Re: User objects cannot be created in the specified container

---

• From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Sun, 22 Jul 2007 14:59:24 -0500

---

Groups are not containers. Groups have membership. These are totally
different things. In order to get users provisioned into the directory,
they will have to be in a container. They can be in only one container in
the hierarchy (think of it like a folder in a file system). Examples of
container classes include organizational units and containers.

Objects can be members of multiple groups. The membership of an object in a
group is not related to its location in the directory hierarchy.

So, you'll need to provision your users to a container. As to how to get
them to a member of a group, you can do that in code as well, but I don't
think it is supported by the membership provider by default. You would need
to implement that logic yourself.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"chand" <chandmk@xxxxxxxxx> wrote in message
news:1185105351.297510.283090@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi Joe,

Thank you for replying. Yes. CN is a group object. This CN has a list
of members that are allowed to access my application. This
configuration is identical to other CNs used by other applications
like "Business Objects" in the organization.

Root --> OU1--> OU12--> CN (group)

1. If I point the connection to Root, every thing works fine. But this
would allow every one in the organization to access my application.
The goal is to restrict access to a group of users

2. If I point the LDAP connection to OU12, I am not getting the above
error. However provider's 'ValidateUser' method is returning false for
any member in the CN group. Either this method is not searching the
group or not finding the users in the group. I am using
sAMAccountName attribute.

3. If we put a test user directly under OU12 every thing works. Is
this the only way to configure AD to work with
ActiveDirectoyMembershipProvider? Using the groups under OUs seems to
be the reasonable option as this allows the admin to manage users
without worrying about different applications.

Thank you,
chand

.

---

• Follow-Ups:
  • Re: User objects cannot be created in the specified container
    • From: chand

• References:
  • User objects cannot be created in the specified container
    • From: chand
  • Re: User objects cannot be created in the specified container
    • From: Joe Kaplan
  • Re: User objects cannot be created in the specified container
    • From: chand

• Prev by Date: Re: User objects cannot be created in the specified container
• Next by Date: Security controls in a web application
• Previous by thread: Re: User objects cannot be created in the specified container
• Next by thread: Re: User objects cannot be created in the specified container
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2007-07