Views: 1405
Last Modified: 29.08.2023

Some frequent issues and solutions

After updating the user AD profile, the data returns to initial value

Profile of users, authenticating via Active Directory synchronizes with AD server on each entry, with locally updated settings are re-written with data, specified at the server. This behaviour can be changed as follows:

  • either by defining local authorization for this user (you need to manually set the same password as in the AD and edit Authorization type at the Internal authorization at the user profile page. Then, user authorization will be performed locally instead of at AD;
  • or introduce updates to user data not at the site, but in AD. Then, this data is also updated automatically on site when synchronizing with server;
  • or reduce the number of fields used for synchronization in AD server settings at the site (Settings > AD/LDAP, tab Field settings ). In this case, during the user import from AD/LDAP For user import from Active Directory / LDAP you can perform the following...

    Learn more ...
    (Settings > Users > User Import), for example, indicate the required fields and then delete all fields in the AD server settings. This results for user initially having all necessary data that can be subsequently updated.

"Remember me on this computer" is not working for AD user

The password cannot be memorized, because upon AD user authentication the system queries the settings-defined AD/LDAP server and verifies the availability of user with specified login and password in the user database at the corporate server for subsequent authorization General module performance is described with the following sequence of actions:
1. User is authorized in Bitrix Framework (enters login and password, used by user for authorization in the corporate network)...

(see the article How it works).

Due to security reasons, site does not save login and password details.

Access to Extranet section without NTLM

To correctly configure access to the folder extranet without the authentication via NTLM, you need:

  1. Add the following strings to the file /.htaccess:
    AuthName "My Intranet"
    AuthType SSPI
    SSPIAuth On
    SSPIPackage NTLM
    SSPIDomain MYDOMAIN
    SSPIPerRequestAuth On
    SSPIAuthoritative On
    SSPIOfferBasic On
    Require valid-user
      
  2. Inside the files /extranet/.htaccess and /bitrix/.htaccess, add the string:
    Satisfy any
      
  3. Inside /bitrix/admin/.htaccess, add:
    Satisfy all
      

In the result, NTLM authentication will operate for all folders in the site public section, except for extranet, as well as in the site admin section.

Authentication setup at IIS

Authorization config when using IIS server is performed in the similar manner as the Linux settings If you do not use Virtual Appliance - BitrixVM or Linux (BitrixEnv), you need to configure your environment for handling AD/LDAP.

Learn more...
. The situation includes an already configured IIS sever for working with PHP, domain authentication is permitted and the site ports are configured accordingly: 8890 (for http) or 8891 (for https) and 80 (for http) or 443 (https).



0


Courses developed by Bitrix24