Configure SharePoint Forms Based Authentication to use LDAP

By:   |   Comments   |   Related: > SharePoint Configuration


This article outlines how to configure SharePoint Forms Based Authentication (FBA) to use Lightweight Directory Access Protocol (LDAP), typically used on a SharePoint Extranet.


Prepare the Authentication Provider

First we need to configure the Authentication Provider to use Forms Based Authentication. This is done via SharePoint Central Administration.

  1. Browse to SharePoint Central Administration
  2. Select the Application Management tab
  3. Under the Application Security section select Authentication Providers
  4. FBAviaLDAP1
  5. Select the appropriate Web Application which you want to allow FBA for.
  6. FBAviaLDAP2
  7. Click the appropriate Zone you would like to change, only Default is shown below.
  8. Scroll down to the Authentication Type section and change the Authentication Type to Forms
  9. FBAviaLDAP3
  10. Scroll down to Membership Provide Name and enter the name of your Membership provider, this must match the name in your web.config (see below).
  11. FBAviaLDAP4

Note the Enable Anonymous access check box. This is one of two settings you need to change to allow anonymous access to part of your site. You might want to do this to present a custom logon form. Read my tip on Enabling Anonymous Access to learn more.

Update SharePoint Central Admin web.config

Please note that updating the web.config incorrectly can damage your SharePoint installation. Extreme care should be taken, please do not edit the web.config if you are not familiar with web.config or XML structures.

  1. Make a backup of the web.config file (always a best practice).
  2. Locate your web.config file for the SharePoint Central Administration website. Normally located in C:\Inetpub\wwwroot\wss\VirtualDirectories
  3. Take special care to select the right Virtual Directory, mine is named SharePointCA80 yours will be different
  4. Locate the web.config file and open it with notepad
  5. Scroll down to the configuration node, <configuration> find <connectionStrings>
  6. <connectionStrings>
    <add name="ADConnectionString" connectionString="<a 
    LDAP://???.local/CN=Users,DC=????,DC=local</a>" />
  7. Replace the ??? with your domain name
  8. Scroll down to the system web <system.web> node and the following membership
  9. <membership defaultProvider="ADMembershipProvider">
    	<add name="ADMembershipProvider"
  10. Replace the connectionstring to the one matching your environment and replace "xxx" with domainname\username and "yyy" with password
  11. Save and close the web.config for SharePoint Central Administration
  12. Update the web.config of SharePoint Web application
  13. Repeat steps 1 to 8 for the web.config of the SharePoint web application you configured the Authentication Provider for Forms Based Authentication above
  14. Check the authentication in this web.config is set to the following.
  15. <authentication mode="Forms">
    	<forms loginUrl="/_layouts/login.aspx"></forms>

Note you can specify a custom login page here, shown as loginUrl="" above.

Common issues

The most common issue I get is using the wrong LDAP path in step 4 above. I strongly recommend you use an LDAP query tool to discover your path before setting up SharePoint.

Next Steps
  • Plan your approach to FBA authentication!
  • Investigate LDAP query tools, like Softerra LDAP Administrator, to make your life easier
  • Check back here for my next tip on "How to configure FBA to use SQL Authentication"
  • Read tip on Enabling Anonymous Access
  • Investigate the CKS FBA web parts on CodePlex.

sql server categories

sql server webinars

subscribe to mssqltips

sql server tutorials

sql server white papers

next tip

About the author
MSSQLTips author Matt Takhar Matt Takhar

This author pledges the content of this article is based on professional experience and not AI generated.

View all my tips

Comments For This Article

get free sql tips
agree to terms