Rank: Member
Groups: Registered
Joined: 8/11/2014(UTC) Posts: 29  Thanks: 4 times
|
Server settings for "Active Directory login" are set as follows:
"Enable" checked
"Allow any existing domain user to login" unchecked (actually, but does not change behaviour)
two domain suffixes entered comma separated
"Set as default" checked
On "Users and Roles"/"Users" tab the "Import Users" button is pressed and search dialog appears.
Search for users finds users from either domain and shows proper AD display name and mail address
Selecting a user and pressing "Import selected" button yields message
"Principal NT not found, Failed to import <display name> principal"
Server log does not show any regarding message
|
|
|
|
|
|
Rank: Administration
Groups: Registered, Administrators
Joined: 7/21/2014(UTC)
Posts: 498
Was thanked: 88 time(s) in 88 post(s)
|
We have been able to reproduce this issue. We are now working on an updated interim build so that you don't have to wait until the final release.
|
 1 user thanked bbv for this useful post.
|
|
|
|
Rank: Administration
Groups: Registered, Administrators
Joined: 7/21/2014(UTC)
Posts: 498
Was thanked: 88 time(s) in 88 post(s)
|
We have now updated the Server installer with a fixed version. Just download and install again.
|
|
|
|
|
|
Rank: Member
Groups: Registered
Joined: 8/11/2014(UTC) Posts: 29 Thanks: 4 times
|
I re-loaded and re-installed the server. The changes you made were successful.
Importing users now works properly as well as logging in with "any existing domain user" if the corresponding flag in server settings allows for.
Two things should be mentioned in addition:
1) One has to log in with the domain principal name (not the display name)
2) Logging in as "any existing domain user" you initially can use all available solutions as the "authenticated" role is automatically assigned which by default has access to all containers and objects.
|
|
|
|
|
|
Rank: Administration
Groups: Registered, Administrators
Joined: 7/21/2014(UTC)
Posts: 498
Was thanked: 88 time(s) in 88 post(s)
|
Your questions are not very clear. Do you mean by 1) that you wish to use the principal name instead of the display name? If yes, you should be able to enter the full name instead of display name on server side, which will make it appear this way on client side. What you get automatically on server is only a suggestion.
Similar with the 2) - do you mean that it is not good that all workflows are available by default?
|
|
|
|
|
|
Rank: Member
Groups: Registered
Joined: 8/11/2014(UTC) Posts: 29 Thanks: 4 times
|
Sorry for not being very precise. I wanted to give an additional comment/hint, not raise a question, because
1) Display name / Principal name
Imported users are shown on server with the display name and the pricipal name and domain in brackets. We tested both.
We tried to log on with the display name without success. Only succeeded with the principal name.
As from your post also using the display name should be possible, I will test again
2) Default authorization
I do not valuate if the current implementation is good or not. I only wanted to emphasize the way it works.
Allowing anybody from active directory to log on yields perhaps a huge audience. If you provide, beneath solutions with technical information, also solutions which show financial figures of a company or even allow for posting transactions, some people would typically prefer to differentiate the audience in advance of first log on.
|
|
|
|
|
|
Rank: Member
Groups: Registered
Joined: 8/11/2014(UTC) Posts: 29 Thanks: 4 times
|
Result of trying to log on with AD user with display name and/or principal name
Assume a user has been imported from AD and shows up in user list on server as: "John Doe (Doe_J@domain.com)"
a) On mobile client (server setting) change user to "John Doe" with proper password and domain set
Update of solutions list (pull down of workspace) results after a while in "Connection error - Timeout ..."
Opening a solution brings message "Solution being opened ..." followed by "Connection error - Timeout ..."
b) On mobile client (server setting) change user to "Doe_J". Password and domain unchanged
Update of solutions list (pull down of workspace) works as expected and shows solutions according to users roles
Opening a solution works as expected
If the user has not been imported previously:
Log on with "John Doe" shows same result as above. User not automatically added to list of users on server
Log on with Doe_J and everything succeeds. User automatically being added to user list on server
|
|
|
|
|
|
Rank: Administration
Groups: Registered, Administrators
Joined: 7/21/2014(UTC)
Posts: 498
Was thanked: 88 time(s) in 88 post(s)
|
It looks like I originally misunderstood what you meant with display/principal name.
Now as I see what you mean, I don't think it is possible at all. The same as you cannot login into Windows with John Doe, you will not be able to login in MobileTogether with display name, because AD simply won't accept it.
|
|
|
|
|
|
Rank: Member
Groups: Registered
Joined: 8/11/2014(UTC) Posts: 29 Thanks: 4 times
|
Thanks for your clarification.
|
|
|
|
|
|
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
