Peter Keating

Developer from the New Forest in the South of England.

Released Active Directory Authorization Module 1.1 for Orchard


Towards the end of the last year we (Moov2) released our first open source Orchard module to the Orchard gallery. The module overrides the default authentication and authorization by using the currently logged in active directory user instead of requiring the user to enter credentials. Since its release the module has been downloaded over 400 times, this is more than we ever thought it would be, we are very chuffed. The module was primarily used for a client project and since the initial release we have made a few changes to fix bugs and improve the module. The module has also received feedback of issues and improvements via Github that we have been keeping on top of. The next version of the module is ready and an update has been pushed to the Orchard gallery ready for you to download. We strongly recommend if your currently using the original module (version 1.0) that you update to get the bug fixes and improvements listed below.

Lets start with the bug fixes.

  • Fixed bug where an active directory user would have more than one Orchard user created. Thanks to Hugh Kwong for his elegant solution to this bug.
  • Fixed bug causing a silent exception thrown when the context was null. This was causing the log file to be clogged up with many of these errors making it difficult to debug Orchard for other errors. Thanks to Matt Sheeley for contributing to the fix.
  • Fixed bug causing an exception when using the module with the content permission module that is installed in Orchard by default. Thanks to Tayvius for reporting this one.

Below are the improvements we have made to the module.

  • Active Directory users are always created as an Orchard user regardless of the role. Before only users with access to the dashboard were being created as an Orchard user.
  • When a connection can be established with LDAP, the email address for the active directory user is used when creating the Orchard user. Thanks to Matt Sheeley for this contribution.
  • Roles set on the Orchard user via the administration dashboard as well as the roles applied to the active directory user roles are taken into account during authorization. This is extremely useful for those who aren't able to access or comfortable with active directory. Thanks to Matt Sheeley for this contribution.
  • When creating an Orchard user the roles on the active directory user are compared against the roles available in Orchard. Matched roles are applied to the created Orchard user. An example would be if the active directory user had a role called "Administrator", the created Orchard user will have the "Administrator" role.

Unfortunately those updating from the original module will not get the application of roles and email address on the Orchard user if they've already had one created. This is because the Orchard user that represents the active directory user is only created on their first visit to your Orchard site. This is definitely something we are going to be looking to improve for the next version of the module.

A massive thanks to all those who got involved opening issues and contributing pull requests on Github. We have really enjoyed your contributions and always welcome any help to improve the module. If you find any issues with the module or wish to highlight something that you would like to module to do then please don't hesitate to get involved in the Github repository.

Back to Posts

-->