Why someone will attempt to set up a SharePoint site with a Sun's LDAP as its user database? There could be number of possibilities in the real world requirements. Our recent requirement was to set up a SharePoint server for external users (non - employee) who are not in our Active Directory. All our externals users are already available in Sun LDAP. So we decided to have LDAP as SharePoint user's database. Now, how to make SharePoint happy with Sun LDAP as its user provider. Here are some quick steps from my learning.
Step 1 : Provide the LDAP connection detail in web.config file of IIS server that hosts your SharePoint.
Step 2 : Change SharePoint authentication to Form and provide the LDAPMembership name.
Step 3 : Change the IIS 'Directory Security' authentication set up to Window authentication.
Step 4 : Finally select LDAP user(s) as site owner or other SharePoint defined roles.
Step 1 : Changes in Web.Config file
:
:
<membership defaultProvider="LdapMembership">
<providers>
<add connectionUsername="cn=oblix" connectionPassword="password" name="LdapMembership" type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="192.168.1.78" port="389" useSSL="false" userDNAttribute="entryDN" userNameAttribute="uid" userContainer="dc=educ,dc=mde" userObject"Inetorgperson" userFilter="(Object)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
</system.web>
:
:
Make sure of no line breakage for the entire <add …/> entry. Do an iisreset from the command prompt.
Step 2 : Change SharePoint authentication from Windows to Forms.
Now change the authentication from Windows to FORM. Again you are changing this for your SharePoint site that you just provided the LDAP Membership; NOT for SharePoint admin website. Go to Central Administration > Application Management > Authentication Providers > Edit Authentication.
è Change the "Authentication Type" from 'Windows' to 'Forms'.
è Check the "Enable Anonymous Access".
è Enter membership provider name as "LdapMembership". This is the tag we just configured in web.config
è Keep the RoleManager name as blank.
è Select NO for client integration.
Do a iisreset from the command prompt.
Step 3: Some setting in IIS Properties
Select your IIS properties and navigate to 'Directory Security'. Check the option 'Integrated Window Authentication'. LDAP authentication will not work without this change.
Do a iisreset from the command prompt.
Step 4: Select users from LDAP and assign them site ownership and other roles
Now your SharePoint site is connected to LDAP. So the site owner(s) required to be selected from LDAP.
From the Sharepoint Application Administrator screen select the website and Navigate to 'Application Management' > 'Site Collection Administrators' >
The LDAP user list can be pulled up directly. Of course LDAP connection set up is done correctly as mentioned in the previous steps.
If you have already defined roles inside the SharePoint, you can pull users from LDAP and assign them to SharePoint roles.
Step 5: Finally login to your SharePoint site with your LDAP userId and password.
Now login to your website using the ldap userId and password. If the user is already having assigned role in the previous steps, he gets in to SharePoint site based on his role. Otherwise user sees "Authorization Failed" message and asked to request an Role/ access.
