How to: Configuring LDAP Provider with MOSS 2007

  • Article

Hi,

 Today I wanted to show you the neccessary steps to configure MOSS with the LDAP Provider (we will actually query Active Directory). First you can find at technet2 information about the process and its implications

With all this information it will be easy to set up our job.

Turn on ASP.NET forms authentication

In order to create this task you weill need access to the web.config of the web application under change. You will find it opening Internet Information Services (IIS) Manager, WebSites, and context menu over the web application (open). My example bring me: C:\Inetpub\wwwroot\wss\VirtualDirectories\moss.litwareinc.com80

Then I edit the web.config file and change <authentication mode="Windows" /> with <authentication mode="Forms" /> inside system.web node.

With no other change you will find that if you try to log in your site, it will throw a 404 error and redirects you to the default login page: https://moss.litwareinc.com/login.aspx?ReturnUrl=%2fPages%2fDefault.aspx

Register the membership provider

In the next step we should register the memebership provider for LDAP, and change hte Auth Provider in the Central Admin.

This will involved changing web.config again (remember that changing web.config will reset the AppPool).

The change will affect membership node:

 <membership defaultProvider="LdapMembershipProvider">
  <providers>
    <add
      name="LdapMembership"
      type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
      server="MOSS.LITWAREINC.COM"
      port="389"
      useSSL="false"
      userDNAttribute="distinguishedName"
      userNameAttribute="sAMAccountName"
      userContainer="CN=Users,DC=litwareinc,DC=com"
      userObjectClass="person"
      userFilter="(|(ObjectCategory=group)(ObjectClass=person))"
      scope="Subtree"
      otherRequiredUserAttributes="sn,givenname,cn"
      />
  </providers>
</membership>

In order to fill in the userContainer attribute (we changed serverto match our environment [SingleServer]), I will use ADExplorer https://www.microsoft.com/technet/sysinternals/utilities/adexplorer.mspx.

Then You will need too browse to Authentication Providers in the Central Administration, Edit Authentication of your Web Application, and include the name of the provider. In the sample: LdapMembershipProvider

Then if you go back to your site, it will show you the login page.

Register the role manager (optional).

Finally you can add information for the role manager:

<roleManager defaultProvider="LdapRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".PeopleDCRole">
  <providers>
    <add
name="LdapRoleProvider"
type="Microsoft.Office.Server.Security.LDAPRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
server="DC"
port="389"
useSSL="false"
groupContainer="DC=litwareinc,DC=com"
groupNameAttribute="cn"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(ObjectClass=group)"
scope="Subtree"
/>
  </providers>
</roleManager>

 And update the authentication provider central admin.

More references to solve some issues

Namaste ;)