0

Configure FBA in Sharepoint with LDAP Provider

This article is a step-by-step guide with screenshots to Configure FBA in Sharepoint with LDAP membership providers in Sharepoint 2013,2013 and 2019 environments.

Steps we will perform :

  1. Create a web application using Central Administration which uses Forms-based Authentication and then create a site collection in that web app.
  2. Configure the web. config files of the following :
  •  a. Central Administration
  • b. Security Token service
  • c. Configure web application’s web.config

3. Add users to the web application

Step 1 : Create a web application using Central Admin

  • Create a web application using Central Administration which uses Forms based Authentication

Go to Central Administration > Application Management > Manage Web Applications and click New.

Give any port number you want to give to your web app and check to Enable Forms-based Authentication (FBA) check box and provide the membership provider and rolemanager name you will configure.

In my case, I provided rolemanager name as ‘rolemanager‘ and membership provider as ‘membership‘ you could give anything you want or the same as me.

Configure FBA in Sharepoint with LDAP   Provider

Now Click Ok to create the web application

After the web application will be created you will get a link to create a site collection in that web application go ahead and create one.

Step 2 : Configure web.config files.

a. Configure Central Admin web.config

Open IIS manager and under sites right-click Central Administration site and click on explore. Now a file explorer window will open with some folders and files on it double click web.config file and open in a notepad.

Before making any changes please take a backup of the web.config file so that you could always roll back if things did not go smooth.

 In the <Configuration> section, find the <system.web> section and add the following example entry

<membership defaultProvider=”AspNetSqlMembershipProvider”>

      <providers>

        <add name=”membership”

             type=”Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c”

             server=”dc.contoso.com”

             port=”389″

             useSSL=”false”

             userDNAttribute=”distinguishedName”

             userNameAttribute=”sAMAccountName”

             userContainer=”OU=FBA,DC=contoso,DC=com”

             userObjectClass=”person”

             userFilter=”(ObjectClass=person)”

             scope=”Subtree”

             otherRequiredUserAttributes=”sn,givenname,cn” />

      </providers>

    </membership>

    <roleManager enabled=”true” defaultProvider=”AspNetWindowsTokenRoleProvider” >

      <providers>

        <add name=”roleManager”

             type=”Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c”

             server=”dc.contoso.com”

             port=”389″

             useSSL=”false”

             groupContainer=”DC=contoso,DC=com”

             groupNameAttribute=”cn”

             groupNameAlternateSearchAttribute=”samAccountName”

             groupMemberAttribute=”member”

             userNameAttribute=”sAMAccountName”

             dnAttribute=”distinguishedName”

             groupFilter=”((ObjectClass=group)”

             userFilter=”((ObjectClass=person)”

             scope=”Subtree” />

      </providers>

    </roleManager>

Just substitute your information in the highlighted parts like

OU Distinguish name (Right-click on OU->click on properties -> Click on Attribute editor tab and find Distinguish Name)

Configure FBA in Sharepoint with LDAP   Provider

Group Container Distinguish name

You have to paste the text above mentioned text in between the highlighted below in screenshot :

Configure FBA in Sharepoint with LDAP   Provider

After pasting save the Central Admin web.config file.

b. Configure Security Token Service Web.config file

Go to IIS manager -> expand the sites -> Expand Sharepoint web Services site -> Right-click on Security token service and click on Explore

After that file explorer window will open and click on web.config file and open in notepad.

Note : Don’t forget to take the backup of the web.config file

Just before the closing </configuration> tag at very last paste the below text

<system.web>

<membership>

<providers>

<add name=”membership”

type=”Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c”

server=”dc.contoso.com”

port=”389″

useSSL=”false”

userDNAttribute=”distinguishedName”

userNameAttribute=”sAMAccountName”

userContainer=”OU=Forms,DC=contoso,DC=com”

userObjectClass=”person”

userFilter=”(&amp;(ObjectClass=person))”

scope=”Subtree”

otherRequiredUserAttributes=”sn,givenname,cn” />

</providers>

</membership>

<roleManager enabled=”true” >

<providers>

<add name=”rolemanager”

type=”Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c”

server=”dc.contoso.com”

port=”389″

useSSL=”false”

groupContainer=”DC=contoso,DC=com”

groupNameAttribute=”cn”

groupNameAlternateSearchAttribute=”samAccountName”

groupMemberAttribute=”member”

userNameAttribute=”sAMAccountName”

dnAttribute=”distinguishedName”

groupFilter=”(&amp;(ObjectClass=group))”

userFilter=”(&amp;(ObjectClass=person))”

scope=”Subtree” />

</providers>

</roleManager>

</system.web>

Just change the highlighted values according to your server and container info and save the web.config

c. configure the new web application’s web.config file

Go to IIS manager and right click your FBA site and click explore. After that double click web.config to open and find the tag <membership defaultProvider=”i”> section and add the following example entry to the <Providers> section:

<add name=”membership”

type=”Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c”

server=”dc.contoso.com”

port=”389″

useSSL=”false”

userDNAttribute=”distinguishedName”

userNameAttribute=”sAMAccountName”

userContainer=”OU=FBA,DC=contoso,DC=com”

userObjectClass=”person”

userFilter=”(&amp;(ObjectClass=person))”

scope=”Subtree”

otherRequiredUserAttributes=”sn,givenname,cn” />

Find the <roleManager defaultProvider=”c” enabled=”true” cacheRolesInCookie=”false”> section and add the following example entry to the <Providers> section:

    <add name=”roleManager”

        type=”Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c”

        server=”dc.contoso.com”

        port=”389″

        useSSL=”false”

        groupContainer=”DC=contoso,DC=com”

        groupNameAttribute=”cn”

        groupNameAlternateSearchAttribute=”samAccountName”

        groupMemberAttribute=”member”

        userNameAttribute=”sAMAccountName”

        dnAttribute=”distinguishedName”

        groupFilter=”(&amp;(ObjectClass=group))”

        userFilter=”(&amp;(ObjectClass=person))”

        scope=”Subtree” />

Just substitute the above highlighted parts according to your server and container info and save the web.config file.

After all the above 3 steps of configuring web.config files for CA,STS and WebApp do an IISRESET otherwise STS could break.

Step 3: Add users to the web application

Add the FBA user to the web application. For that Click on manage web applications under CA -> Highlight your web application and select User policy from the top ribbon -> Click on Add user -> Click on the directory icon to add user -> Search for your user

Select Forms Auth user and click ok and give him the appropriate rights. After that access your web application with forms authentication.

Configure FBA in Sharepoint with LDAP   Provider

You will get a forms login page to type username and password like below

Configure FBA in Sharepoint with LDAP   Provider

After all the above you can sucessfully Configure FBA in Sharepoint with LDAP.

Reference – https://docs.microsoft.com/en-us/archive/blogs/spblog/configure-a-sharepoint-2013-web-application-with-forms-based-authentication-with-a-ldap-membership-provider

ravi

Leave a Reply

Your email address will not be published. Required fields are marked *