Showing posts with label LDAP membership provider. Show all posts
Showing posts with label LDAP membership provider. Show all posts

Wednesday, August 20, 2008

SharePoint Form Based Authentication (FBA) Using LDAPMembership Provider

-In the previous post i blogged "SharePoint Form Based Authentication (FBA) Using SQLMembership Provider". I hope you did it smoothly.
- Here we have a different type of sharepoint security Form Based Authentication "FBA".
- In this case you want to enable your colleagues at your company active directory to login to your sharepoint site using login form.

be carful while editing(parameters will be mentioned below).

1- Configure SharePoint site which Form authentication will be applied to:
  • Navigate to web site folder for targete sharepoint site and open “Web.config”.

C:\Inetpub\wwwroot\wss\VirtualDirectories\1214

  • Add text below (membership provider definition) between authentication> and <identity impersonate="true" />:
  • - <membership defaultProvider="LDAPMem">
    - <providers>
    <add name="LDAPMem" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="ADServerName" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="DC=Test,DC=com,DC=AE" userObjectClass="person" userFilter="((ObjectCategory=group)(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" /> providers> membership>
    - <roleManager defaultProvider="LDAPROLE" enabled="true" cacheRolesInCookie="true" cookieName=".PeopleDCRole">
    - <providers>
    <add name="LDAPROLE" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="ADServerName" port="389" useSSL="false" groupContainer="DC=Test,DC=com,DC=AE" groupNameAttribute="cn" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" scope="Subtree" />Providers> roleManager>

  • NOTE:

    *server="ADServerName":     active directory server name
    *userContainer="DC=Test,DC=com,DC=AE": your domain name (Test.com.AE)

    - theses only 2 parameter you will change according to your environment settings.
2- Configure Central Administration Web.Config file:

  • Add text below (membership provider definition) between authentication> and <identity impersonate="true" />:
  • - <membership>
    - <providers>
    <add name="LDAPMem" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="ADServerName" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="DC=Test,DC=com,DC=AE" userObjectClass="person" userFilter="((ObjectCategory=group)(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" /> Providers    >membership>

    - <roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".PeopleDCRole">
    - <providers>
    <add name="LDAPROLE" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="ADServerName" port="389" useSSL="false" groupContainer="DC=Test,DC=com,DC=AE" groupNameAttribute="cn" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" scope="Subtree" />provider>roleManager>


  • NOTE: At “roleManager” the “defaultProvider” value is set to “AspNetWindwosTokenProvider”

3- Configure Authentication for our site to be form based:


  • Open “SharePoint 3.0 central administration” ->”Application Management”->“Authentication providers”.


  • Select your website “sharepoint 1214”.



  • Be sure “Web Application” to be targeted site and note that “Membership Provider Name” is “windows”. Now Click “Default”.






  • Select “Forms” as “Authentication type”.
    o Membership provider name: LDAPMem
    o Role manager name: LDAPROLE






  • Open “SharePoint 3.0 central administration” ->”Application Management”->“Site collection Administrators”.





  • Be sure the selected site collection is your target site.


  • At “Primary site collection administrator” type: Ahmed.


  • “Ahmed” is my ID at my Active Directory.


  • Now we grant our users located at active directory (MossFBA) to access to our site.



  • Open your browser and navigate to targeted site you will automatically redirected to login page ask for username and password.




Posted by at 1 comment:
Labels: , ,
Subscribe to: Comments (Atom)