YagyaShree’s Free SharePoint Information Blog

SharePoint 2010| How to configure Claim or forms authentication for (SUN One Ldap) in sharepoint

Posted in Nov 2010 by yagyashree on November 26, 2010

ISSUE:

*****

–>You have a SharePoint site http://sharepoint and you are trying to configure the site with Forms based or claims based authentication for SUN One LDAP.

Resolution:

*********

  • Open central administration
  • Go to Application management—manage web applications
  • Choose new on the ribbon and create a new web application
  • While creating the web application, choose Claims Authentication
  • Open IIS Manager and make backup of web.config files for central administration, sharepoint site and STS(security token services)

 

Web.config configuration for central admin:

 

  • Open web.config file and look for </PeoplePickerWildcards>
  • Paste the below code just above </PeoplePickerWildcards>

 

<add key=”membershipname” value=”*” />

  • Open the central admin web.config file and look for <system.web>
  • Paste the below code just below <system.web>

 

<membership defaultProvider=”membershipname“>

      <providers>

        <add name=membershipname

type=”Microsoft.Office.Server.Security.LDAPMembershipProvider,

Microsoft.Office.Server,

 Version=12.0.0.0, Culture=neutral,

PublicKeyToken=71E9BCE111E9429C”

server=”SunOne Ldap FQDN Domain name

port=”389” useSSL=”false” useDNAttribute=”false”

userDNAttribute=”uid” userNameAttribute=”uid”

userContainer=”ou=People,o=Domain name

userObjectClass=”person”

 userFilter=”(|(ObjectCategory=group)(ObjectClass=person))” scope=”Subtree” otherRequiredUserAttributes=”sn,

givenname, cn” />

      </providers>

    </membership>

    <roleManager defaultProvider=”AspNetWindowsTokenRoleProvider”

enabled=”true”

cacheRolesInCookie=”true”

 cookieName=”.PeopleDCRole”>

      <providers>

        <add name=”rolename

type=”Microsoft.Office.Server.Security.LDAPRoleProvider,

Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral,

PublicKeyToken=71E9BCE111E9429C”

server=”SunOne Ldap FQDN Domain name

port=”389” useSSL=”false”

groupContainer=”o=Domain name

groupNameAttribute=”cn”

groupMemberAttribute=”member”

userNameAttribute=”uid” dnAttribute=”cn”

groupFilter=”(ObjectClass=group)”

scope=”Subtree” />

      </providers>

    </roleManager>

  • After the above changes please do IISRESET and browse the central admin, make sure its opening fine

 

Web.config configuration for security Token Service(STS)

  • Open the Security Token Service(STS) web.config file and look for </configuration>
  • Just above this file create two entries like as follows:

<system.web>

</system.web>

  • Between the above two entries paste the below code:

 

<membership defaultProvider=”membershipname“>

      <providers>

        <add name=”membershipname

type=”Microsoft.Office.Server.Security.LDAPMembershipProvider,

Microsoft.Office.Server,

 Version=12.0.0.0, Culture=neutral,

PublicKeyToken=71E9BCE111E9429C”

server=”SunOne Ldap FQDN Domain name

port=”389” useSSL=”false” useDNAttribute=”false”

userDNAttribute=”uid” userNameAttribute=”uid”

userContainer=”ou=People,o=Domain name

userObjectClass=”person”

 userFilter=”(|(ObjectCategory=group)(ObjectClass=person))” scope=”Subtree” otherRequiredUserAttributes=”sn,

givenname, cn” />

      </providers>

    </membership>

    <roleManager enabled=”true” >

      <providers>

        <add name=”rolename

type=”Microsoft.Office.Server.Security.LDAPRoleProvider,

Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral,

PublicKeyToken=71E9BCE111E9429C”

server=”SunOne Ldap FQDN Domain name

port=”389” useSSL=”false”

groupContainer=”o=Domain name

groupNameAttribute=”cn”

groupMemberAttribute=”member”

userNameAttribute=”uid” dnAttribute=”cn”

groupFilter=”(ObjectClass=group)”

scope=”Subtree” />

      </providers>

    </roleManager>

  • After the above changes please do IISRESET and browse the central admin, make sure its opening fine

 

Web.config configuration for SharePoint Site

 

  • Open web.config file and look for </PeoplePickerWildcards>
  • Paste the below code just above </PeoplePickerWildcards>

 

<add key=”membershipname” value=”*” />

  • Now look for <membership defaultProvider=”i”>
  • Paste code just below <providers>

 

        <add name=”membershipname

type=”Microsoft.Office.Server.Security.LDAPMembershipProvider,

Microsoft.Office.Server,

 Version=12.0.0.0, Culture=neutral,

PublicKeyToken=71E9BCE111E9429C”

server=”SunOne Ldap FQDN Domain name

port=”389” useSSL=”false” useDNAttribute=”false”

userDNAttribute=”uid” userNameAttribute=”uid”

userContainer=”ou=People,o=Domain name

userObjectClass=”person”

 userFilter=”(|(ObjectCategory=group)(ObjectClass=person))” scope=”Subtree” otherRequiredUserAttributes=”sn,

givenname, cn” />

  • Now look for <roleManager defaultProvider=”c”
  • Paste code just below <providers>

    <roleManager defaultProvider=”AspNetWindowsTokenRoleProvider”

enabled=”true”

cacheRolesInCookie=”true”

 cookieName=”.PeopleDCRole”>

      <providers>

        <add name=”rolename

type=”Microsoft.Office.Server.Security.LDAPRoleProvider,

Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral,

PublicKeyToken=71E9BCE111E9429C”

server=”SunOne Ldap FQDN Domain name

port=”389” useSSL=”false”

groupContainer=”o=Domain name

groupNameAttribute=”cn”

groupMemberAttribute=”member”

userNameAttribute=”uid” dnAttribute=”cn”

groupFilter=”(ObjectClass=group)”

scope=”Subtree” />

  • After the above changes please do IISRESET and browse the central admin and SharePoint site, make sure its opening fine

 

Final Steps:

  • Browse the central admin
  • Go to application management—manage web applications
  • Highlight the web application on which we are working
  • From the ribbon choose “Authentication Providers”
  • Choose the zone and modify the Membership Provider & Role Provider
  • Save the changes
  • Again from the ribbon, choose “User Policy” and add a user from Sun One Ldap with Full control
  • Browse the site and verify if the user is able to login into the site
Advertisement

1 comment

One Response

Subscribe to comments with RSS.

  1. Andrew said, on August 18, 2011 at 2:25 pm

    Hi, I’m having troubles accessing the users database. I paste the server name in web.config:
    server=”sunone.ktr.edu.com“ and then I cannot figure out what to put in userContainer and groupContainer.

    The database structure is:
    o=employess
    o=ktr.edu.com
    ou=people
    ou=groups

    I’ve tried:
    userContainer=”ou=People,o=ktr.edu.com“
    userContainer=”ou=People,o=ktr.edu.com,o=employees“

    and few others but no luck.

    In LOGS i found errors like:
    System.Runtime.InteropServices.COMException (0×80072030): There is no such object on the server.
    Error searching for a from membership provider LdapMember.
    LdapRoleProvider.RoleExists() exception: {0}.System.Runtime.InteropServices.COMException (0×80072030): There is no such object on the server.

    Do you have any ideas how to debug the problem or how to find the right path?


Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.