If you are using MOSS and want to authenticate to AD through forms, MOSS offers you a custom membership provider to AD (and any other directory service that implements LDAP protocol). There is many articles and posts that talk about it here and here (broken link L). Recently I have configured it with the following fragment in the web.config: <membership And get always this stack error: Event Type: Error Techinal Details: I was able to make a LDAP query using LDAP://LITWARE as a connection string. But the provider was not able to connect to the server because it cannot resolve the IP of the LDAP server. If I replace the server="litwareinc" for server="127.0.0.1" (DC IP) or server="litwareinc.com" all works. Finally my web.config looks like this: <membership
defaultProvider="SharePointLdapMembershipProvider">
<providers>
<add
name="SharePointLdapMembershipProvider" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bCe111e9429c" server="litwareinc"
port="389"
useSSL="false"
userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="CN=Users,DC=litwareinc,DC=com" userObjectClass="person" userFilter="((ObjectCategory=group)(ObjectClass=person))"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
<roleManager
defaultProvider="SharePointLdapRoleProvider" enabled="true"
cacheRolesInCookie="true" cookieName=".PeopleDCRole">
<providers>
<add
name="SharePointLdapRoleProvider" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bCe111e9429c" server="litwareinc"
port="389"
useSSL="false"
groupContainer="DC=litwareinc,DC=com" groupNameAttribute="cn" groupMemberAttribute="member" userNameAttribute="sAMAccountName" nAttribute="distinguishedName"
groupFilter="(ObjectClass=group)"
scope="Subtree" />
</providers>
</roleManager>
Event Source: Office SharePoint Server
Event Category: Office Server General
Event ID: 7888
Date: 29/06/2008
Time: 3:45:39
User: N/A
Computer: MOSS
Description:
A runtime exception was detected. Details follow.
Message: The server is not operational.
System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at Microsoft.Office.Server.Security.LDAP.FindOneObject(DirectoryEntry searchRoot, String filter, SearchScope scope, String[] propertiesToLoad, ResultPropertyCollection& entryProperties)
at Microsoft.Office.Server.Security.LdapMembershipProvider.GetUserAttributeBySearchProperty(String searchValue, String searchProperty, String returnAttribute)
defaultProvider="SharePointLdapMembershipProvider">
<providers>
<add
name="SharePointLdapMembershipProvider" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bCe111e9429c" server="litwareinc.com"
port="389"
useSSL="false"
userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="CN=Users,DC=litwareinc,DC=com" userObjectClass="person" userFilter="((ObjectCategory=group)(ObjectClass=person))"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
<roleManager
defaultProvider="SharePointLdapRoleProvider" enabled="true"
cacheRolesInCookie="true" cookieName=".PeopleDCRole">
<providers>
<add
name="SharePointLdapRoleProvider" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bCe111e9429c" server="litwareinc.com"
port="389"
useSSL="false"
groupContainer="DC=litwareinc,DC=com" groupNameAttribute="cn" groupMemberAttribute="member" userNameAttribute="sAMAccountName" nAttribute="distinguishedName"
groupFilter="(ObjectClass=group)"
scope="Subtree" />
</providers>
</roleManager>
Then, you always need to ensure that the IP of your LDAP server can be resolved.
Note: For the user picker you need to add this line to the PeoplePickerWildcards section to allow the search function:
<PeoplePickerWildcards>
<clear />
<add key="AspNetSqlMembershipProvider" value="%" />
<add key="SharePointLdapMembershipProvider" value="*" />
</PeoplePickerWildcards>
Enjoy it!
Sunday, June 29, 2008
Error “Server is not operational” using MOSS LDAP Membership Provider
Subscribe to:
Post Comments (Atom)
Posts
1 comment:
Hi Alex
I use that for membership
add name="ActiveDirectoryFullPN"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
attributeMapUsername="userPrincipalName"
connectionStringName="ADServiceFull"
connectionUsername="hmc\admin.portal"
connectionPassword="*******"
enableSearchMethods="true"
requiresUniqueEmail="true"
attributeMapEmail="mail"
because this one following your instructions doesn't work:
add name="LdapMembership"
type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
server="SRV001.hmc.local"
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="userPrincipalName"
userContainer="OU=Customer,OU=Portal,DC=hmc,DC=local"
userObjectClass="person" userFilter="((ObjectCategory=group)(ObjectClass=person))"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn"
We can not see any result in the search window. But the really problem is I can not find Groups and this is my configuration:
add name="LdapRole"
type="Microsoft.Office.Server.Security.LDAPRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
server="SRV001.hmc.local"
port="389"
useSSL="false"
groupContainer="OU=Customer, OU=Portal, DC=hmc,DC=local"
groupNameAttribute="cn"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(ObjectClass=group)"
scope="Subtree"
Thanks,
David
Post a Comment