa,Veflausnir
Is logged on: True
Membership user: SKYRR\haukurh 
SessionID:4qrtnazkpncnx4woepan1jpy

Search

Index

Mailing list

Get notified when new versions of LiSA are released!

Check the box next to the list you wish to register to.