After updating the user AD profile, the data returns to initial value
Profile of users, authenticating via Active Directory synchronizes with AD server on each entry, with locally updated settings are re-written with data, specified at the server. This behaviour can be changed as follows:
either by defining local authorization for this user (you need to manually set the same password as in the AD and edit Authorization type at the Internal authorization at the user profile page. Then, user authorization will be performed locally instead of at AD;
or introduce updates to user data not at the site, but in AD. Then, this data is also updated automatically on site when synchronizing with server;
or reduce the number of fields used for synchronization in AD server settings at the site (Settings > AD/LDAP, tab
Field settings
). In this case, during the
user import from AD/LDAP
For user import from Active Directory / LDAP you can perform the following...
Learn more ...
(Settings > Users > User Import), for example, indicate the required fields and then delete all fields in the AD server settings. This results for user initially having all necessary data that can be subsequently updated.
"Remember me on this computer" is not working for AD user
The password cannot be memorized, because upon AD user authentication the system queries the settings-defined AD/LDAP server and verifies the availability of user with specified login and password in the user database at the corporate server for
subsequent authorization
General module performance is described with the following sequence of actions:
1. User is authorized in Bitrix Framework (enters login and password, used by user for authorization in the corporate network)...
Due to security reasons, site does not save login and password details.
Access to Extranet section without NTLM
To correctly configure access to the folder extranet without the authentication via NTLM, you need:
Add the following strings to the file /.htaccess:
AuthName "My Intranet"
AuthType SSPI
SSPIAuth On
SSPIPackage NTLM
SSPIDomain MYDOMAIN
SSPIPerRequestAuth On
SSPIAuthoritative On
SSPIOfferBasic On
Require valid-user
Inside the files /extranet/.htaccess and /bitrix/.htaccess, add the string:
Satisfy any
Inside /bitrix/admin/.htaccess, add:
Satisfy all
In the result, NTLM authentication will operate for all folders in the site public section, except for extranet, as well as in the site admin section.
Authentication setup at IIS
Authorization config when using IIS server is performed in the similar manner as the
Linux settings
If you do not use Virtual Appliance - BitrixVM or Linux (BitrixEnv), you need to configure your environment for handling AD/LDAP.
Learn more...
. The situation includes an already configured IIS sever for working with PHP, domain authentication is permitted and the site ports are configured accordingly: 8890 (for http) or 8891 (for https) and 80 (for http) or 443 (https).
