SharePoint Active Directory FBA Configuration References
March 19th, 2010 § 3 Comments
Just some personal reference so I don’t have to go hunting for this stuff again. Nothing to see here folks… move steadily along… single file please…
Using Active Directory as the membership store via 2 different methods simultaneously -
System.Web.Security.ActiveDirectoryMembershipProvider & Microsoft.Office.Server.Security.LdapMembershipProvider
Assumptions:
MOSS 2007 Farm Configured
Port 80: Initial NTLM Web Application and Site Collection configured.
Port 81: ActiveDirectoryMembershipProvider.
Port 82: LDAPMembershipProvider.
Step 1: Extend Port 80 to Port 81 & Port 82
Step 2: Update the web.config for port 81 (ActiveDirectoryMembershipProvider)
Add the connection string settings to anywhere with the <configuration> section.
<configuration> ... <connectionStrings> <add connectionString="LDAP://DomainController.local/DC=DomainController,DC=local" name="ADConnection"/> </connectionStrings> ... </configuration>
Within <system.web> add the following:
<system.web> ... <membership defaultProvider="ADMembershipProvider"> <providers> <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnection" connectionUsername="domain\account" connectionPassword="password" attributeMapUsername="SAMAccountName"/> </providers> </membership> ... </system.web>
Step 3: Update the web.config for port 82 (LDAPMembershipProvider)
Within <system.web> add the following:
<system.web>
... <membership defaultProvider="LDAPProvider"> <providers> <add name="LDAPProvider" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="yourDomain.local" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="SAMAccountName" userContainer="DC=yourDomain,DC=local" userObjectClass="person" userFilter="(|(ObjectCategory=group)(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" /> </providers> </membership> ... </system.web>
Step 4: Update the web.config for Central Administration
Add the connection string settings to anywhere with the <configuration> section.
<configuration> ...
<connectionStrings>
<add connectionString="LDAP://DomainController.local/DC=DomainController,DC=local" name="ADConnection"/> </connectionStrings> ... </configuration>
Within <system.web> add the following:
<system.web> ... <membership> <providers> <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnection" connectionUsername="domain\account" connectionPassword="password" attributeMapUsername="SAMAccountName"/> <add name="LDAPProvider" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="yourDomain.local" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="SAMAccountName" userContainer="DC=yourDomain,DC=local" userObjectClass="person" userFilter="(|(ObjectCategory=group)(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" /> </providers> </membership> ... </system.web>
Step 5: Update Central Administration Settings
Go to Central Administration > Application Management > Authentication Providers > Adjust the Membership Provider Names to match your providers. In this case, the zone representing port 81would utilize “ADMembershipProvider” and the zone representing port 82 would utilize “LDAPProvider”
[...] SharePoint Blog Post From SharePoint Security – Google Blog Search: Security .ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, [...]
Sharepoint enables employees to publish, share, search, analyse and manage information all through a browser.
Keep ‘em coming… all of you do this kind of great job at such Concepts… can’t let you know how much I, for one appreciate whatever you do!