Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Configure the Central Administration Web.Config file

 

  1. Launch Internet Information Services (IIS) Manager

  2. In the console tree, open the server name, and then Sites

  3. Right-click the SharePoint Central Administration site, and then click Explore.

  4. In the folder window, double-click the Web.Config file.

  5. In the <Configuration> section, find the <system.web> section and add the following example entry:

Code Block
languagexml
titleweb.config
<membership defaultProvider="AspNetSqlMembershipProvider">
      <providers>
        <add name="LdapMember" 
             type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" 
             server="dc.qadomainyourdomain.com" 
             port="389" 
             useSSL="false" 
             userDNAttribute="distinguishedName" 
             userNameAttribute="sAMAccountName" 
             userContainer="DC=qadomainyourdomain,DC=com" 
             userObjectClass="person" 
             userFilter="(ObjectClass=person)" 
             scope="Subtree" 
             otherRequiredUserAttributes="sn,givenname,cn" />
      </providers>
</membership>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" > 
      <providers>
        <add name="LdapRole" 
             type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
             server="dc.qadomainyourdomain.com" 
             port="389"
             useSSL="false"
             groupContainer="DC=qadomainyourdomain,DC=com" 
             groupNameAttribute="cn"
             groupNameAlternateSearchAttribute="samAccountName"
             groupMemberAttribute="member"
             userNameAttribute="sAMAccountName"
             dnAttribute="distinguishedName"
             groupFilter="(ObjectClass=group)"
             userFilter="(ObjectClass=person)"
             scope="Subtree" />
      </providers>
</roleManager>

In the preceding entry, substitute the following:

  • The fully qualified domain name (FQDN) of your domain controller (your LDAP server) in server="dc.yourdomain.com".

  • The distinguished name of your user container in userContainer="dc=yourdomain,dc=com".

  • The distinguished name of your group container in groupContainer="dc=yourdomain,dc=com".

Configure the Security Token Service Web.Config file

 

  1. In the console tree of Internet Information Services (IIS) Manager, open the SharePoint Web Services site.
  2. In the console tree, right-click SecurityTokenServiceApplication, and then click Explore.
  3. In the folder window, double-click the Web.Config file.
  4. In the <Configuration> section, create a new <system.web> section and add the following example entry:

 

Code Block
languagexml
titleweb.config
<system.web>
	<membership>
	      <providers>
		<add name="LdapMember" 
		     type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" 
		     server="dc.qadomainyourdomain.com" 
		     port="389" 
		     useSSL="false" 
		     userDNAttribute="distinguishedName" 
		     userNameAttribute="sAMAccountName" 
		     userContainer="DC=qadomainyourdomain,DC=com" 
		     userObjectClass="person" 
		     userFilter="(ObjectClass=person)" 
		     scope="Subtree" 
		     otherRequiredUserAttributes="sn,givenname,cn" />
	      </providers>
	</membership>
	<roleManager enabled="true" > 
	      <providers>
		<add name="LdapRole" 
		     type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
		     server="dc.qadomainyourdomain.com" 
		     port="389"
		     useSSL="false"
		     groupContainer="DC=qadomainyourdomain,DC=com"
		     groupNameAttribute="cn"
		     groupNameAlternateSearchAttribute="samAccountName"
		     groupMemberAttribute="member"
		     userNameAttribute="sAMAccountName"
		     dnAttribute="distinguishedName"
		     groupFilter="(ObjectClass=group)"
		     userFilter="(ObjectClass=person)"
		     scope="Subtree" />
	      </providers>
	</roleManager>
</system.web>

In the preceding entry, substitute the following:

  • The fully qualified domain name (FQDN) of your domain controller (your LDAP server) in server="dc.yourdomain.com".

  • The distinguished name of your user container in userContainer="dc=yourdomain,dc=com".

  • The distinguished name of your group container in groupContainer="dc=yourdomain,dc=com".

Configure the new web application Web.Config file

  1. In the console tree of Internet Information Services (IIS) Manager, right-click the site that corresponds to the name of the web applications that you just created, and then click Explore.

  2. In the folder window, double-click the Web.Config file.

  3. In the <Configuration> section, find the <system.web> section.

  4. Find the <membership defaultProvider="i"> section and add the following example entry to the <Providers> section:

  5.  

Code Block
languagexml
titleweb.config
<add name="LdapMember" 
   type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" 
   server="dc.sharepointyourdomain.com" 
   port="389" 
   useSSL="false" 
   userDNAttribute="distinguishedName" 
   userNameAttribute="sAMAccountName" 
   userContainer="OU=SPUsers,DC=sharepointyourdomain,DC=com" 
   userObjectClass="person" 
   userFilter="(ObjectClass=person)" 
   scope="Subtree" 
   otherRequiredUserAttributes="sn,givenname,cn" />Find the <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false"> section and add the following example entry to the <Providers> section:

5.Find the <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false"> section and add the following example entry to the <Providers> section:

 

Code Block
languagexml
titleweb.config
<add name="LdapRole"
   type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
   server="dc.sharepointyourdomain.com" 
   port="389"
   useSSL="false"
   groupContainer="OU=SPUsers,DC=sharepointyourdomain,DC=com"
   groupNameAttribute="cn"
   groupNameAlternateSearchAttribute="samAccountName"
   groupMemberAttribute="member"
   userNameAttribute="sAMAccountName"
   dnAttribute="distinguishedName"
   groupFilter="(ObjectClass=group)"
   userFilter="(ObjectClass=person)"
   scope="Subtree" />

...