Wednesday, August 20, 2008

SharePoint Form Based Authentication (FBA) Using LDAPMembership Provider

-In the previous post i blogged "SharePoint Form Based Authentication (FBA) Using SQLMembership Provider". I hope you did it smoothly.
- Here we have a different type of sharepoint security Form Based Authentication "FBA".
- In this case you want to enable your colleagues at your company active directory to login to your sharepoint site using login form.

be carful while editing(parameters will be mentioned below).

1- Configure SharePoint site which Form authentication will be applied to:
  • Navigate to web site folder for targete sharepoint site and open “Web.config”.

C:\Inetpub\wwwroot\wss\VirtualDirectories\1214

  • Add text below (membership provider definition) between authentication> and <identity impersonate="true" />:
  • - <membership defaultProvider="LDAPMem">
    - <providers>
    <add name="LDAPMem" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="ADServerName" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="DC=Test,DC=com,DC=AE" userObjectClass="person" userFilter="((ObjectCategory=group)(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" /> providers> membership>
    - <roleManager defaultProvider="LDAPROLE" enabled="true" cacheRolesInCookie="true" cookieName=".PeopleDCRole">
    - <providers>
    <add name="LDAPROLE" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="ADServerName" port="389" useSSL="false" groupContainer="DC=Test,DC=com,DC=AE" groupNameAttribute="cn" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" scope="Subtree" />Providers> roleManager>

  • NOTE:

    *server="ADServerName":     active directory server name
    *userContainer="DC=Test,DC=com,DC=AE": your domain name (Test.com.AE)

    - theses only 2 parameter you will change according to your environment settings.
2- Configure Central Administration Web.Config file:

  • Add text below (membership provider definition) between authentication> and <identity impersonate="true" />:
  • - <membership>
    - <providers>
    <add name="LDAPMem" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="ADServerName" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="DC=Test,DC=com,DC=AE" userObjectClass="person" userFilter="((ObjectCategory=group)(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" /> Providers    >membership>

    - <roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".PeopleDCRole">
    - <providers>
    <add name="LDAPROLE" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="ADServerName" port="389" useSSL="false" groupContainer="DC=Test,DC=com,DC=AE" groupNameAttribute="cn" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" scope="Subtree" />provider>roleManager>


  • NOTE: At “roleManager” the “defaultProvider” value is set to “AspNetWindwosTokenProvider”

3- Configure Authentication for our site to be form based:


  • Open “SharePoint 3.0 central administration” ->”Application Management”->“Authentication providers”.


  • Select your website “sharepoint 1214”.



  • Be sure “Web Application” to be targeted site and note that “Membership Provider Name” is “windows”. Now Click “Default”.






  • Select “Forms” as “Authentication type”.
    o Membership provider name: LDAPMem
    o Role manager name: LDAPROLE






  • Open “SharePoint 3.0 central administration” ->”Application Management”->“Site collection Administrators”.





  • Be sure the selected site collection is your target site.


  • At “Primary site collection administrator” type: Ahmed.


  • “Ahmed” is my ID at my Active Directory.


  • Now we grant our users located at active directory (MossFBA) to access to our site.



  • Open your browser and navigate to targeted site you will automatically redirected to login page ask for username and password.




Posted by at
Labels: , ,

1 comment:

daspeac said...

I have heard about another way of check if pdf is damaged repair. Besides, you can visit my blogs at: http://daspeac.livejournal.com/ or http://daspeac.blogspot.com/ where I’m trying to share my experience with regard to data corruption issues.

September 28, 2010 10:26 PM

Post a Comment

Subscribe to: Post Comments (Atom)