星期二, 8月 22, 2006

DotNetNuke 4.3.3 Active Directory 整合認證

花了一整天的功夫,終於搞定DotNetNuke 4.3.3 的Windows Authentication,也就是Active Directory 整合認證。

照著Project ::Active Directorydavid@newcovenant.com的說明,做到第17步時發生問題,是因為我把<impersonate="true">也uncomment,這行不能啟動,否則sql express無法使用。

接下來做到第21步時出現錯誤,原因是AD的帳號沒有讀取到Name的資料,值為Null,必須patch source code,方法如下:
先下載DotNetNuke_4.3.3_Source.zip解開,
將 Library\Controls\DataGrids\TextColumnTemplate.vb 第182行
itemValue = DataBinder.Eval(container.DataItem, DataField).ToString()
改成以下4行
Try
itemValue = DataBinder.Eval(container.DataItem, DataField).ToString()
Catch
itemValue = Null.NullString
End Try

再重新編譯就行了。


看來目前.Net上Opensource的專案成熟度仍然太差,缺少像Xoops、JBoss這種Killer AP,而且參與人數也太少。

最後把David的27個步驟貼在後面:
1. For a fresh install, just go to the next step. If it's an upgrade, follow Tam Tran's instructions about the database entry, and the file deletion post above. Ignore the rest.
2. In IIS, open Properties on the web site or Virtual Directory > Directory Security tab > Edit button. Uncheck "Anonymous access" and "OK" your way out.
3. In Web.config, comment OUT the Windows Authentication block. Uncomment the Forms Authentication block.
4. Uncomment the "Authentication" item under "httpModules."
5. Log in with admin account.
6. Go to Admin > Authentication.
7. Check "Windows Authentication?"
8. Check "Synchronize Role?" if you want AD groups sync'ed. (Don't ask me if this doesn't work. Report it as a bug to Tam Tran.)
9. Leave "Provider:" at the default. There's normally only one choice, anyway.
10. Choose "Authentication Type." "Delegation" is a good choice in most cases.
11. "Root Domain:" If you want to authenticate and get groups from the Root forest, then leave this blank. Otherwise, enter the LDAP path to your desired AD tree. Use this format: "LDAP://dc=com,dc=this,dc=that." Using "LDAP://" in the entry overcomes a bug that exists.
12. In most circumstances, you can leave "User Name" and "Password" and "Confirm Password" blank. These are supposed to be for an account that has "Read" access to the active directory. In most cases, EVERY account has read access. So leaving these blank will cause DNN to use your domain account to read the directory.
13. Click "Update." You will get an error message at the next screen. That's OK. Your entries just went into the ModuleSettings table of the database.
14. Log out, and close the browser.
15. Open Web.config, and uncomment the Windows Authentication block. Comment OUT the Forms Authentication block.
16. Save web.config.
17. Open a browser and point it at the site. You should see that the "Login" link says "Logout." This indicates that you were automatically logged in using your AD account. You won't be able to do anything here but browse public pages. But in the background, a user account was created for you, like "domain\username."
18. Close the browser.
19. Open web.config. Disable Windows Authentication and enable Forms Authentication. Save web.config.
20. Open a browser and point it at the site. Log in as Admin.
21. Go to Admin > User Accounts. Click the "all" link. You should see your "domain\username" account in the list.
22. Click the pencil next to that account.
23. Click "Manage Roles for this User."
24. Add this user account to the "Administrators" Role.
25. Log out, and close the browser.
26. Open web.cofig. Last time, I promise. Enable Windows Authentication and disable Forms Authentication. Save web.config.
27. Open a browser and point it at the site. Now you should not only see "Logout" at the Login link, but you should also be able to use the "Admin" menu.

沒有留言: