0

I have Bonobo Git server (5.1.1.0) set up with Active Directory membership service (Running on Win 2012 R2). The group specified in the ActiveDirectoryMembergroupName has only two accounts added. The Administrator group specified in ActiveDirectroyRoleMapping has only one account (which is duplicated in the users group). When I go to the Users tab or to set permissions on a repository there are about 120 accounts listed. Most are accounts that have admin access to the server however a few of them I can't identify (other than being from the domain)

Here is the modified section of my web.config file:

<add key="AuthenticationProvider" value="Cookies" />
<!--<add key="AuthenticationProvider" value="Windows" />-->
<!--<add key="AuthenticationProvider" value="Federation" />-->
<!--<add key="MembershipService" value="Internal" /> -->

<add key="MembershipService" value="ActiveDirectory" />
<add key="ActiveDirectoryDefaultDomain" value="MY_DOMAIN.ORG" />
<add key="ActiveDirectoryBackendPath" value="~\App_Data\ADBackend" />
<add key="ActiveDirectoryMemberGroupName" value="MY_GIT_USERS" />
<!--<add key="ActiveDirectoryTeamMapping" value="Developers=GitTeam" /> -->
<add key="ActiveDirectoryRoleMapping" value="Administrator=MY_GIT_ADMINS" />

Does anyone know what I might be doing wrong here?

Thanks in advance.

Jim Dawson
  • 53
  • 3

2 Answers2

2

I had to restart the IIS service for something unrelated to this, when it restarted the extraneous user entries were gone.

Jim Dawson
  • 53
  • 3
  • Thanks! My AD integration was working fine but all of a sudden (after a hard reboot) couldn't login at all as I could before. Restarted the app in IIS manager & then the IIS service itself; good to go! Was about to do something more drastic.. – Reece Mar 09 '22 at 16:54
1

I answer I even has my problem.

Concerns of my accounts came from the not piece of information of UPN (UserPrincipalName) field certainly used by Bonobo.

Thus I made a power shell script getting back the field SamAccountName to inform UPN:

# Import du module Active Directory
import-module ActiveDirectory

# Récupération de tous les utilisateurs de l’AD dont le champ d'ouverture de session (UPN) est non renseigné
$users = Get-ADUser -Filter {UserPrincipalName -notlike "*"} -SearchBase "OU=myOU,DC=company,DC=my" -properties SamAccountName

# Boucle qui pour chaque utilisateur modifie son UPN
foreach ($user in $users) {

     # Modification des UPNs 

     #Mise à jour de l’UPN sur $($user) à la valeur $($UPN) »
    $user | Set-ADUser -UserPrincipalName $user.SamAccountName
    Write-Output $user.SamAccountName
}
Sio Fulbert
  • 11
  • 1