• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2681
  • Last Modified:

Configure Sharepoint 2013 for LDAP FBA Authentication

Hi,

At our new sharepoint 2013 environment we try to configure FAB authentication by LDAP using this article: http://technet.microsoft.com/en-us/library/ee806890.aspx
I suppose only the steps Phase 1 and Phase 2 are needed.
After making the changes my page is not loading anymore.
We also tried the FBA Configuration Manager, also after Apply the Config to a new clean Sharepoint site the page will not load anymore.
Did anyone figured out how to get LDAP authentication working?

Kind Regards,
J.Romkes
0
jromkes
Asked:
jromkes
  • 8
  • 7
1 Solution
 
Walter CurtisSharePoint AEDCommented:
Yes, FBA LDAP does work.

What do you mean by page does not load anymore? It is difficult to troubleshoot with such a general symptom.

Thanks
0
 
Justin SmithSr. System EngineerCommented:
I'm also concerned about the "does not load anymore" statement.  Were you trying this on an existing web application?
0
 
jromkesAuthor Commented:
After adding the code to the web.config of the central admin page, ( found at http://social.technet.microsoft.com/Forums/sharepoint/en-US/331835da-893c-4bfc-ba55-7a321b6496e6/fba-using-ldap-authentication-in-sp-2013?forum=sharepointadmin )

I see this error in the browser:
screenshot browser error
Step 2:Add below entry in web.config of application and Central admin.

<system.web>

<membership defaultProvider="i">

<providers>

<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

<add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="ECCOE-SPS2010" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="OU=PRODUCTION,DC=SPS2010,DC=ECCOE" userObjectClass="person" userFilter="(ObjectClass=person)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />

</providers>

</membership>

<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">

<providers>

<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

<add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="ECCOE-SPS2010" port="389" useSSL="false" groupContainer="OU=PRODUCTION,DC=SPS2010,DC=ECCOE" groupNameAttribute="cn" groupNameAlternateSearchAttribute="samAccountName" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" userFilter="(ObjectClass=person)" scope="Subtree" />

</providers>

</roleManager>

</system.web>

And

<PeoplePickerWildcards>

<clear />

<add key="AspNetSqlMembershipProvider" value="%" />

<add key="LdapMembershipProvider" value="*" />

<add key="LdapRoleManager" value="*" />

</PeoplePickerWildcards>
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
Walter CurtisSharePoint AEDCommented:
0
 
jromkesAuthor Commented:
After changing the web.config files in the article mentioned by SneekCo it goes wrong at the next step "Configure Forms-Based Authentication in Central Administration"
The central administration page wil not load in the browser having the error posted previously.
The event log will log this at that moment:

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 6-2-2014 12:35:28
Event time (UTC): 6-2-2014 11:35:28
Event ID: 672ae6e9291f491ba6c197be1a8c935d
Event sequence: 19
Event occurrence: 18
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/52510270/ROOT-1-130361599046414006
    Trust level: Full
    Application Virtual Path: /
    Application Path: C:\inetpub\wwwroot\wss\VirtualDirectories\47754\
    Machine name: SP01
 
Process information:
    Process ID: 5248
    Process name: w3wp.exe
    Account name: REHOBOTH\Administrator
 
Exception information:
    Exception type: InvalidProgramException
    Exception message: Common Language Runtime detected an invalid program.
   at System.Web.Security.Roles.Initialize()
   at System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

 
 
Request information:
    Request URL: http://sp01:31704/_layouts/15/1043/styles/corev15.css?rev=vjvCVOi+Sm2BqpxbfeUuRg== 
    Request path: /_layouts/15/1043/styles/corev15.css
    User host address: 192.168.52.104
    User:  
    Is authenticated: False
    Authentication Type:  
    Thread account name: REHOBOTH\Administrator
 
Thread information:
    Thread ID: 13
    Thread account name: REHOBOTH\Administrator
    Is impersonating: True
    Stack trace:    at System.Web.Security.Roles.Initialize()
   at System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
0
 
jromkesAuthor Commented:
How to be sure about the correct version number in: ...Microsoft.Office.Server, Version=12.0.0.0....
0
 
Walter CurtisSharePoint AEDCommented:
Return to your original or last known good config files so that CA will start, and attempt the process again. Be very careful dealing with the config files. On small mistake and the site will not render. Good Luck
0
 
jromkesAuthor Commented:
I already returned to the original config a lot of times, at least at every attempt.
Also by rolling back the snapshot of this machine.
The article SneekCo adviced is not talking about configuring the SecurityTokenServiceApplication (STA) web.config, like other articles do.
Do I need to configure the STA? Does a misconfigured or not configured STA web.config can cause not loading the Central Administration page?
0
 
Walter CurtisSharePoint AEDCommented:
Yes, there should be an entry in the security token service config file.

Also, the error message above is reference an error in the Central Admin web config file.

That means there are three files that need to be modified for FBA. The web config file for the web application, the config file for Central Admin and the config file for the STS service.
0
 
jromkesAuthor Commented:
When paste this code at the system.web section of the Central Admin web.config the page will give an error page, after removing this code the page will load fine. Can anyone help me to find the wrong code?

<membership defaultProvider="AspNetSqlMembershipProvider">
      <providers>
        <add name="membership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="SP01.r******h.nu" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="OU=FBA,DC=R******H,DC=NU" userObjectClass="person" userFilter="(ObjectClass=person)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />
      </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
      <providers>
        <add name="rolemanager" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="SP01.r******h.nu" port="389" useSSL="false" groupContainer="OU=FBA,DC=R******H,DC=NU" groupNameAttribute="cn" groupNameAlternateSearchAttribute="samAccountName" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" userFilter="(ObjectClass=person)" scope="Subtree" />
      </providers>
    </roleManager>

The bold code was changed by myself, the original code is:
groupFilter="((ObjectClass=group)"
userFilter="((ObjectClass=person)"

This is the EventLog error:
Log Name:      Application
Source:        ASP.NET 4.0.30319.0
Date:          10-2-2014 08:46:04
Event ID:      1309
Task Category: Web Event
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SP01.r******h.nu
Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 10-2-2014 08:46:03
Event time (UTC): 10-2-2014 07:46:03
Event ID: fa1addc212c54ef8804bb41bddf69d20
Event sequence: 2
Event occurrence: 1
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/1989627596/ROOT-3-130364919440149296
    Trust level: Full
    Application Virtual Path: /
    Application Path: C:\inetpub\wwwroot\wss\VirtualDirectories\32686\
    Machine name: SP01
 
Process information:
    Process ID: 7708
    Process name: w3wp.exe
    Account name: R******H\administrator
 
Exception information:
    Exception type: InvalidProgramException
    Exception message: Common Language Runtime detected an invalid program.
   at System.Web.Security.Roles.Initialize()
   at System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

 
 
Request information:
    Request URL: http://sp01:31940/_layouts/15/1043/styles/error.css?rev=5935tKqaPgqYRcrzU55gzA== 
    Request path: /_layouts/15/1043/styles/error.css
    User host address: fe80::6d54:a838:f4f0:2479
    User:  
    Is authenticated: False
    Authentication Type:  
    Thread account name: R******H\administrator
 
Thread information:
    Thread ID: 12
    Thread account name: R******H\administrator
    Is impersonating: True
    Stack trace:    at System.Web.Security.Roles.Initialize()
   at System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
 
 
Custom event details:

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="ASP.NET 4.0.30319.0" />
    <EventID Qualifiers="32768">1309</EventID>
    <Level>3</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-02-10T07:46:04.000000000Z" />
    <EventRecordID>10385</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SP01.r******h.nu</Computer>
    <Security />
  </System>
  <EventData>
    <Data>3005</Data>
    <Data>An unhandled exception has occurred.</Data>
    <Data>10-2-2014 08:46:03</Data>
    <Data>10-2-2014 07:46:03</Data>
    <Data>fa1addc212c54ef8804bb41bddf69d20</Data>
    <Data>2</Data>
    <Data>1</Data>
    <Data>0</Data>
    <Data>/LM/W3SVC/1989627596/ROOT-3-130364919440149296</Data>
    <Data>Full</Data>
    <Data>/</Data>
    <Data>C:\inetpub\wwwroot\wss\VirtualDirectories\32686\</Data>
    <Data>SP01</Data>
    <Data>
    </Data>
    <Data>7708</Data>
    <Data>w3wp.exe</Data>
    <Data>R******H\administrator</Data>
    <Data>InvalidProgramException</Data>
    <Data>Common Language Runtime detected an invalid program.
   at System.Web.Security.Roles.Initialize()
   at System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously)

</Data>
    <Data>http://sp01:31940/_layouts/15/1043/styles/error.css?rev=5935tKqaPgqYRcrzU55gzA==</Data>
    <Data>/_layouts/15/1043/styles/error.css</Data>
    <Data>fe80::6d54:a838:f4f0:2479%14</Data>
    <Data>
    </Data>
    <Data>False</Data>
    <Data>
    </Data>
    <Data>R******H\administrator</Data>
    <Data>12</Data>
    <Data>R******H\administrator</Data>
    <Data>True</Data>
    <Data>   at System.Web.Security.Roles.Initialize()
   at System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously)
</Data>
  </EventData>
</Event>
0
 
Walter CurtisSharePoint AEDCommented:
Change these lines in your file:

<membership defaultProvider="AspNetSqlMembershipProvider">
 to
<membership defaultProvider="membership">
 and
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
to
<roleManager enabled="true" defaultProvider="rolemanager">
0
 
jromkesAuthor Commented:
I'm sorry, same error after changing.
0
 
Walter CurtisSharePoint AEDCommented:
Are you modifying file in notepad. If so, I would suggest you use an xml editor that clearly highlights the xml nodes in color. A common error is that the section in not correctly in the system.web node and it is much easier to spot errors in an xml editor. Just an idea!
0
 
jromkesAuthor Commented:
I use Visual Studio and Notepad++ editor.
Should I focus at:  Exception message: Common Language Runtime detected an invalid program?
0
 
Walter CurtisSharePoint AEDCommented:
Logically No - here is what you know

with the original files all works fine
when the lines are added to the config file, the errors occurs. The lines are more than likely incorrectly added to the file. The error message is deceptive and are a result of having lines of code in the wrong place. And don't take this the wrong way. Working with web.config files is very delicate and is so sensitive, one character in the wrong place will crash the site and will produce such a scary error message you will think a monster is outside about to crush the building. Just be very meticulous in adding lines to the web config file and you will be fine.
0
 
Walter CurtisSharePoint AEDCommented:
Many Thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now