Tuesday, July 07, 2009

Forms Authentication with LDAP provider in Sharepoint - Part 1

I was working on an extranet SharePoint project, on the requirement gathering it was agreed to have windows authentication, but after the deployment and during the UAT, the customer reported to us that he didn’t like the popup login window, and he want it to be forms authentication to have a better look, one solution is to publish the site using the ISA server that will request the username and password from the user via a form and path it to the SharePoint. Here is a good article on how to be done.

Another solution is to use forms authentication with LDAP provider, and here are the steps to do it:

Configure the Central Administration and the application:
1. Extend the application
2. Update the authentication type of the extended application to forms authentication, add the membership provider name, ex: LdapMembership
3. In the extended site folder update the web.config file, add:

<membership defaultProvider="LdapMembership">
<add name="LdapMembership"
otherRequiredUserAttributes="sn,givenname,cn" type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" />

4. In the above code, “devtfs08-ksa” is my server name, my domain name is “devksa.com” The port number 389 is the default number, and userFilter=”(ObjectClass=*)” will get all the users and groups.
5. Update the web.config file of the central administration site to be able to set the site administrator, you can make the first user as the admin on the default zone, and the second user is the admin on the extended zone.
6. Browse to the extended site and test the login.

Configure the User Profiles import:
1. Go to the User Profiles and Properties in the SSP
2. Click on View Import Connections, delete the current Active Directory connection, and create a new one.
3. Select the type “LDAP Directory” and use the same values in the above membership provider as a values to the form.
4. Click on the button “Auto Fill …”
5. In the search base update it to use UserContainer value from the values above.
6. Update the user filters to use the same values as above.
7. Add a username and password to an account that can list the directory.
8. Start full import.

The same can be done for MySite, but the user will be asked for his username and password when he browse from the intranet portal to his Site in case they are both on different application polls which is recommended.

No comments: