Solved

Configure Sharepoint 2013 for LDAP FBA Authentication

Posted on 2014-02-05
16
2,164 Views
Last Modified: 2014-07-23
Hi,

At our new sharepoint 2013 environment we try to configure FAB authentication by LDAP using this article: http://technet.microsoft.com/en-us/library/ee806890.aspx
I suppose only the steps Phase 1 and Phase 2 are needed.
After making the changes my page is not loading anymore.
We also tried the FBA Configuration Manager, also after Apply the Config to a new clean Sharepoint site the page will not load anymore.
Did anyone figured out how to get LDAP authentication working?

Kind Regards,
J.Romkes
0
Comment
Question by:jromkes
  • 8
  • 7
16 Comments
 
LVL 16

Expert Comment

by:Walter Curtis
ID: 39835583
Yes, FBA LDAP does work.

What do you mean by page does not load anymore? It is difficult to troubleshoot with such a general symptom.

Thanks
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39835844
I'm also concerned about the "does not load anymore" statement.  Were you trying this on an existing web application?
0
 

Author Comment

by:jromkes
ID: 39836005
After adding the code to the web.config of the central admin page, ( found at http://social.technet.microsoft.com/Forums/sharepoint/en-US/331835da-893c-4bfc-ba55-7a321b6496e6/fba-using-ldap-authentication-in-sp-2013?forum=sharepointadmin )

I see this error in the browser:
screenshot browser error
Step 2:Add below entry in web.config of application and Central admin.

<system.web>

<membership defaultProvider="i">

<providers>

<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

<add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="ECCOE-SPS2010" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="OU=PRODUCTION,DC=SPS2010,DC=ECCOE" userObjectClass="person" userFilter="(ObjectClass=person)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />

</providers>

</membership>

<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">

<providers>

<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

<add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="ECCOE-SPS2010" port="389" useSSL="false" groupContainer="OU=PRODUCTION,DC=SPS2010,DC=ECCOE" groupNameAttribute="cn" groupNameAlternateSearchAttribute="samAccountName" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" userFilter="(ObjectClass=person)" scope="Subtree" />

</providers>

</roleManager>

</system.web>

And

<PeoplePickerWildcards>

<clear />

<add key="AspNetSqlMembershipProvider" value="%" />

<add key="LdapMembershipProvider" value="*" />

<add key="LdapRoleManager" value="*" />

</PeoplePickerWildcards>
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 16

Accepted Solution

by:
Walter Curtis earned 500 total points
ID: 39836214
0
 

Author Comment

by:jromkes
ID: 39838553
After changing the web.config files in the article mentioned by SneekCo it goes wrong at the next step "Configure Forms-Based Authentication in Central Administration"
The central administration page wil not load in the browser having the error posted previously.
The event log will log this at that moment:

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 6-2-2014 12:35:28
Event time (UTC): 6-2-2014 11:35:28
Event ID: 672ae6e9291f491ba6c197be1a8c935d
Event sequence: 19
Event occurrence: 18
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/52510270/ROOT-1-130361599046414006
    Trust level: Full
    Application Virtual Path: /
    Application Path: C:\inetpub\wwwroot\wss\VirtualDirectories\47754\
    Machine name: SP01
 
Process information:
    Process ID: 5248
    Process name: w3wp.exe
    Account name: REHOBOTH\Administrator
 
Exception information:
    Exception type: InvalidProgramException
    Exception message: Common Language Runtime detected an invalid program.
   at System.Web.Security.Roles.Initialize()
   at System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

 
 
Request information:
    Request URL: http://sp01:31704/_layouts/15/1043/styles/corev15.css?rev=vjvCVOi+Sm2BqpxbfeUuRg== 
    Request path: /_layouts/15/1043/styles/corev15.css
    User host address: 192.168.52.104
    User:  
    Is authenticated: False
    Authentication Type:  
    Thread account name: REHOBOTH\Administrator
 
Thread information:
    Thread ID: 13
    Thread account name: REHOBOTH\Administrator
    Is impersonating: True
    Stack trace:    at System.Web.Security.Roles.Initialize()
   at System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
0
 

Author Comment

by:jromkes
ID: 39838580
How to be sure about the correct version number in: ...Microsoft.Office.Server, Version=12.0.0.0....
0
 
LVL 16

Expert Comment

by:Walter Curtis
ID: 39838866
Return to your original or last known good config files so that CA will start, and attempt the process again. Be very careful dealing with the config files. On small mistake and the site will not render. Good Luck
0
 

Author Comment

by:jromkes
ID: 39838983
I already returned to the original config a lot of times, at least at every attempt.
Also by rolling back the snapshot of this machine.
The article SneekCo adviced is not talking about configuring the SecurityTokenServiceApplication (STA) web.config, like other articles do.
Do I need to configure the STA? Does a misconfigured or not configured STA web.config can cause not loading the Central Administration page?
0
 
LVL 16

Expert Comment

by:Walter Curtis
ID: 39839050
Yes, there should be an entry in the security token service config file.

Also, the error message above is reference an error in the Central Admin web config file.

That means there are three files that need to be modified for FBA. The web config file for the web application, the config file for Central Admin and the config file for the STS service.
0
 

Author Comment

by:jromkes
ID: 39846622
When paste this code at the system.web section of the Central Admin web.config the page will give an error page, after removing this code the page will load fine. Can anyone help me to find the wrong code?

<membership defaultProvider="AspNetSqlMembershipProvider">
      <providers>
        <add name="membership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="SP01.r******h.nu" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="OU=FBA,DC=R******H,DC=NU" userObjectClass="person" userFilter="(ObjectClass=person)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />
      </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
      <providers>
        <add name="rolemanager" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="SP01.r******h.nu" port="389" useSSL="false" groupContainer="OU=FBA,DC=R******H,DC=NU" groupNameAttribute="cn" groupNameAlternateSearchAttribute="samAccountName" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" userFilter="(ObjectClass=person)" scope="Subtree" />
      </providers>
    </roleManager>

The bold code was changed by myself, the original code is:
groupFilter="((ObjectClass=group)"
userFilter="((ObjectClass=person)"

This is the EventLog error:
Log Name:      Application
Source:        ASP.NET 4.0.30319.0
Date:          10-2-2014 08:46:04
Event ID:      1309
Task Category: Web Event
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SP01.r******h.nu
Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 10-2-2014 08:46:03
Event time (UTC): 10-2-2014 07:46:03
Event ID: fa1addc212c54ef8804bb41bddf69d20
Event sequence: 2
Event occurrence: 1
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/1989627596/ROOT-3-130364919440149296
    Trust level: Full
    Application Virtual Path: /
    Application Path: C:\inetpub\wwwroot\wss\VirtualDirectories\32686\
    Machine name: SP01
 
Process information:
    Process ID: 7708
    Process name: w3wp.exe
    Account name: R******H\administrator
 
Exception information:
    Exception type: InvalidProgramException
    Exception message: Common Language Runtime detected an invalid program.
   at System.Web.Security.Roles.Initialize()
   at System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

 
 
Request information:
    Request URL: http://sp01:31940/_layouts/15/1043/styles/error.css?rev=5935tKqaPgqYRcrzU55gzA== 
    Request path: /_layouts/15/1043/styles/error.css
    User host address: fe80::6d54:a838:f4f0:2479
    User:  
    Is authenticated: False
    Authentication Type:  
    Thread account name: R******H\administrator
 
Thread information:
    Thread ID: 12
    Thread account name: R******H\administrator
    Is impersonating: True
    Stack trace:    at System.Web.Security.Roles.Initialize()
   at System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
 
 
Custom event details:

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="ASP.NET 4.0.30319.0" />
    <EventID Qualifiers="32768">1309</EventID>
    <Level>3</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-02-10T07:46:04.000000000Z" />
    <EventRecordID>10385</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SP01.r******h.nu</Computer>
    <Security />
  </System>
  <EventData>
    <Data>3005</Data>
    <Data>An unhandled exception has occurred.</Data>
    <Data>10-2-2014 08:46:03</Data>
    <Data>10-2-2014 07:46:03</Data>
    <Data>fa1addc212c54ef8804bb41bddf69d20</Data>
    <Data>2</Data>
    <Data>1</Data>
    <Data>0</Data>
    <Data>/LM/W3SVC/1989627596/ROOT-3-130364919440149296</Data>
    <Data>Full</Data>
    <Data>/</Data>
    <Data>C:\inetpub\wwwroot\wss\VirtualDirectories\32686\</Data>
    <Data>SP01</Data>
    <Data>
    </Data>
    <Data>7708</Data>
    <Data>w3wp.exe</Data>
    <Data>R******H\administrator</Data>
    <Data>InvalidProgramException</Data>
    <Data>Common Language Runtime detected an invalid program.
   at System.Web.Security.Roles.Initialize()
   at System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously)

</Data>
    <Data>http://sp01:31940/_layouts/15/1043/styles/error.css?rev=5935tKqaPgqYRcrzU55gzA==</Data>
    <Data>/_layouts/15/1043/styles/error.css</Data>
    <Data>fe80::6d54:a838:f4f0:2479%14</Data>
    <Data>
    </Data>
    <Data>False</Data>
    <Data>
    </Data>
    <Data>R******H\administrator</Data>
    <Data>12</Data>
    <Data>R******H\administrator</Data>
    <Data>True</Data>
    <Data>   at System.Web.Security.Roles.Initialize()
   at System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously)
</Data>
  </EventData>
</Event>
0
 
LVL 16

Expert Comment

by:Walter Curtis
ID: 39847418
Change these lines in your file:

<membership defaultProvider="AspNetSqlMembershipProvider">
 to
<membership defaultProvider="membership">
 and
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
to
<roleManager enabled="true" defaultProvider="rolemanager">
0
 

Author Comment

by:jromkes
ID: 39847461
I'm sorry, same error after changing.
0
 
LVL 16

Expert Comment

by:Walter Curtis
ID: 39847505
Are you modifying file in notepad. If so, I would suggest you use an xml editor that clearly highlights the xml nodes in color. A common error is that the section in not correctly in the system.web node and it is much easier to spot errors in an xml editor. Just an idea!
0
 

Author Comment

by:jromkes
ID: 39847545
I use Visual Studio and Notepad++ editor.
Should I focus at:  Exception message: Common Language Runtime detected an invalid program?
0
 
LVL 16

Expert Comment

by:Walter Curtis
ID: 39847594
Logically No - here is what you know

with the original files all works fine
when the lines are added to the config file, the errors occurs. The lines are more than likely incorrectly added to the file. The error message is deceptive and are a result of having lines of code in the wrong place. And don't take this the wrong way. Working with web.config files is very delicate and is so sensitive, one character in the wrong place will crash the site and will produce such a scary error message you will think a monster is outside about to crush the building. Just be very meticulous in adding lines to the web config file and you will be fine.
0
 
LVL 16

Expert Comment

by:Walter Curtis
ID: 40215262
Many Thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The Scenario: Let’s say you have a quote worksheet in Excel that you use to work up sales figures and such for your clients. You utilize SharePoint to manage and keep track of these documents. You would like values from your worksheet to populate Sh…
There is one common problem that all we SharePoint developers share: custom solution deployment. This topic can't be covered fully in this short article, so all I want to do in this one is to review it from a development-to-operations perspectiv…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question