Open alexchandel opened 8 years ago
alexchandel
commented
8 years ago What's more, even attempting to switch to "ActiveDirectory" results in the deletion of all my repository metadata, losing all the groups and replacing all the descriptions with "Discovered in file system."
RedX2501
commented
8 years ago AuthenticationProvider value="windows" does not keep the passwords in the database in sync anymore but will use those provided by windows ignoring the ones stored in the DB. Therefore they will still be up to date from an user perspective.
alexchandel
commented
8 years ago @RedX2501 Our domain requires users to change their passwords every few months, so being up to date is a necessity.
But does this means that, even though I may have <add key="MembershipService" value="Internal" />, having AuthenticationProvider value="windows" will still cause Bonobo to automatically get/create users and sync their passwords with the Windows host machine and, assuming that machine is on the domain, the AD domain as well?
That is very, very far from obvious in the documentation.
Also, since upgrading to 5.2, I get 404 errors whenever I try to view the Account page (from /Account/Index, e.g. /Account/FooDomainBar%5CFooUserBar/Edit) of anyone who hasn't signed in since upgrading except the builtin admin.
alexchandel
commented
8 years ago And it appears git command-line authentication (via http) also fails for these accounts. :\
alexchandel
commented
8 years ago There is a lone error message, printed sporadically every few minutes:
Native library pre-loader is trying to load native SQLite library "C:\inetpub\wwwroot\git\bin\x86\SQLite.Interop.dll"...It's because it will not sync the account information. It will fetch once the users information, except for password and store it in the db. When using Windows auth Bonobo never sees your password.
On every authentication it will query the server if the password is ok.
The format of the url might have changed, not sure though.
RedX2501
commented
8 years ago Your setup should be <AuthenticationProvider value='Windows'/> with <MembershipService value='Internal' />
This should keep all the data you already have. This will also use the passwords provided by your domain, meaning that the user will use their domain usernames and passwords and they will be updated when they are changed in the domain (we never store them locally). If you have \ in your user name you will have to wait for the 6.0 release as there are still some problems in 5.x with those.
Please post the git url you are using along with your server URL.
larshg
commented
7 years ago @alexchandel can you please try 6.1?
In this setup, IIS only uses Basic Authentication, while Bonobo only has
<authentication mode="Windows">enabled. There is one IIS application, and clients use their AD username/password to log in. But the server configures its own teams.However, the 5.0/5.2 changelog provides no indication on how these map to 5.2's configuration options. It mentions
<add key="AuthenticationProvider" value="Windows" />, but suggests this doesn't keep passwords in sync any more. It recommends<add key="MembershipService" value="ActiveDirectory" />, but I don't want to use Active Directory member groups or groups or teams or roles or anything else. I just want to authenticate with AD accounts: I want to users to use their same account/password. This isn't that complicated.The migration notes are of little help too. It refers to two server instances, but I only have one.