Monday 12 August 2013

Configure LDAP Authentication for your SharePoint 2010 or 2013 site

Recently, I tried configuring LDAP authentication for my SharePoint 2013 application.

Obviously, in case of SharePoint 2013 we need to use Claims based authentication and we need to configure three configuration files:
  • Security Token Service web.config
  • Central Administration web.config
  • The specific web application web.config.
There are many blogs explaining the details of these configurations. Here is an interesting link that explains stuff in detail - http://sharepointchick.com/archive/2010/05/06/configuring-claims-and-forms-based-authentication-for-use-with-an.aspx

However, there is one important task that you need to perform on your LDAP server to ensure that the authentication is successful. You need to give administrative permissions to the following accounts on your LDAP server:
  • Security Token Service application pool account
  • Central Administration application pool account
  • Web application app pool account.
This simple task had me hung up for quite a few hours (or days, I can't really recollect).

The interesting thing here is that SharePoint does not give you the specific error that it cannot access the LDAP directory straight away. It throws in a lot of generic errors such as - User credentials cannot be authenticated, please check user name and password. And somewhere amongst these generic errors is hidden your real error that it cannot access the LDAP server objects for authentication.

No comments:

Post a Comment