Just some personal reference so I don’t have to go hunting for this stuff again. Nothing to see here folks… move steadily along… single file please…

Using Active Directory as the membership store via 2 different methods simultaneously –

System.Web.Security.ActiveDirectoryMembershipProvider & Microsoft.Office.Server.Security.LdapMembershipProvider

Assumptions:
MOSS 2007 Farm Configured
Port 80: Initial NTLM Web Application and Site Collection configured.
Port 81: ActiveDirectoryMembershipProvider.
Port 82: LDAPMembershipProvider.

Step 1: Extend Port 80 to Port 81 & Port 82

Step 2: Update the web.config for port 81 (ActiveDirectoryMembershipProvider)
Add the connection string settings to anywhere with the <configuration> section. 

<configuration>
...
<connectionStrings>
<add connectionString="LDAP://DomainController.local/DC=DomainController,DC=local" 
name="ADConnection"/>
</connectionStrings>
...
</configuration>

Within <system.web> add the following:

<system.web>
...
<membership defaultProvider="ADMembershipProvider">
 <providers>
 <add name="ADMembershipProvider" 
type="System.Web.Security.ActiveDirectoryMembershipProvider, 
System.Web, 
Version=2.0.0.0, 
Culture=neutral, 
PublicKeyToken=b03f5f7f11d50a3a" 
connectionStringName="ADConnection" 
connectionUsername="domain\account" 
connectionPassword="password" 
attributeMapUsername="SAMAccountName"/>
 </providers>
</membership>
...
</system.web>

Step 3: Update the web.config for port 82 (LDAPMembershipProvider)

Within <system.web> add the following:

<system.web>

...
<membership defaultProvider="LDAPProvider">
 <providers>
 <add name="LDAPProvider" 
type="Microsoft.Office.Server.Security.LdapMembershipProvider, 
Microsoft.Office.Server, 
Version=12.0.0.0, 
Culture=neutral, 
PublicKeyToken=71e9bce111e9429c" 
server="yourDomain.local" 
port="389" 
useSSL="false" 
userDNAttribute="distinguishedName" 
userNameAttribute="SAMAccountName" 
userContainer="DC=yourDomain,DC=local" 
userObjectClass="person" 
userFilter="(|(ObjectCategory=group)(ObjectClass=person))" 
scope="Subtree" 
otherRequiredUserAttributes="sn,givenname,cn" />
 </providers>
</membership>
...
</system.web>

Step 4: Update the web.config for Central Administration

Add the connection string settings to anywhere with the <configuration> section. 

<configuration>
...
<connectionStrings>
<add connectionString="LDAP://DomainController.local/DC=DomainController,DC=local" 
name="ADConnection"/>
</connectionStrings>
...
</configuration>

Within <system.web> add the following:

<system.web>
...
<membership>
 <providers>
 <add name="ADMembershipProvider" 
type="System.Web.Security.ActiveDirectoryMembershipProvider, 
System.Web, Version=2.0.0.0, 
Culture=neutral, 
PublicKeyToken=b03f5f7f11d50a3a" 
connectionStringName="ADConnection" 
connectionUsername="domain\account" 
connectionPassword="password" 
attributeMapUsername="SAMAccountName"/>

 <add name="LDAPProvider" 
type="Microsoft.Office.Server.Security.LdapMembershipProvider, 
Microsoft.Office.Server, 
Version=12.0.0.0, 
Culture=neutral, 
PublicKeyToken=71e9bce111e9429c" 
server="yourDomain.local" 
port="389" 
useSSL="false" 
userDNAttribute="distinguishedName" 
userNameAttribute="SAMAccountName"
userContainer="DC=yourDomain,DC=local" 
userObjectClass="person" 
userFilter="(|(ObjectCategory=group)(ObjectClass=person))" 
scope="Subtree" 
otherRequiredUserAttributes="sn,givenname,cn" />
 </providers>
</membership>
...
</system.web>

Step 5: Update Central Administration Settings

Go to Central Administration > Application Management > Authentication Providers > Adjust the Membership Provider Names to match your providers. In this case, the zone representing port 81would utilize “ADMembershipProvider” and the zone representing port 82 would utilize “LDAPProvider”

SharePoint 2007

, ,

March 19, 2010

6 Comments