即使在分配 sitecore\Sitecore Client Users 角色时,广告用户也无法登录
Posted
技术标签:
【中文标题】即使在分配 sitecore\\Sitecore Client Users 角色时,广告用户也无法登录【英文标题】:ad user not able to login even on assiging sitecore\Sitecore Client Users role即使在分配 sitecore\Sitecore Client Users 角色时,广告用户也无法登录 【发布时间】:2014-11-10 12:00:59 【问题描述】:我已将活动目录模块与 sitecore 集成,我可以在 sitecore 用户管理器中查看广告中的用户。现在我想验证广告用户是否可以登录到 sitecore。我为用户分配了 sitecore\Sitecore Client Users 角色并尝试以
身份登录用户名:域\用户名 密码:pw
点击登录按钮时,我看到一个奇怪的错误。以下是错误。
但是当我选中此用户的设置为管理员复选框时,我可以登录 用户名:域\用户名 密码:pw
感谢任何帮助。 谢谢。
Server Error in '/' Application.
Creating an instance of the COM component with CLSID 080D0D78-F421-11D0-A36E-00C04FB950DC from the IClassFactory failed due to the following error: 800401e4 Invalid syntax (Exception from HRESULT: 0x800401E4 (MK_E_SYNTAX)).
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.InteropServices.COMException: Creating an instance of the COM component with CLSID 080D0D78-F421-11D0-A36E-00C04FB950DC from the IClassFactory failed due to the following error: 800401e4 Invalid syntax (Exception from HRESULT: 0x800401E4 (MK_E_SYNTAX)).
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[COMException (0x800401e4): Creating an instance of the COM component with CLSID 080D0D78-F421-11D0-A36E-00C04FB950DC from the IClassFactory failed due to the following error: 800401e4 Invalid syntax (Exception from HRESULT: 0x800401E4 (MK_E_SYNTAX)).]
System.Web.Security.DirectoryInformation.GetADsPath(String dn) +108
System.Web.DataAccess.ActiveDirectoryConnectionHelper.GetDirectoryEntry(DirectoryInformation directoryInfo, String objectDN, Boolean revertImpersonation) +42
System.Web.Security.ActiveDirectoryMembershipProvider.ValidateUserCore(String username, String password) +1970
System.Web.Security.ActiveDirectoryMembershipProvider.ValidateUser(String username, String password) +39
LightLDAP.SitecoreADMembershipProvider.ValidateUser(String username, String password) +193
Sitecore.Data.DataProviders.NullRetryer.Execute(Func`1 action, Action recover) +394
Sitecore.Security.SitecoreMembershipProvider.ValidateUser(String username, String password) +319
System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs e) +105
System.Web.UI.WebControls.Login.AttemptLogin() +160
System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +93
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +84
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3804
【问题讨论】:
什么版本的 Sitecore 和什么版本的 AD 模块?您可以发布您的 ldap.config 以及您为会员资格和角色管理器提供者提供的配置吗?感觉好像有一个格式错误的 LDAP 连接字符串。如果管理员用户能够登录,则问题可能出在角色管理器中,因为 Sitecore 管理员用户可能未经过角色检查是有道理的。 @MattGartman 感谢回复..sitecore 版本是 7.0,AD 模块是 1.1 从故障排除的角度来看,我会尝试删除 customFilter 参数,看看您是否仍然遇到同样的问题。以 Sitecore 管理员身份登录后,您能否在 Sitecore UI 中查看域的用户和角色? @MattGartman 是的,我看到了用户和角色。我有时可以登录,有时不能登录..这太随机了..不知道为什么会这样.. 如果它是随机的,并且特定用户有时可以登录,但有时会收到此错误,这听起来可能与基础设施有关。我将首先查看您正在访问的 DC,也许您的 AD 森林中有一个较旧的 DC 不喜欢该请求。如果您可以尝试将 LDAP 连接字符串指向单个 DC 以尝试排除这种情况。除此之外,我会开始查看网络,看看那里是否发生了什么事。 【参考方案1】:我知道这个问题很老了,但是我最近遇到了这个问题,并且花了很多时间通过 Microsoft 文档等研究原因和解决方案。有时在尝试执行 IIS 刷新过程时会出现问题访问从用 C++ 编写的各种 DLL 动态加载的 com 对象中的某些接口。这些类型的 DLLs/接口可能很棘手和令人困惑。我发现最好的解决方案是避免对该接口给出的用户组主体对象进行一些调用。如果您调用的方法类似于:[Some user object].IsMemberOf([Some group object])。尝试更改代码以避免调用用户对象上的任何函数。从上面的示例中,您可以将代码更改为如下所示:
foreach (var user in [Some group object].GetUsers())
if (user.SamAccountName == [Some user object].SamAccountName)
// Do your work here
当然,您在代码中执行的操作可能与我上面的示例不同,但希望这能让您对可能需要避免的操作类型有一个基本的了解。
【讨论】:
【参考方案2】:我的一个网络应用程序遇到了类似的问题。 如果您仍然遇到此问题,您可以通过转到应用程序的 IIS 应用程序池的高级设置并将“加载用户配置文件”选项设置为 True 来解决此问题。
【讨论】:
您的回答解决了这个问题。奇怪的是,我们可以重新启动服务器,它会工作几个小时。这一次当它再次开始抛出这个错误时,我所做的只是尝试你的建议并修复它。任何想法为什么它会在没有将此设置设置为 true 的情况下运行一段时间然后爆炸? 谢谢,解决了。 另外,你知道是什么导致了这个错误吗,我已经做了更改,但是发生这个错误的原因是什么。 你能解释一下这个选项有什么作用以及为什么它解决了这个问题吗?【参考方案3】:对于启用 AD 的登录,请尝试从 /sitecore/admin/ldaplogin.aspx 页面登录。
【讨论】:
【参考方案4】:@MattGartman 这里是会员和角色提供者
<membership defaultProvider="sitecore" hashAlgorithmType="SHA1">
<providers>
<clear />
<add name="sitecore" type="Sitecore.Security.SitecoreMembershipProvider, Sitecore.Kernel" realProviderName="switcher" providerWildcard="%" raiseEvents="true" />
<add name="sql" type="System.Web.Security.SqlMembershipProvider" connectionStringName="core" applicationName="sitecore" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="256" />
<add name="switcher" type="Sitecore.Security.SwitchingMembershipProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/membership" />
<add name="ad" type="LightLDAP.SitecoreADMembershipProvider" connectionStringName="ADConnString" applicationName="sitecore" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" connectionUsername="domain\username" connectionPassword="pw" connectionProtection="Secure" attributeMapUsername="sAMAccountName" enableSearchMethods="true" customFilter="(memberOf=CN=RegionsComSitecore,OU=Groups,DC=c,DC=pk,DC=com)" />
</providers>
</membership>
<roleManager defaultProvider="sitecore" enabled="true">
<providers>
<clear />
<add name="sitecore" type="Sitecore.Security.SitecoreRoleProvider, Sitecore.Kernel" realProviderName="switcher" raiseEvents="true" />
<add name="sql" type="System.Web.Security.SqlRoleProvider" connectionStringName="core" applicationName="sitecore" />
<add name="switcher" type="Sitecore.Security.SwitchingRoleProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/roleManager" />
<add name="ad" type="LightLDAP.SitecoreADRoleProvider" connectionStringName="ADConnString" applicationName="sitecore" username=" domain\username" password="pw" attributeMapUsername="sAMAccountName" cacheSize="2MB" customFilter="(memberOf=CN=RegionsComSitecore,OU=Groups,DC=c,DC=pk,DC=com)" />
</providers>
</roleManager>
这里是 ldap.config
<pipelines>
<initializeAdUserEntry>
<!--
Use the processor if all new user should have a predefiled value in a property.
The PropertyName parameter defines the name of the property.
The DefaultValue parameter defines the default value of the property.
-->
<!--
<processor type="LightLDAP.Pipelines.InitializeAdEntry.SetPropertyValue, LightLDAP">
<PropertyName desc="AD property name ">type the property name here</PropertyName>
<DefaultValue desc="AD property name ">type the default property value here</DefaultValue>
</processor>
-->
<!--
Use the processor if all new roles should be a member of the predefined role.
The RoleName parameter defines the name of the main role.
-->
<!--
<processor type="LightLDAP.Pipelines.InitializeAdEntry.AddToRole, LightLDAP">
<RoleName desc="AD group">type role name here</RoleName>
</processor>
-->
<processor type="LightLDAP.Pipelines.InitializeAdEntry.CommitChanges, LightLDAP"/>
</initializeAdUserEntry>
<initializeAdRoleEntry>
<!--
Use the processor if all new user should have a predefiled value in a property.
The PropertyName parameter defines the name of the property.
The DefaultValue parameter defines the default value of the property.
-->
<!--
<processor type="LightLDAP.Pipelines.InitializeAdEntry.SetPropertyValue, LightLDAP">
<PropertyName desc="AD property name ">type the property name here</PropertyName>
<DefaultValue desc="AD property value ">type the default property value here</DefaultValue>
</processor>
-->
<!--
Use the processor if all new roles should be a member of the predefined role.
The RoleName parameter defines the name of the main role.
-->
<!--
<processor type="LightLDAP.Pipelines.InitializeAdEntry.AddToRole, LightLDAP">
<RoleName desc="AD group">type role name here</RoleName>
</processor>
-->
<processor type="LightLDAP.Pipelines.InitializeAdEntry.CommitChanges, LightLDAP"/>
</initializeAdRoleEntry>
</pipelines>
<settings>
<!-- Defines the logging level of the module. If true, dumps every action entry into the log.
Default is false
-->
<setting name="LDAP.Debug" value="true" />
<!-- Defines if the configuration assumes indirect membership on common operations.
This setting affects the membership verification during login and user access check.
Default is false
-->
<setting name="LDAP.IncludeIndirectMembership" value="false" />
<!-- Defines if a certain profile should be applied for each user by default.
If the setting is not specified or is empty, no particular profile item is used.
Default is ""
-->
<!-- ENABLE SORT OPERATION
Determines whether the sorting is enabled
-->
<setting name="LDAP.EnableSorting" value="false" />
<!-- Default Sort Key-->
<setting name="LDAP.SortKey" value="codePage" />
<!-- LDAP GET ALL USERS SIZE LIMIT
Determines the max number of returned users for GetAll method
-->
<setting name="LDAP.SizeLimit" value="1000" />
<!-- LDAP FIND USERS SIZE LIMIT
Determines the max number of returned users for GetAll method
-->
<setting name="LDAP.FindSizeLimit" value="100" />
<!-- LDAP USER CACHE SIZE
Determines the size of the ldap users cache.
Specify the value in bytes or append the value with KB, MB or GB
A value of 0 (zero) disables the cache.
-->
<setting name="LDAP.Caching.UserCache" value="2MB" />
<!-- LDAP MEMBEROF CACHE SIZE
Determines the size of the ldap users cache.
Specify the value in bytes or append the value with KB, MB or GB
A value of 0 (zero) disables the cache.
-->
<setting name="LDAP.Caching.MemberOfCache" value="2MB" />
<!-- LDAP MEMBERS CACHE SIZE
Determines the size of the ldap users cache.
Specify the value in bytes or append the value with KB, MB or GB
A value of 0 (zero) disables the cache.
-->
<setting name="LDAP.Caching.MembersCache" value="2MB" />
<!-- SETTINGS PROPERTY VALUE FACTORY
Returns an SettingsPropertyValueFactory interface that resolves the active directory properties.
-->
<setting name="LDAP.SettingsPropertyValueFactory" value="LightLDAP.SettingsPropertyValueFactory, LightLDAP" />
<!-- RECONNECT PERIOD
Determines a reconnect period for attempts to restore connection after the connection gets break.
-->
<setting name="LDAP.ReconnectPeriod" value="0.00:00:10" />
<!-- TIME OUT NOTIFICATION
Determines a timeout for notification.
-->
<setting name="LDAP.NotificationTimeOut" value="1.00:00:00" />
<!-- FULL NAME PROPERTY NAME
Determines the full name property mapping.
-->
<setting name="LDAP.FullName" value="ad|unicode string|displayName" />
<!-- DELETE USER SCOPE
Determines the scope of the "delete user" operation.
-->
<setting name="LDAP.DeleteScope" value="Subtree" />
<!-- MAX VALUE RANGE
Determines the maximal value of an AD range attribute.
-->
<setting name="LDAP.MaxValueRange" value="1500" />
</settings>
【讨论】:
以上是关于即使在分配 sitecore\Sitecore Client Users 角色时,广告用户也无法登录的主要内容,如果未能解决你的问题,请参考以下文章
即使在 R 中使用磁盘框架后,也无法分配 10.3mb 的向量
OpenMP 中的 C++ 动态内存分配速度较慢,即使对于非并行代码段也是如此