Tuesday, October 21, 2008

Unofficial Sitecore 6 Active Directory Module Administrator’s Guide


 

Sitecore has released an Active Directory Module for Sitecore 6 which I believe to be the equivalent of the LDAP Module that was available for version 5.3 and below. This guide will explain how to configure the AD Module in your environment with one AD domain.

  1. Install the AD Module package (you should know how to do this already)

    To verify that it was installed correctly check to see that the following files exist:

  • /bin/LightLDAP.dll
  • /bin/LightLDAPClient.dll
  • /App_Config/Include/ldap.config
  • /sitecore/admin/LDAPLogin.aspx
  • /sitecore/admin/ProviderStatus.aspx


 


 

  1. Open /App_Config/ConnectionStrings.config and add a connection string similar to the one below.

    <add name="LDAPConnection" connectionString="LDAP://{DomainController}/OU={LowestOUName},OU={OUNameAboveLowestOne},DC={DomainName},DC={com or org}"/>

  • DomainController should be the name of one of your company's domain controller server's
  • LowestOUName is the OU you want to get users from
  • OUNameAboveLowestOne is the OU Name above the OU you want to get user's from, you may not have this entry or you may have multiples of this, check out MSDN for LDAP Query specifics.
  • DomainName is the name of your domain
  • Com or org is the .com or .org or .net domain extension


     


     

  1. Open the web.config file and find the <membership provider="sitecore"> tag and add a provider by cutting and pasting from below and filling in your values for the values in brackets.

<add name="{NameOfYourDomain}" type="LightLDAP.SitecoreADMembershipProvider"      connectionStringName="LDAPConnection" applicationName="sitecore"              minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0"             requiresQuestionAndAnswer="false" requiresUniqueEmail="false"             connectionUsername="{Sitecore LDAP User}" connectionPassword="{Sitecore LDAP User Password}" connectionProtection="Secure" attributeMapUsername="sAMAccountName" enableSearchMethods="true" />

  • {NameOfYourDomain} is your domain name
  • {Sitecore LDAP User} is the user that Sitecore will use to connect to your AD
  • {Sitecore LDAP User Password} is the password of the above user/>


     


     

  1. Still within the <membership provider="sitecore"> tag, find the provider:


     

    <add name="sitecore" type="Sitecore.Security.SitecoreMembershipProvider, Sitecore.Kernel" realProviderName="sql" providerWildcard="%" raiseEvents="true" />


     

    and change the realProviderName to switcher so the line now reads


     

    <add name="sitecore" type="Sitecore.Security.SitecoreMembershipProvider, Sitecore.Kernel" realProviderName="switcher" providerWildcard="%" raiseEvents="true" />


     


     

  2. Now find the <roleManager defaultProvider="sitecore" enabled="true"> tag and add a provider by cutting and pasting from below and filling in your values for the values in brackets.

<add name="{NameOfYourDomain}" type="LightLDAP.SitecoreADRoleProvider" ConnectionStringName="LDAPConnection" applicationName="sitecore" username="{Sitecore LDAP User}" password="{Sitecore LDAP User Password}" />

  • {NameOfYourDomain} is your domain name
  • {Sitecore LDAP User} is the user that Sitecore will use to connect to your AD
  • {Sitecore LDAP User Password} is the password of the above user/>


 


 

  1. Still within the <roleManager defaultProvider="sitecore" enabled="true"> tag, find the provider:


     

    <add name="sitecore" type="Sitecore.Security.SitecoreRoleProvider, Sitecore.Kernel" realProviderName="sql" raiseEvents="true" />


     

    and change the realProviderName to switcher so the line now reads


     

    <add name="sitecore" type="Sitecore.Security.SitecoreRoleProvider, Sitecore.Kernel" realProviderName="switcher" raiseEvents="true" />


     

  2. Add a machineKey to the <system.web> section. It will look like

<machineKey validationKey="" decryptionKey="" validation="SHA1" /> you can go here http://aspnetresources.com/tools/keycreator.aspx to have one created for you, just generate one using the default values on that page. Example:

<machineKey validationKey="F0893ED36F497B12D0374825033C51F92E85A028C05E65474FB39D41240A6F11F06B531FFC07C3A53239CE8B789C624A7486556E44D8F7165A249605E86375E7"

decryptionKey="7509A38E7B68F1A610D6463B977805F2008D9EDAF2C55E79" validation="SHA1" />


 

  1. Find a section in the web.config similar to <switchingProviders> and add the sections in bold.

<membership>

<provider providerName="sql" storeFullNames="true" wildcard="%" domains="*" />

     <provider providerName="{NameOfYourDomain}" storeFullNames="false" wildcard="*" domains="{NameOfYourDomain}" />

</membership>

<roleManager>

<provider providerName="sql" storeFullNames="true" wildcard="%" domains="*" />

     <provider providerName="{NameOfYourDomain}" storeFullNames="false" wildcard="*" domains="{NameOfYourDomain}" />

</roleManager>

<profile>

<provider providerName="sql" storeFullNames="true" wildcard="%" domains="*" />

</profile>

</switchingProviders>


 

  1. Open up /App_Config/Security/Domains.config.xml and add a domain.

<domain name="{NameOfYourDomain}" ensureAnonymousUser="false" />


 

If you've done everything correctly you should now be able to open up User Manager in Sitecore and see users from your AD OU listed.

5 comments:

Anonymous said...

Can anyone recommend the top Endpoint Security program for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: N-able N-central software deployment
? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!

Shane said...

Thanks for tip Brad. It worked a treat. Now that this done, how do you show search results in the phone book with values form AD?

Thanks.

Anonymous said...

Nice tutorial, but it did not work for me... after some "only AD and ADAM connections strings are allowed" and "user or password incorrect" errors, the connection seems to work but after login the "Parser Error Message: An operations error occurred." appears...with a hint to the SitecoreADMembershipProvider configuration
the log shows a few reconnects...

G-thomas said...

I have a Custom membership provider and the Sitecore AD membership provider setup.
I can see all the AD users and roles from the CMS side but when I try to initialize the sitecore AD role provider from the intranet website it is calling my custom role provider instead of AD role provider when I try to get the user roles. The sitecore AD membership provider does work though.
Any suggestions/soultions is appreciated.

electronic signature Microsoft said...

It is really amazing! So many new things that I even didn't hear about them. Difficult to follow for a not professional, a private individual. The world goes on progressing by innovating and inventing.