AD and Find UI

Vote:
 

We have a slight problem with the latest incarnation of Find. The UI does not appear. We're using the customers Active Directory for groups and users.

In the thread http://world.episerver.com/Modules/Forum/Pages/Thread.aspx?id=80344 they discusses solutions to the problem, but I can't seem to get it to work. Since we're relying on the AD we do not have the possibilty to add the groups therein. We've tried adding virtual roles for WebEditors and SearchAdmins but no luck at all.

Any pointers? Indexing/search works fine.

#115800
Jan 19, 2015 12:57
Vote:
 

Could you post the error you get when trying to access the Find UI?

#116086
Jan 22, 2015 17:29
Vote:
 

The problem is that I don't even get the link to it. And no errors in the log.

#116323
Jan 28, 2015 15:58
Vote:
 

We had the same problem since our users was not in a AD group called WebAdmins. It can be solved by adding this line to your episerver.framework section

<add roles="WebAdmins, Administrators, CUSTOMADNAME" mode="Any" name="SearchAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" />

Just change CUSTOMADNAME to the name of the group your users are in that are supposed to have access to Find

Sorry, I saw now that you already had tried that.

#116325
Edited, Jan 28, 2015 16:17
Vote:
 

Since the Find link is missing, could you try opening the URL directly? Should return an error. For example: http://win-oomc81i4bmh:17006/episerver/Find/#overview

#116347
Jan 28, 2015 21:24
Vote:
 

Tried what you suggested Richly, but I do not get access with my account which is an administrator.

#116464
Jan 30, 2015 11:31
Vote:
 

Can you show us how your <episerver.framwork> section looks like here?

#116467
Jan 30, 2015 12:20
Vote:
 


<episerver.framework>
  <appData basePath="..\..\appdata"/>
  <scanAssembly forceBinFolderScan="true" />
  <virtualRoles addClaims="true">
    <providers>
      <add name="Administrators" type="EPiServer.Security.WindowsAdministratorsRole, EPiServer.Framework" />
      <add name="Everyone" type="EPiServer.Security.EveryoneRole, EPiServer.Framework" />
      <add name="Authenticated" type="EPiServer.Security.AuthenticatedRole, EPiServer.Framework" />
      <add name="Anonymous" type="EPiServer.Security.AnonymousRole, EPiServer.Framework" />
      <add name="CmsAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators,DOMAIN\EPi Webadmins" mode="Any" />
      <add name="CmsEditors" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebEditors, WebAdmins, Administrators,DOMAIN\EPi Webredaktörer,DOMAIN\EPi Webadmins" mode="Any" />
      <add name="Creator" type="EPiServer.Security.CreatorRole, EPiServer" />
      <add name="PackagingAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators, DOMAIN\EPi Webadmins" mode="Any" />
	  <add name="SearchAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators,DOMAIN\EPi Webadmins" mode="Any" />
    </providers>
  </virtualRoles>
  <virtualPathProviders>
    <clear/>
    <add name="ProtectedModules" virtualPath="~/EPiServer/" physicalPath="Modules\_Protected" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider, EPiServer.Framework" />
  </virtualPathProviders>
  <geolocation defaultProvider="maxmind">
    <providers>
      <add name="maxmind" type="EPiServer.Personalization.Providers.MaxMind.GeolocationProvider, EPiServer.ApplicationModules" databaseFileName="[appDataPath]\Geolocation\GeoLiteCity.dat" />
    </providers>
  </geolocation>
  <localization fallbackBehavior="Echo, MissingMessage, FallbackCulture" fallbackCulture="sv">
    <providers>
      <add virtualPath="~/Resources/LanguageFiles" name="languageFiles" type="EPiServer.Framework.Localization.XmlResources.FileXmlLocalizationProvider, EPiServer.Framework" />
    </providers>
  </localization>
  <licensing licenseFilePath="..\..\AppData\License.config"/>
</episerver.framework>



#116471
Jan 30, 2015 13:06
Vote:
 

Try remove DOMAIN\ from the mappedRole, I don't think it is nessersay. We do not use it and it works in both test and live enviroment and those are in different AD Domains

#116472
Jan 30, 2015 13:13
Vote:
 

Still the same problem even when removing "DOMAIN". For added info, the Add-ons button/link is not showing either despite being in the correct group for PackagingAdmins.

#116549
Feb 02, 2015 8:53
Vote:
 

I would then try to see what happens if you add a gruop with a name without a space. I think space should work, but just to be shore, create a new group in you domain (if you are able) and add it to the config, name it without a space

God luck

#116550
Feb 02, 2015 8:58
Vote:
 

Thanks, I think I will take this further with the EPiServer support. I did even create local groups (we use Windows Authentication) witout a space and that did not work either.

#116551
Feb 02, 2015 9:01
Vote:
 

Do that, start with taking up a chat session with them, they are very good at what they do. I can not see any errors in the config, so it should work :-)
Good luck and when you figure out what the error are, please update this thread with it so others can get help from it

#116552
Feb 02, 2015 9:09
Vote:
 

Try changing from:

<virtualRoles addClaims="true">

to:

<virtualRoles addClaims="false" replacePrincipal="true">

/Steve

#116560
Feb 02, 2015 10:48
Vote:
 

That can be the thing Evest, we have it like this and that is working

<virtualRoles replacePrincipal="true">
#116562
Feb 02, 2015 10:56
Vote:
 

Thank you Steve for your input. Works fine now. :)

#116778
Feb 04, 2015 16:42
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.