"chand" <chandmk@gmail.com> wrote in message
news:1184956704.256139.265320@w3g2000hsg.googlegroups.com...
> Hi,
>
> I am using ActiveDirectoryProvider to authenticate users (AD). If I
> point my provider to the root of AD every thing works fine.
>
> If I point the provider to a CN which has a group of users under a
> nested container under root I am getting the following error.
>
> Root --> OU1--> OU12--> CN
>
> My connection is pointing to the CN.
>
>
> "User objects cannot be created in the specified container"
>
> I tried reflect over the AD provider and found that the provider is
> failing at the following method,
>
> DirectoryAttribute objectClass =
> response.Entries[0].Attributes["objectClass"];
> if (!this.ContainerIsSuperiorOfUser(objectClass))
> {
> throw new
> ProviderException(SR.GetString("ADMembership_Container_not_superior"));
> }
> Is there a problem with configuration of AD?
>
> Thanks,
> chand
>

"chand" <chandmk@gmail.com> wrote in message
news:1185105351.297510.283090@n60g2000hse.googlegroups.com...
> Hi Joe,
>
> Thank you for replying. Yes. CN is a group object. This CN has a list
> of members that are allowed to access my application. This
> configuration is identical to other CNs used by other applications
> like "Business Objects" in the organization.
>
> Root --> OU1--> OU12--> CN (group)
>
> 1. If I point the connection to Root, every thing works fine. But this
> would allow every one in the organization to access my application.
> The goal is to restrict access to a group of users
>
> 2. If I point the LDAP connection to OU12, I am not getting the above
> error. However provider's 'ValidateUser' method is returning false for
> any member in the CN group. Either this method is not searching the
> group or not finding the users in the group. I am using
> sAMAccountName attribute.
>
> 3. If we put a test user directly under OU12 every thing works. Is
> this the only way to configure AD to work with
> ActiveDirectoyMembershipProvider? Using the groups under OUs seems to
> be the reasonable option as this allows the admin to manage users
> without worrying about different applications.
>
> Thank you,
> chand
>

On Jul 23, 9:09 am, chand <chan...@gmail.com> wrote:
> OK. We made our application users, members of a group and assigned
> that group to a OU container. And I am using the container as my
> connection string. But it appears that asp.net membership provider
> cannot Bind the users of that group. It simply returns invalid login
> attempt error. Could it be that provider doesn't support users of a
> group under a container?
>
> Thanks,
> chand