LDAP/AD Role group user login issue in sharepoint 2010 FBA with LDAP

Similar Messages

• Set "peoples or groups" field with current user "login name" in sharepoint list form using javascript

  hi friends
  i am trying to set peoples or groups field in sharepoint  list form with current user login name
  here my code
  <script src="http://ajax.aspnetcdn.com/ajax/jquery/jquery-1.9.0.js"></script>
  <script type="text/javascript">
  $(document).ready(function NewItemView () {
  var currentUser;
      if (SP.ClientContext != null) {
        SP.SOD.executeOrDelayUntilScriptLoaded(getCurrentUser, 'SP.js');
      else {
        SP.SOD.executeFunc('sp.js', null, getCurrentUser);
      function getCurrentUser() {
        var context = new SP.ClientContext.get_current();
        var web = context.get_web();
        currentUser = web.get_currentUser();
        context.load(currentUser);
        context.executeQueryAsync(onSuccessMethod, onRequestFail);
      function onSuccessMethod(sender, args) {
        var account = currentUser.get_loginName();
        var accountEmail = currentUser.get_email();
        var currentUserAccount = account.substring(account.indexOf("|") + 1);
      SetAndResolvePeoplePicker("requester",account);
  // This function runs if the executeQueryAsync call fails.
      function onRequestFail(sender, args) {
        alert('request failed' + args.get_message() + '\n' + args.get_stackTrace());
   function SetAndResolvePeoplePicker(fieldName, userAccountName) {
     var controlName = fieldName;
      var peoplePickerDiv = $("[id$='ClientPeoplePicker'][title='" + controlName + "']");
      var peoplePickerEditor = peoplePickerDiv.find("[title='" + controlName + "']");
      var spPeoplePicker = SPClientPeoplePicker.SPClientPeoplePickerDict[peoplePickerDiv[0].id];
      peoplePickerEditor.val(userAccountName);
      spPeoplePicker.AddUnresolvedUserFromEditor(true);
  </script>
  but it is not working
  please help me

  Hi,
  According to your post, my understanding is that you wanted to set "peoples or groups" field with current user "login name" in SharePoint list form using JavaScript.
  To set "peoples or groups" field with current user "login name”,  you can use the below code:
  <script src="http://ajax.aspnetcdn.com/ajax/jquery/jquery-1.9.0.js"></script>
  <script type="text/javascript">
  function SetPickerValue(pickerid, key, dispval) {
  var xml = '<Entities Append="False" Error="" Separator=";" MaxHeight="3">';
  xml = xml + PreparePickerEntityXml(key, dispval);
  xml = xml + '</Entities>';
  EntityEditorCallback(xml, pickerid, true);
  function PreparePickerEntityXml(key, dispval) {
  return '<Entity Key="' + key + '" DisplayText="' + dispval + '" IsResolved="True" Description="' + key + '"><MultipleMatches /></Entity>';
  function GetCurrentUserAndInsertIntoUserField() {
  var context = new SP.ClientContext.get_current();
  var web = context.get_web();
  this._currentUser = web.get_currentUser();
  context.load(this._currentUser);
  context.executeQueryAsync(Function.createDelegate(this, this.onSuccess),
  Function.createDelegate(this, this.onFailure));
  function onSuccess(sender, args) {
  SetPickerValue('ctl00_m_g_99f3303a_dffa_4436_8bfa_3511d9ffddc0_ctl00_ctl05_ctl01_ctl00_ctl00_ctl04_ctl00_ctl00_UserField', this._currentUser.get_loginName(),
  this._currentUser.get_title());
  function onFaiure(sender, args) {
  alert(args.get_message() + ' ' + args.get_stackTrace());
  ExecuteOrDelayUntilScriptLoaded(GetCurrentUserAndInsertIntoUserField, "sp.js");
  </script>
  More information:
  http://alexeybbb.blogspot.com/2012/10/sharepoint-set-peoplepicker-via-js.html
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• We are using SharePoint 2010 server with service pack 1 want to remove/delete old user profiles & site from server

  Hi Team,
  We are using SharePoint 2010 server with service pack 1, we want to remove/delete old user profiles, access & site from server
  is there any script or feature available using that we can only remove dactivated/deleted/old user profiles, access & site.
  Thanks
  NPratik

  Take a look at Metalogix ControlPoint, which will compare user accounts on SharePoint to Active Directory and remove accounts that no longer exist in AD (or are disabled).
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• AD users login issue.

  Hi All,
  We are getting login issue on our UAT server. AD users are not able to login into share point,it again prompting login box after entering correct username and password.
  When we add that user to local admin group then it works.

  May be you are try it on same sharepoint machine. If you try some other machine it will work fine. You need to create a registry key for that. This is a known issue with sharepoint
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  DWORD DisableLoopbackCheck
  Value. 1
  http://support.microsoft.com/kb/896861

• CUPS 8.0 end user login issue

  Hi All,
  I am having CUCM 7.1.5 and CUPS 8.0(4) installed. The problem is when I tried to login the CUPS user page the it says "login failed". The CUPS intergration with CUCM seem to be fine because all the end users can be seen in CUPS. But I am not able to login the CUPS user page. Users have needed roles assigned to them.
  CUCM is sycronized with LDAP server over SSL
  Can anyone pls help me on this. What else I need to check? Is there any log to check on CUCM or CUPS?
  Thanks

  Hi Ronak,
  It is not the problem login to the CUPC  (still I didn't tried it), I have problem login to the CUPS User Web page using end user credentials in CUCM
  End users have needed roles assigned and they also are CUP enabled users
  Pls can you suggest me to any thing to check, As I said our CUCM is sycronized with LDAP server over SSL
  Thanks

• Exchange 2003/2010 Coexistance - User login Issue

  Hello
  We have deployed Exchange 2010 SP3 in coexistance with 2003 and created connectors.
  2003/2010 both Users are not able to login on 2010 OWA and error showing that username/PW is wrong although they are working on OWA 2003 perfectly.
  When i add the same user to the local admin group on the Ex2010 server, it works fine with email send/receive. i am confused please suggest what i am missing....Regards
  Waseem

  Hello
  This is the error that occured during that time.
  SACL Watcher servicelet encountered an error while monitoring SACL change.
  Got error 1722 opening group policy on system SERVER.DOMAIN in domain MYDOMAIN.
  Event ID 6003
  Source : MSExchange SACL Watcher
  i am not sure if its related to this problem.
  Secondly i have also tested to run the "Microsoft Exchange Active Directory Topology Service" with a new user having all the rights of exchange & AD groups but its showing giving the error that it cant run the dependency
  services. currently this service is running with the local account rights.
  I just add the test users (moved from 2003 and new user created in 2010) to the local admin group and it works fine, please give any idea what may be the problem in rights or something else ??
  Regards
  Waseem

• User profiles with multiple login accounts in SharePoint 2010

  Hello,
  Consider the following scenario:
  We have Active Directory that is accessible inside our network. Except the sites, accessible from the corporate network, we are exposing SharePoint sites from the same farm on the internet, using claims based authentication with ADFS 2.0 using the same
  AD instance as in the intranet.
  The problems is that the claims based accounts are not linked to the profiles, that are created for the users by the User Profiles Synchronisation service.
  Is there a way to configure the user profiles so if our users are signing in from internet, to access the same profiles that they have, when accessing the SharePoint sites from intranet?
  (I've searched a lot, I didn't find excat solution. I've found something related to SPCLaims properties and had confugred them to sync with the AD using the "claims" trusted connection, but the problem remains.)
  This is simmilar to allow our users to login using their Facebook, Google, OpenID identity or the identity in our AD. How can this be done?

  SharePoint user profiles are not populated automatically when using claims-based authentication methods. You must create and populate these profiles yourself, typically in code. Users that map to existing accounts when you migrate to claims-based authentication
  will use any existing profile information, but other users and new users will not have profile information. For information about how you can populate user profiles when using claims-based authentication, see "Trusted Identity Providers & User Profile
  Synchronization" at
  http://blogs.msdn.com/b/brporter/archive/2010/07/19/trusted-identity-providers-amp-user-profile-synchronization.aspx.
  The same limitation occurs when using SharePoint Audiences. You cannot use user-based audiences directly unless you create custom code to support this, but you can use property-based audiences that make use of claims values. For information, see "Using Audiences
  with Claims Auth Sites in SharePoint 2010" at
  http://blogs.technet.com/b/speschka/archive/2010/06/12/using-audiences-with-claims-auth-sites-in-sharepoint-2010.aspx.
  From: http://msdn.microsoft.com/en-us/library/hh446523.aspx

• Navigation links are visible to all groups even after applying specific target audience group in to links at sharepoint 2010 publishing site

  Hi ,
     Any one please help me on why the global navigation links are visible to all group users  even after applying a specific target audience group to the link. I Checked , User profile service  and User profile synchronizing services
  and they are running fine. Test environment is running fine even both the services are not running. Please let me know is any relation should be there between target audience and User profile services?
     I am wondering that the Target Audience is not working in global navigation suddenly in production server and the same is working in test server.
  Thanks & Regards,
  NareshRaju YV,
  Infosys.

  Hi NareshRaju,
  Did you add SharePoint Groups to Target Audience ? if yes please refer http://social.technet.microsoft.com/Forums/sharepoint/en-US/7862f182-c6a2-4d2e-9025-b11514575ac3/audience-targeting-for-navigation-link-issue?forum=sharepointgenerallegacy and
  you will get solution
  Let us now if this helps, thanks
  Regards,
  Pratik Vyas | SharePoint Consultant |
  http://sharepointpratik.blogspot.com
  Posting is provided AS IS with no warranties, and confers no rights
  Please remember to click Mark As Answer if a post solves your problem or
  Vote As Helpful if it was useful.

• How to populate a sharepoint 2010 list from the active directory. How to populate a sharepoint 2010 list with all sharepoint user profiles

  How to populate a sharepoint 2010 from the active directory.
  I want a list of all the computers in the active directory,
  another one with all users.
  I want also to populate a sharepoint 2010 list from the sharepoint user profiles.
  Thanks
  sz

  While
  the contacts list is usually filled out for contacts that are outside the company, there are times when you would use a contacts list to store internal and external resources.  Wouldn’t it be nice if you didn’t have to re-type your internal contacts’
  information that are already in the system?  Now you can with a little InfoPath customization on the contacts list. 
  Here’s our plan:
  Create the contacts list, and open in InfoPath
  Create a data connection to the User Profile web service
  Customize the form adding some text, a people picker and a button
  Create InfoPath rules that will populate the contact fields from the user fields in the User Profile store
  Let’s get going!  Before we begin, make sure you have InfoPath 2010 installed locally on your computer.  I also want to give credit Laura
  Rogers and Darvish Shadravan’s book Using
  Microsoft InfoPath 2010 with Microsoft SharePoint 2010 Step by Step.  I know it looks like a lot of steps, but it’s easy once you get the hang of it.
  So obviously we need a contacts list.  If you don’t already have one, go to the SharePoint site where it will live, and create a contacts list.
  From the list, click the List tab on the ribbon, then click Customize form:
  So now we have our form open in InfoPath 2010.  Let’s add our elements to the form. 
  Above all the fields, let’s add some text instructing users what to do with the the field we’re about to add (.e.g To enter an existing user’s information, choose the user below).
  Insert a people picker control by clicking the Person/Group Picker control in the Controls section of the ribbon.  This will add a column to the contacts list called group.
  Below the people picker, insert a button control from the same section of the ribbon as above.  With the button still highlighted, click the Control Tools|Properties tab on the ribbon. 
  Then in the Label box, change the text to something more appropriate to our task (e.g. Click here to load user data!).
  You can drag the button control a little larger to account for the text.
  We should end up with something like this:
  Before we can populate the fields with user data, we need to create a connection to the User Profile Service.
  Add a data connection to the User Profile Service
  Click the Data tab on the ribbon, and click the option From Web Service, and From SOAP Web Service.
  For the location, enter the URL of your SharePoint site in the following format – http://<site url>/_vti_bin/UserProfileService.asmx?WSDL.  Click Next.
  Note - for the URL, it can be any SharePoint site URL, not just to the site where your list is.
  For the operation, choose GetUserProfileByName.  Click Next.
  Click Next on the next two screens.
  On the final screen, uncheck the box for “Automatically retrieve data when form is opened”. This is because we are going to retrieve the data when the button is clicked, also for performance reasons.
  Now we need to wire up the actions on our button to populate the fields with the information for the user in the people picker control.
  Tell the form to read the user from the people picker control
  Click the Home tab on the ribbon.
  Click the button control we created, and under the Rules section of the ribbon, click Manage Rules. Notice the pane appear on the far right.
  In the Rules pane, click New –> Action. Change the name to something like “Query and load user data”.
  Leave the condition to default (none – rule runs when button is clicked).
  Click the Add button next to “Run these actions:”, and choose “Set a field’s value”.
  For Field, click the button on the right to load the select a field dialog.  Click the Show advanced view on the bottom.  At the top, click the drop down and choose the GetUserProfileByName
  (Secondary) option.  Expand myFields and queryFields to the last option and highlightAccountName.  Click ok. 
  For Value, click the formula icon. On the formula screen, click the Insert Field or Group button. Again click the show advanced view link, but this time leave the data
  connection as Main. Expand dataFields, then mySharePointListItem_RW.  At the bottom you should see a folder called group (the people picker control we just added to the form).  Expand this, then pc:Person,
  and highlightAccountId.  Click Ok twice to get back to the Rules pane.
  If we didn’t do this and just queried the user profile service, it would load the data of the currently logged in user.  So we need to tell the form what user to load the data for.  We take the AccountID field from the people
  picker control and inject into the AccountName query field of the User Profile Service data connection. 
  Load the user profile service information for the chosen user
  Click the Add button next to “Run these actions:”, and choose Query for data.
  In the popup, for Data connection, click the one we created earlier – GetUserProfileByName and clickOk.
  We’re closing in on our goal.  Let’s see our progress.  We should see something like this:
  Now that we have the user’s data read into the form, we can populate the fields in the contact form.  The number of steps to complete will depend on how many fields you want to populate.  We need to add an action step for
  each field.  I’ll show you one example and then you will just repeat the steps for the other fields.  Let’s update the Job Title field.
  Populate the contact form fields with existing user’s data
  Click the Add button next to “Run these actions:”, and choose “Set a field’s value”.
  For Field, click the button on the right to load the select a field dialog.  Highlight the field Job Title.
  For Value, click the formula icon. On the formula screen, click the Insert Field or Group button.  Click the Show advanced view on the bottom. At the top, click the
  drop down and choose theGetUserProfileByName (Secondary) option.  Expand the fields all the way down until you see the Value field.  Highlight it but don’t click ok, but click the Filter
  Data button, then Add. 
  For the first dropdown that says Value, choose Select a field or group.   The value field will be highlighted, but click the field Name field
  under PropertyData.  Click Ok. 
  In the blank field after “is equal to”, click in the box and choose Type text.  Then type the text Title. 
  Click ok until you get back to the Manage Rules pane.  The last previous screen will look like this.
  We’re going to update common fields that are in the user’s profile, and likely from Active Directory.  You can update fields like first and last name, company, mobile and work phone number, etc.  For the other fields, the
  steps are the same except the Field you choose to update from the form, and the very last step where you enter the text will change.  Here’s what the rules look like when we’re done:
  We’re all done, good work!  You can preview the form and try it now.  Click Ctrl+Shift+B to preview the form.  Once you’re satisfied, you can publish the form back to the library.  Click File –> Quick
  Publish.  Once it’s done, you will get confirmation:
  Now open your form in SharePoint.  From the contact list, click Add new item.  Type in a name, and click the button and watch the magic happen!

• Issues between SharePoint 2010 == Acrobat X Pro and autosave

  Hey all,
  Seeing two issues with Acrobat X Pro in an enterprise environment that also uses SharePoint 2010 heavily.
  #1
  Crashing Acrobat X Pro not autosaving correctly when dealing with partially remote user profiles. These are user profiles that are local (not roaming profiles), but are forced via registry to consider the Documents location to be a network location (accessible via CIFS). I noticed when helping a user that has lost work that the temporary autosave files are still local, and there did not seem to be a recovered document via Acrobat for this SharePoint-loaded PDF file. The user had this file checked out and had done a few hours of work when the crash happened. Any recommendation on:
  - reporting this to an Acrobat engineer, particularly the team working with SharePoint integration via the dll Acrobat uses to accomplish that
  - settings to tweak to ENSURE that crashes will leave recoverable autosaves when working in Acrobat directly on SharePoint 2010 PDF files
  #2
  The following error is produced in Acrobat when trying to click version history documents in SharePoint 2010. "The URL you have provided could not be reached. Please verify that the URL is correct and that the network location is reachable." The revision of the document is reachable, but through typical HTTP via a web browser...but not through the SharePoint <==> Acrobat X Pro COM object magic that works fine for currently checked out documents. Please see inserted image. Thoughts on a fix?

  update for anyone interested--
  #1, broken autosave functionality for acrobat documents controlled by SharePoint (i.e. checked out from SharePoint and then worked on), I have duplicated this for Adobe. They have confirmed this is a bug, and have assigned it bug number 3328962. This bug means that your autosaving settings for Acrobat documents in SharePoint will not do anything-- so crashes of Acrobat, your computer, etc. while you are working on an Adobe Acrobat document you checked out from SharePoint will leave you in the state of your last manual save (with the SharePoint server).

• Unable to read the FBA user user profile properties in Sharepoint 2010

  hi,
   how to read the FBA user profile properies in code . i have Sharepoint2010 FBA site when i need to read teh FBA user profile
  when i am trying read the properties by using
  UserProfile CurrentUserProfile = upm.GetUserProfile(i:0#.f|fbamembershipprovider|[email protected])
  i am getting soem exception like
  unable to read user profiles how  to fix this isse
  Srinivas

  hi,
  thanks for response i have fba data base in my sql server where user user formation will store  i am using (http://sharepoint2010fba.codeplex.com/documentation) . i am using user name as email id for user login. at the time of user signup process in
  to sharepoint i am storing the user deatils like user name ,password, passwordquestion, answer etc  at the same time i am storuing another deatils like firstname last name age sex etc to anothe list which is sharepoint2010 list. user login into sharepoint
  site i am getting the user display namelike"#:0|Parvider|[email protected] i need to change this name like "First Name Last Name " how can i do it.. database does not contain any deatils related to First Name Last Name this information extist
  in sharepoint list
  this is my requirement
  http://social.msdn.microsoft.com/Forums/sharepoint/en-US/ed543e3c-00e5-4a52-92ee-75f49cd0fbb2/how-to-change-the-user-display-name-in-fba-site-and-place-my-own-display-name-in-sharepoint2010-fba?forum=sharepointdevelopmentprevious#ed543e3c-00e5-4a52-92ee-75f49cd0fbb2
  Srinivas

• Issue using SharePoint 2010 with IE10 with MS Office Excel Viewer

  Hello,
  We are experiencing an issue with MS SharePoint 2010 Foundation and computers who have Internet Explorer 10 and the Microsoft Office Word Viewer 2003.  When opening Word documents from SharePoint, the Word Viewer opens, but no document is displayed.
   The MS Excel Viewer 2007 works and does open the Excel documents.
  Computers with MS Word Viewer 2003 and IE 9 works fine, it's just the IE10 PCs.  PCs that have the full version of Office it works fine with both IE9 and IE10.
  We have a segment of our PCs that need only read-only access to the Word and Excel files.  We tried Office Web App but found functionality issues (printing, etc.) and issues where the other segment of our PCs that have MS Office had to open the files
  in a specific way to manipulate them.
  Does anyone know of something that would be affecting the MS Word Viewer with IE10 with SharePoint?  Or know of an alternate viewer? 
  Thanks in advance.

  Hello Anthony,
  In IE10, please click F12 to open the DEV toolbar.
  Now search for Browser- and Document Mode.
  Set Browser Mode to Internet Explorer 8, that should work.
  This setting can be edited in your Masterpage.
  This is what you should put in:
  <meta
  http-equiv="X-UA-Compatible" content="IE=8" />

• EDirectory users login issue(Linux Systems)

  Dear team,
  For PDC(primary domain controller)::
  We have installed SLES11-SP3 and OES11-SP2 on the top of this.
  After this, we configured DSFW and eDirectory.
  Now, when we are trying to login eDirectory users from Windows System,, we are able to do this.
  But when we trying from Linux Systems, users are able to login but not getting their respective directory (/home/user_name)
  For ADC(additional domain controller)::
  We configured same configuration as shown above by replicating tree.
  For this server, when we are trying to login eDirectory users from Windows and Linux Systems, we able to do this successfully without any issue.
  Both Servers we are using for high availability.
  Please help us on the PDC.
  Thanks

  Dear Team,
  As you asked we don't know whether it is using ncp or dsfw, please let us know this also. I want to give you clear picture, step by step.
  Goal:
  1. We have two systems, need replication of edirectory Partition.
  2. We need to login from edirectory users in windows/linux both
  3. We want to login into windows systems like AD users from DSFW, using domain login.
  4. We need to login in Linux machine with eDirectory users using LDAP authentication
  5. We need to sync both systems 24x7x365
  Implementation:
  1. We have install SLES11-S3 with OES2-S2 in first machine with image name OES11-SP2-addon_with_SLES11-SP3-x86_64-DVD.iso (4GB image size)
  https://www.novell.com/documentation.../b11i67vh.html
  a) Installation of forest root domain.
  b) New tree : K_TREE
  c) FDN : cn=administrator,cn=Users,dc=k2,dc=gov,dc=in
  d) Net bios domain name = k2
  e) Configure this server as WINS server:selected check box
  f) Site name : DC
  Particulars:
  IP : 10.0.0.136
  Hostname: PDC.k2.gov.in
  Domain: k2.gov.in
  Netbios name: k2
  NTP: 10.0.0.136 (we dont have ntp server as of now)
  Selected : Use multicast to access SLP
  Novell modular authentication services: Challenge response, NDS
  Then Novell OES configuration successfully done.
  2. In second server we have replicated first edirectory server.
  a) SLP Server : blank
  b) NTP: 10.0.0.136
  c) Existing tree : K_TREE
  d) IP:10.0.0.135
  e) FDN: cn=administrator,cn=Users,dc=k2,dc=gov,dc=in
  f) Enter Server Context: dc=k2,dc=gov,dc=.in
  g) Hostname : ADC.k2.gov.in
  We have installed only iManager and edirectory with existing PDC eDirectory.
  Replication done successfully
  IP Hostname Partition Windows without agent Linux LDAP replication home directory in linux
  PDC 10.0.0.136 PDC.k2.gov.in k2 login login done yes
  ADC 10.0.0.135 ADC.k2.gov.in k2 login login done no
  Testing PDC :
  1. Windows 7, successfully joined DSFW domain : k2.gov.in
  2. Windows Users are able to login from edirectory/DSFW users
  3. Linux Users are also able to login with normal shell, but not getting home directory
  Testing ADC :
  1. Windows 7, successfully joined DSFW domain : k2.gov.in
  2. Windows Users are able to login from edirectory/DSFW users
  3. Linux Users are also able to login with normal shell, also getting home directory
  Query : In PDC (DSFW Domain k2.gov.in) Linux users are getting shell but not getting Home directory in RHEL-6.5, but ADC (DSFW Domain k2.gov.in) Linux Users are getting shell as well as Home directory also.

• Mac OSX Lion Server Network User Login Issue

  We have in the office a server running Mac OSX Lion, and several network users who've all been running happily for quite a will.
  About a month ago I was added to the system, and initially we had a few issues relating to the home directory, but we changed 'something' and it all worked.
  Fast forward to now, and we've added a new user - Hannah - to our system.
  I've added her in the Workgroup Manager, and set her up everywhere I can find on the server. Her home directory creates on the server fine.
  She appears in the Logon list on the client machines, and here's where the trouble starts...
  Every time she tries to log on, it fails. The logon box just bounces or wobbles as though the password is incorrect. We've tried changing the password, to no avail. We've tried adding new test users - same problem.
  We've tried sudo kinet on the Terminal as a local user, with variable results.
  I'm at my wits end, and really hoping someone here can help offer some suggestions or advice we can work through to get to the bottom of this.
  Thanks in advance!

  Your problems are likely occurring because you added her to the directory with Workgroup Manager.
  You should really start avoiding WGM when at all possible as Apple is clearly moving away from it. Because of this, things don't always work as expected when using 'legacy' tools like WGM.
  My guess as to what your problem is: When you create a new user in Server.app, two things happen for you automatically that WILL NOT HAPPEN if done from WGM.
  First the user is added to the default "Workgroup" group.
  More importantly (and the source of much confusion), the user is automatically added to SACLs.
  Check the SACL for the user in Server.app, I bet you'll notice that they aren't a member of the File Sharing group like they should be. To solve this problem, you can either delete the user and recreate them in Server.app, or manually add them to the appropriate SACL.
  I would opt for recreating them in Server.app if I were you, as I don't trust user accounts that originate in WGM on Lion Server.

• Wiki Server - AD User Login Issues (8002)

  I'm in the process of getting wiki server functioning in an AD integrated environment. We have login, portable home directories, and many other integrated services working properly, but I'm having trouble with wiki server. When logging in to the server using OD credentials, things function properly. However, when logging in with AD credentials, users are presented with "Invalid Session (8002)" in a web browser popup, and the server notes the following in its error logs:
  2008-07-02 09:29:45-0400 [HTTPChannel,12,127.0.0.1] Unhandled Error
  Traceback (most recent call last):
  File "/usr/share/caldavd/lib/python/twisted/web/http.py", line 598, in requestReceived
  self.process()
  File "/usr/share/caldavd/lib/python/twisted/web/server.py", line 150, in process
  self.render(resrc)
  File "/usr/share/caldavd/lib/python/twisted/web/server.py", line 157, in render
  body = resrc.render(self)
  File "/usr/share/wikid/lib/python/applexmlrpcserver/WebAppServer.py", line 70, in render
  d = defer.maybeDeferred(function, request, *args)
  --- <exception caught here> ---
  File "/usr/share/caldavd/lib/python/twisted/internet/defer.py", line 107, in maybeDeferred
  result = f(*args, **kw)
  File "/usr/share/wikid/lib/python/applexmlrpcserver/WebAppServer.py", line 91, in xmlrpc_login
  session = SessionHandler.sessionHandler.sessionForID(session_id)
  File "/usr/share/wikid/lib/python/apple_utilities/SessionHandler.py", line 155, in sessionForID
  return self.authProvider.avatarForSession(sessionid)
  File "/usr/share/wikid/lib/python/apple_utilities/Authentication.py", line 349, in avatarForSession
  return self.sessionFactory.getSession(sessionId)
  File "/usr/share/wikid/lib/python/apple_utilities/Authentication.py", line 210, in _func
  return f(self, *args, **kwargs)
  File "/usr/share/wikid/lib/python/apple_utilities/Authentication.py", line 269, in getSession
  raise InvalidSessionError(sessionId)
  apple_utilities.Authentication.InvalidSessionError: Invalid Session:
  2008-07-02 09:29:45-0400 [HTTPChannel,12,127.0.0.1] 127.0.0.1 - - [02/Jul/2008:13:29:44 +0000] "POST / HTTP/1.1" 200 1758 "http://cts-fs01/groups/cts/" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 1054; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1"
  Any suggestions or ideas? Smells like a bug to me unfortunately...
  Many thanks,
  Josh

  Clear text authentication must first be enabled for both Wiki and iCal in order for certain functionality to work in the OD/AD config. So there are a couple of workarounds that must be applied.
  For Wiki, there is a KBase article that provides instructions and background info on this subject:
  http://docs.info.apple.com/article?artnum=306750
  For iCal, you must edit the caldavd.plist file for the following:
  <key>Authentication</key>
  <dict>
  <key>Basic</key>
  <dict>
  <key>Enabled</key>
  <false/> <----- change to true
  </dict>
  <key>Digest</key>
  <dict>
  <key>Algorithm</key>
  <string>md5</string>
  <key>Enabled</key>
  <true/> <---------- change to false
  <key>Qop</key>
  <string></string>
  </dict>
  <key>Kerberos</key>
  <dict>
  <key>Enabled</key>
  <true/>
  <key>ServicePrincipal</key>
  <string></string>
  </dict>
  </dict>