Users in an AD group that have been imported into FotoWeb cannot log in correctly.
The log message reads: "User <username> is denied login (not a member of any imported groups)"
The user that is making LDAP requests for the FotoWeb AD integration (i.e., the "admin user" you select in "Directory settings" in the FotoWeb Site Configuration) must have the "Read Member Of" permission on the domain object.
This property may not be active if the Active Directory server has been migrated from Windows 2003 or earlier.
- Open the properties of the domain object in the Active Directory management console. You may have to right-click the domain object and choose View - Advanced Features to get access to the features you need.
- Now right-click on the domain object and choose Properties. Go to the Security tab and click on Advanced to modify advanced permissions for the domain object.
- Finally, add the user that will be used for LDAP lookups in FotoWeb and make sure Read Member Of is selected for that user. Also, at the dropdown list at the top of the screen, make sure to select Apply to: Descendant user objects.