Active Directory multiples domains in a forest

[devaraja666]

i don't find a way to add users from others domains in a forest

[larshg]

@devaraja666 there has been some updates on multiple domains - if you can add all users to the same membergroup (if there is a trust between domains?) then it should work? Can you test 6.1?

I'm no expert in AD multidomain, so maybe I'm off track here.

[devaraja666]

Hi @larshg I tried the new version, i can see now the users information for the accounts in the forest that are in the MemberGroup, but now i cant add group that have space in teh name, in previous versions the group name could have spaces, but now if the group name have spaces the site wont load, it only shows a white background.

This is my configuration: `

<add key="MembershipService" value="ActiveDirectory" />
<add key="ActiveDirectoryBackendPath" value="~\App_Data\ADBackend" />
<add key="ActiveDirectoryMemberGroupName" value="Git" />
<add key="ActiveDirectoryTeamMapping" value="Developers='Group Developers, Testers=Group Testers" />
<add key="ActiveDirectoryRoleMapping" value="Administrator=GitAdmins" />`

In the log that i'm including you can see that it gave an [Error] Exception caught in Global.asax1

I try to put the groups inside a single quotation mark but they came back sating that it Could not find principal group: 'Group Testers' because is looking for teh group name 'Group Testers' insted of Group Testers

If i used a group with no spaces, it detect the menbers and the site does load.

log-20170421.txt

[larshg]

Hi

Thanks for the response.

I'll try to investigate where the group names with spaces doesn't work :-)

[willdean]

New logging looks good ;-)

[larshg]

@devaraja666 I just tested with a group name with spaces and it find that group without problems. Can you double check the spelling of the names etc?

I'll try add some more logging to the /home/Diagnostics page to see if we can query some useful info.

[willdean]

@larshg If there's any way to get the AD servers to list all the groups (I guess that's the sort of thing you were thinking of adding to the home/diag page), then could we also dump all that to the log file if there's a problem finding a group? So the log file says "I couldn't find your group but here are all the ones I could find"

[larshg]

Yes, I was thinking about doing something like that. I'll see what I can do :)

[larshg]

@devaraja666 Can you try out the artifact from this build when it is done: https://ci.appveyor.com/project/jakubgarfield/bonobo-git-server/build/564/artifacts

And navigate to /home/dianostics and verify that you can find the group names that you want to use.

[willdean]

@devaraja666 To go to /home/diagnostics you have to be running a browser on the same machine as is serving Bonobo...

[devaraja666]

@larshg I found the problem, i had 2 users in the "Group Developers" that where not part of the "Git" group. as soon I added the user to the git group the site load correctly.

This does not happen in the previous version, that i why i did not notices it, after doing a lot of testing, creating new group, I added a user that was not included in the "ActiveDirectoryMemberGroup" Git, to a "TeamMapping" group and i got the error.

that is why the system throw an Error occurred and caught in Global.asax - System.NullReferenceException: Object reference not set to an instance of an object.

Because is trying to match a user in the team that is not part of the "ActiveDirectoryMemberGroup".

It could be a good idea to add a condition to ignore a user that is not part of the member group, or to do a warning in the log to show the user.

Thank you so much for your help.

diagnostics.txt log-20170424.txt

[larshg]

Thanks for reporting back - I'll try to investigate and figure out how to properly handle it :)