Learn more about SQL Server tools

mssqltips logo
 

Tutorials          DBA          Dev          BI          Career          Categories          Webcasts          Whitepapers          Today's Tip          Join

Tutorials      DBA      Dev      BI      Categories      Webcasts

DBA    Dev    BI    Categories

 

Configure SharePoint Forms Based Authentication to use LDAP


By:   |   Read Comments   |   Related Tips: > Sharepoint

SQL Server Indexing Tips and Tricks - Our next free MSSQLTips Webcast


Problem

This article outlines how to configure SharePoint Forms Based Authentication (FBA) to use Lightweight Directory Access Protocol (LDAP), typically used on a SharePoint Extranet.

Solution

Prepare the Authentication Provider

First we need to configure the Authentication Provider to use Forms Based Authentication. This is done via SharePoint Central Administration.

  1. Browse to SharePoint Central Administration
  2. Select the Application Management tab
  3. Under the Application Security section select Authentication Providers
  4. Select the appropriate Web Application which you want to allow FBA for.
  5. Click the appropriate Zone you would like to change, only Default is shown below.
  6. Scroll down to the Authentication Type section and change the Authentication Type to Forms
  7. Scroll down to Membership Provide Name and enter the name of your Membership provider, this must match the name in your web.config (see below).

Note the Enable Anonymous access check box. This is one of two settings you need to change to allow anonymous access to part of your site. You might want to do this to present a custom logon form. Read my tip on Enabling Anonymous Access to learn more.

Update SharePoint Central Admin web.config

Please note that updating the web.config incorrectly can damage your SharePoint installation. Extreme care should be taken, please do not edit the web.config if you are not familiar with web.config or XML structures.

  1. Make a backup of the web.config file (always a best practice).
  2. Locate your web.config file for the SharePoint Central Administration website. Normally located in C:\Inetpub\wwwroot\wss\VirtualDirectories
  3. Take special care to select the right Virtual Directory, mine is named SharePointCA80 yours will be different
  4. Locate the web.config file and open it with notepad
  5. Scroll down to the configuration node, <configuration> find <connectionStrings>
  6. <connectionStrings>
    <add name="ADConnectionString" connectionString="<a 
    href="ldap://???.local/CN=Users,DC=???,DC=local">
    LDAP://???.local/CN=Users,DC=????,DC=local</a>" />
    </connectionStrings>
    
  7. Replace the ??? with your domain name
  8. Scroll down to the system web <system.web> node and the following membership
  9. <membership defaultProvider="ADMembershipProvider">
    	<providers>
    	<add name="ADMembershipProvider"
    	type="System.Web.Security.ActiveDirectoryMembershipProvider,System.Web,
    	Version=2.0.0.0,
    	Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" 
    	connectionStringName="ADConnectionString"connectionUsername="xxx" 
    	connectionPassword="yyy"enableSearchMethods="true"
    	attributeMapUsername="sAMAccountName"/>
    	</providers>
    </membership>
    
  10. Replace the connectionstring to the one matching your environment and replace "xxx" with domainname\username and "yyy" with password
  11. Save and close the web.config for SharePoint Central Administration
  12. Update the web.config of SharePoint Web application
  13. Repeat steps 1 to 8 for the web.config of the SharePoint web application you configured the Authentication Provider for Forms Based Authentication above
  14. Check the authentication in this web.config is set to the following.
  15. <authentication mode="Forms">
    	<forms loginUrl="/_layouts/login.aspx"></forms>
    </authentication>
    

Note you can specify a custom login page here, shown as loginUrl="" above.

Common issues

The most common issue I get is using the wrong LDAP path in step 4 above. I strongly recommend you use an LDAP query tool to discover your path before setting up SharePoint.

Next Steps
  • Plan your approach to FBA authentication!
  • Investigate LDAP query tools, like Softerra LDAP Administrator, to make your life easier
  • Check back here for my next tip on "How to configure FBA to use SQL Authentication"
  • Read tip on Enabling Anonymous Access
  • Investigate the CKS FBA web parts on CodePlex.


Last Update:


signup button

next tip button



About the author





Post a comment or let the author know this tip helped.

All comments are reviewed, so stay on subject or we may delete your comment. Note: your email address is not published. Required fields are marked with an asterisk (*).

*Name    *Email    Notify for updates 


Send me SQL tips:

    



Learn more about SQL Server tools