Monday, 9 June 2014

Active Directory Integration with Sitecore: Quick Steps

Leave a Comment
In this blog post; I am going to explain how to integrate Active Directory with Sitecore. The Sitecore CMS Active Directory module provides the integration of Active Directory domain with the Sitecore CMS solution. You can integrate the domain users and groups available into Sitecore CMS as Sitecore users and Sitecore roles immediately after the module installation and configuration.  The Active Directory module is based on the ASP.NET security model architecture.

Basic configuration steps:

  1. Download Active Directory Module: Download Active Directory Module from Sitecore SDN.
  2. Install Active Directory Module: After package installation, you have to modify few configuration files to complete the installation. In the main /App_Config/connectionstrings.config file, add a connection string to the <connectionStrings> section. For example:
    <connectionStrings>
    <add name="LDAPConnString" connectionString="LDAP://ADServer.domain.name/OU=Managers,DC=ADDomain,DC=company,DC=com"/>
    </connectionStrings>
    
    • In this example, Managers is just a sample organization unit. Replace it with the name of a real OU.
    • The LDAP prefix is case sensitive. You should use only capital letters when writing the LDAP prefix.
    • For more information about the format of the LDAP connection string, see the article LDAP ADsPath on MSDN.
  3. Configuring the Membership Provider: Open the web.config file, search for the <membership> element in the <system.web> section and paste the following definition inside it (the order is not important).
    <add name="customAD" type="LightLDAP.SitecoreADMembershipProvider" connectionStringName="LDAPConnString" applicationName="sitecore" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" 
    connectionUsername="[Enter User Name]" connectionPassword="[Enter Password]" connectionProtection="Secure" attributeMapUsername="sAMAccountName" enableSearchMethods="true" />
    In above lines, replace connectionUsername and connectionPassword. To connect to the Active Directory domain, you should specify a user who has sufficient rights to perform the necessary operations. The provider uses these credentials when it connects to the AD domain.
  4. Configuring the Role Provider: Open the web.config file, search for the <roleManager> element in the <system.web> section and paste the following definition inside it (the order is not important).
    <add name="customAD" type="LightLDAP.SitecoreADRoleProvider" connectionStringName="LDAPConnString" applicationName="sitecore" 
    username="[Enter User Name]" password="[Enter Password]" attributeMapUsername="sAMAccountName" cacheSize="2MB" />
    In above lines, replace connectionUsername and connectionPassword.
  5. Activating Switching Providers: To make the Sitecore aware of an extra source of users and roles, the switching mechanism must be activated. To activate the switching mechanism make below changes:
    • In web.config file, in <system.web> section, browse for <membership> element and find the provider called sitecore and set its realProviderName attribute to switcher.
    • In web.config file, in <system.web> section, browse for <roleManager> element and find the provider called sitecore and set its realProviderName attribute to switcher.
  6. Adding a New Domain: Open the App_Config/Security/Domains.config.xml file and add the following line to the root element:
    <domain name="customAD" ensureAnonymousUser="false"/>
  7. Adding the Domain-Provider Mappings: Open web.config file and in <sitecore> section, browse to the <switchingProviders> element.
    • Add the following line to the <membership> group — the order is not important:
      <provider providerName="customAD" storeFullNames="false" wildcard="*" domains="customAD" /> 
    • Add the following line to the <roleManager> group — the order is not important:
      <provider providerName="customAD" storeFullNames="false" wildcard="*" domains="customAD" /> 
After you have configured the module, open Sitecore CMS, and log into the Sitecore Desktop as an administrator. Click Sitecore, Security Tools, Role Manager to open the Role Manager. You can see the roles from Active Directory along with the Sitecore CMS roles.
Any changes made in Sitecore CMS to the active directory users are done in LIVE mode. The changes are applied immediately to the real Active Directory objects. The only exception is user lock-out; in this case the users are locked out locally from Sitecore CMS and remain active in the Active Directory domain.
The Active Directory module also allows you to store the custom properties of a user profile in the attributes of the corresponding domain user object. Check official documentation of Active Directory Module in Sitecore SDN for advanced configuration like Single Sign On. This article is targeted for Sitecore 6.6-7.0 version.
You might get below error if you are using Sitecore MVC.

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: This method cannot be called during the application's pre-start initialization phase.

Solution: Add this in your web.config (in the appSettings section):

<add key="enableSimpleMembership" value="false"/>
<add key="autoFormsAuthentication" value="false"/>

0 comments :

Post a comment