LDAP Forms Authentication revisited

I’ve had a few comments on the configuration of Forms Authentication using LDAP and thought it worth raising some of these points in a new posting.


1.  LDAP forms authentication is only supported by Office Servers and not WSS

The architecture for forms authentication is based on WSS 3.0 but the specific implementation described in mine (and others) posting for use of Active Directory Application Mode (ADAM) and LDAP authentication is based on the Microsoft.Office.Server.Security.LDAPMembershipProvider and so is a component that shipped with Office Servers (Microsoft Office SharePoint Server, Microsoft Office Project Server, Microsoft Office Forms Server…).  So if you just have WSS 3.0 then you will not find this component.  One possible option might be to use the ASPNET Active Directory Provider and configure this for the LDAP port ADAM is running on (see http://blogs.msdn.com/harsh/archive/2007/01/10/forms-based-authentication-in-moss.aspx for some guidance) .  Or you could write your own authentication provider for LDAP… On-demand webcast here – http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?culture=en-US&EventID=1032346257&CountryCode=US

2.  New ADAM users are disabled by default

If you are using ADAM hopefully you have already discovered that by default any new user is disabled.  To enable you need to set the msDS-UserAccountDisabled attribute of the user to false.

3.  Need to give ANONYMOUS LOGON read access to directory

I haven’t needed to do this and certainly would not recommend it in a production environment.  I am guessing it relates to the account used for some application pool is set such that it appears to the directory as ANONYMOUS.  Much better to have an explicit user and give an explicit permission. 

Technorati Tags: Project Server 2007