Recently, I tried configuring LDAP authentication for my SharePoint 2013 application.
Obviously, in case of SharePoint 2013 we need to use Claims based authentication and we need to configure three configuration files:
However, there is one important task that you need to perform on your LDAP server to ensure that the authentication is successful. You need to give administrative permissions to the following accounts on your LDAP server:
The interesting thing here is that SharePoint does not give you the specific error that it cannot access the LDAP directory straight away. It throws in a lot of generic errors such as - User credentials cannot be authenticated, please check user name and password. And somewhere amongst these generic errors is hidden your real error that it cannot access the LDAP server objects for authentication.
Obviously, in case of SharePoint 2013 we need to use Claims based authentication and we need to configure three configuration files:
- Security Token Service web.config
- Central Administration web.config
- The specific web application web.config.
However, there is one important task that you need to perform on your LDAP server to ensure that the authentication is successful. You need to give administrative permissions to the following accounts on your LDAP server:
- Security Token Service application pool account
- Central Administration application pool account
- Web application app pool account.
The interesting thing here is that SharePoint does not give you the specific error that it cannot access the LDAP directory straight away. It throws in a lot of generic errors such as - User credentials cannot be authenticated, please check user name and password. And somewhere amongst these generic errors is hidden your real error that it cannot access the LDAP server objects for authentication.
No comments:
Post a Comment