Configure SharePoint Forms Based Authentication to use LDAP

Written By: Matt Takhar -- 8/10/2010 -- join -- contribute -- (5863) comments -- printer friendly version

Rating: Rate --

Categories: Configurations, IIS, Infrastructure, MOSS 2007, System Administration, WSS3

< Prev - 1 | 2 | - Next > | Become a paid author

Update SharePoint Central Admin web.config

Please note that updating the web.config incorrectly can damage your SharePoint installation. Extreme care should be taken, please do not edit the web.config if you are not familiar with web.config or XML structures.

  1. Make a backup of the web.config file (always a best practice).
  2. Locate your web.config file for the SharePoint Central Administration website. Normally located in C:\Inetpub\wwwroot\wss\VirtualDirectories
  3. Take special care to select the right Virtual Directory, mine is named SharePointCA80 yours will be different
  4. Locate the web.config file and open it with notepad
  5. Scroll down to the configuration node, <configuration> find <connectionStrings>

  6. <connectionStrings>
    <add name="ADConnectionString" connectionString="<a 
    LDAP://???.local/CN=Users,DC=????,DC=local</a>" />

  7. Replace the ??? with your domain name
  8. Scroll down to the system web <system.web> node and the following membership

  9. <membership defaultProvider="ADMembershipProvider">
    	<add name="ADMembershipProvider"

  10. Replace the connectionstring to the one matching your environment and replace "xxx" with domainname\username and "yyy" with password
  11. Save and close the web.config for SharePoint Central Administration
  12. Update the web.config of SharePoint Web application
  13. Repeat steps 1 to 8 for the web.config of the SharePoint web application you configured the Authentication Provider for Forms Based Authentication above
  14. Check the authentication in this web.config is set to the following.

  15. <authentication mode="Forms">
    	<forms loginUrl="/_layouts/login.aspx"></forms>

Note you can specify a custom login page here, shown as loginUrl="" above.

Common issues

The most common issue I get is using the wrong LDAP path in step 4 above. I strongly recommend you use an LDAP query tool to discover your path before setting up SharePoint.

Next Steps

  • Plan your approach to FBA authentication!
  • Investigate LDAP query tools, like Softerra LDAP Administrator, to make your life easier
  • Check back here for my next tip on "How to configure FBA to use SQL Authentication"
  • Read tip on Enabling Anonymous Access
  • Investigate the CKS FBA web parts on CodePlex.

< Prev - 1 | 2 | - Next >

Learn more about SharePoint

Sponsor Information

Copyright (c) 2010-2017 Edgewood Solutions, LLC All rights reserved
privacy | disclaimer | copyright | advertise | contribute | feedback | about
Some names and products listed are the registered trademarks of their respective owners. |