1. Run the following SQL to change DiaWEB authentication system to Forms.
update Enterprise set AuthType = 0
2. Restart DiaWEB's app pool in IIS.
Alternatively, make any change (like adding a new line) to the Web.config file in DiaWEB's root folder. This will restart DiaWEB as well.
3. Go manually to the following URL in DiaWEB (is not necessary to be authenticated):
/AdminReset/Reset
This will reset the password of the "admin" account to the value specified in the app.config file, with the setting "DefaultPassword".
4. Login into DiaWEB with the admin account.
5. From Administration > Users, if needed, edit the "login" field of at least one user whose login/username in the new Active Directory is different.
With the following example, if the user is "testad@test.local", I only had to use the "testad" part.
Note: this could be done with a SQL script as well.
6. From Administration > System Settings > Edit:
6.1 Change the "Auth Provider" field to "Active Directory".
6.2 Change the "Domain Name" to the one of the new Active Directory.
The value for this field shouldn't include the "LDAP://" part.
If the Active Directory port is different to 389, it must be specified with the following format:
<hostname>:<port>
For example: test.local:5000
Note: there is currently a validation in DiaWEB that ensures the domain name is "a valid path in the directory service". If this fails, the error shown is "Invalid domain name". I had to remove this validation from the code in order to connect to a remote Active Directory in an AWS instance.
6. Go manually to the following URL to restart DiaWEB and apply the changes (you'll need to be logged in):
/AdminTools/RestartApp
Or alternatively, make any change to the Web.config file.
7. Logout from DiaWEB.
8. Login using one Active Directory account (e.g. the one updated in step #5)
Testing connection and authentication to Active Directory
We can use the following program to test this before doing the same in DiaWEB. The program receives the same values that we have to use in DiaWEB. It also uses the same code.
Binary: https://drive.google.com/file/d/1D-rW1TGHieFcqUkO1Nezapr7Wtsaqfd7/view?usp=sharing
Source Code: https://drive.google.com/file/d/1rurWUU5EkNxcQnxXT0Ru5H5zWQI4COUn/view?usp=sharing
Alternatively, we can use the trial version of the following software:
https://www.ldapsoft.com/ldapbrowser/ldapadmintool.html
Notice that for the authentication, it uses the "User DN" (User Distringuished Name), not just the "User logon name" (we have to use this latter in DiaWEB).