Troubleshooting LDAP/AD
Versions:
4.10 - 4.70,
FAQ number:
62,
Old FAQ number: 902
Q: When I log on EPiServer with an AD account I can not get the access rights from the AD groups that the account is a member of, why?
A: Check the following:
1. Are you using forms authentication? (note that EPiServer does only support integrated Windows authentication in version 4.22 and later)
2. Have you typed the name and password correctly? Note that case is important.
3. Verify that the account really logged in with an AD account using LDAP authentication, see below.
Verify that the account is an LDAP account
EPiServer will first try to authenticate the account using LDAP and if it succeeds the account will show up as an LDAP account in the user list in admin mode. Go to admin mode and search for the account you want to verify. The icon next to the account name defines the account type according to the following:
 |
LDAP user |
 |
LDAP group |
 |
Domain group |
 |
Local group |
 |
Windows user |
 |
Extranet user |
 |
Builtin group |
 |
Builtin user |
If EPiServer authenticated the account successfully using LDAP you should see the AD user icon which means that everything is setup alright.
If you see the Windows user icon instead of the LDAP user icon it means that the authentication of the AD user has failed and the account logged on as a Windows user (which is the fallback plan if LDAP authentication fails). In that case, go back and check all settings.