AD Membership Provider Can't See User Attributes

J

John F. Holliday

I need to use the ActiveDirectoryMembershipProvider in my application.
I have setup the provider in the web config, etc. When I use the ASP.NET
configuration utility and select the Security tab, it throws an
exception saying that the attribute 'userPasswordQuestion' specified for
the attributeMapPasswordQuestion property is not an attribute of the
user class.



I extended the AD attributes and mapped them to the 'user' class. To
validate them, I used ADSIEdit to add simple editing functions to the
context menu of the AD Users and Computers console. Sure enough, when I
right-click on any user in any OU, I see the 5 attributes listed and the
console calls my custom VB script that displays the current value of the
attribute and lets me set the value to anything I want. Bottom line -
the attributes do exist and are indeed associated with the user class.



I rebooted the machine and ran the application again. Now the exception
is different. It says that the userPasswordQuestion attribute must be
of type 'Directory String'. All of the documentation I have read says
to set it to "Context Insensitive String". I went back to the AD schema
and tried to create an attribute of type 'Directory String', but no such
type exists.



What is going on? And why is this so difficult?
 
J

John F. Holliday

I added another couple of attributes named 'pwdQuestion' and
'pwdAnswer', both of type 'Unicode String'. At first, the only
attribute it recognized was pwdQuestion. Although both attributes are
the same type, it took about 10 minutes before it started recognizing
pwdAnswer. This tells me there was some sort of system-wide indexing
that needed to complete before the app would recognize the attribute as
being associated with the user class.



After it recognized both attributes, I was able to see the users in the
designated OU. So far - so good. But when I try to create a user, it
throws a huge exception saying there was a problem with the _InvokeFast
method. No additional details. Apparently, it is trying to store the
question and the answer and hitting a problem. I'm guessing security?
I'm using a domain administrator account to connect to LDAP. Should I
be using a different account?

--

John F. Holliday | Principal Architect - Information Worker Solutions

Idea Integration, A MPS Group Company





<
I need to use the ActiveDirectoryMembershipProvider in my application.
I have setup the provider in the web config, etc. When I use the ASP.NET
configuration utility and select the Security tab, it throws an
exception saying that the attribute 'userPasswordQuestion' specified for
the attributeMapPasswordQuestion property is not an attribute of the
user class.



I extended the AD attributes and mapped them to the 'user' class. To
validate them, I used ADSIEdit to add simple editing functions to the
context menu of the AD Users and Computers console. Sure enough, when I
right-click on any user in any OU, I see the 5 attributes listed and the
console calls my custom VB script that displays the current value of the
attribute and lets me set the value to anything I want. Bottom line -
the attributes do exist and are indeed associated with the user class.



I rebooted the machine and ran the application again. Now the exception
is different. It says that the userPasswordQuestion attribute must be
of type 'Directory String'. All of the documentation I have read says
to set it to "Context Insensitive String". I went back to the AD schema
and tried to create an attribute of type 'Directory String', but no such
type exists.



What is going on? And why is this so difficult?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top