I am working on some internal training at the moment on the use of alternative authentication methods for WSS and Project and am playing about with LDAP. Having shot myself in the foot by leaving a web.config open and then later saving it over a version that WSS had modified I thought I would take a look at the option within InetMgr (IIS Manager) that allows the editing of the web.config and a nice little UI. Perhaps safer than notepad? I was setting WSS to use two different LDAP providers on two different ports - but the Central Admin site needs to know about both of them. Uncharted territory for me - so when things broke my first guess was that my XML was somehow wrong for adding a second provider - although the UI in InetMgr seemed happy with my addition. Symptoms of the break for me were "File Not Found" on the Operations and Application Management tabs - and the home page went to a Server Error in '/' Application that wouldn't display anything other than the custom error no matter what I tried.
So I removed my XML and the problem stayed. As part of my training was to be comparing web.config files at various points during the training I took my own medicine and fired up windiff. And there it was - the edit configuration option had added an attribute to my <configuration> element. Instead of just <configuration> on line 2, I had <configuration xmlns="http://schema.microsoft.com/.netConfiguration/v2.0">. Removing the extra text got my Central Administration site up and running again.
This is a known issue - KB 917238 - but in case you see these symptoms - take a look at your web.config.
Let me know if anyone out there is interested in authentication of Project Server 2007 with LDAP and I will blog my findings so far.
Technorati Tags: Project Server 2007
Hi I find ur work very interesting. My boss just asked to include user authentication on a remote Open Ldap server. As I'm a bit new to interaction with MS products like sharepoint and project, I need all the support u can/whish give. Your articles are exaustive but a more wide & step by step explanation policy would be apreciated as u r one of the few resources on this topic ppl can find on web.
ty in advance
Thanks for the feedback Nelson. I will try to give more detailed steps - or at least point to resources where they go into more depth. For LDAP I found a great deal at the following sites:-
Office 2007 Authentication Info on TechNet
Introduction to Win2K3 ADAM
ADAM Reviewer’s Guide
Useful Blog posting on WSS and ADAM
Reference for SSL configuration of LDAP
Another useful tool for troubleshooting with LDAP is ldp.exe which is included with the Windows 2003 Server SP1 Support tools at http://www.microsoft.com/downloads/details.aspx?familyid=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D&displaylang=en
It has a great help file with it too.
What I sometimes read about authorization providers for Sharepoint 2007 is this:
"LDAP authentication is also handled by using form-based authentication. But in the case of LDAP, the backend datastore is the Active Directory database itself"
So can only AD being used als LDAP authentication provides. What about open-Ldap Linux-Unix based directory systems?
The LDAP authentication should work against any LDAP compliant directory. I have heard of users with both Novell and Sun Solaris having success - so any LINUX/UNIX system should work too. Usually just a case of getting the edits to the web.config files just right to work with your directory, along with the correct permissions being set to allow it to be read.
I have a strange problem. I have an ASP application which authenticates users based on their LDAP credentials. The code works fine in Windows Server 2000 but conks in Windows Server 2003. Any clue why this happens? I have searched all over but could not find anything on this.
LDAP isn't my strong subject - but I'd suggest looking at a newtmon trace to see if you can find where this is going wrong. Could be a difference in IIS - or perhaps firewall settings compared to 2000.