Setting up Forms Based Authentication for Active Directory
Part 1 – Settings
- The LDAP Path used for Active Directory
- The name to use for the AD Connection
- The name to use for the Membership Provider
The LDAP Path
The AD Connection
The Membership Provider
Part 2 – Setting up the Security Token Service
In addition, there MAY ALREADY be a <system.web> section - in this case, place the place the <membership defaultProvider="admembers"> entry just before the </system.web> tag after the last </membership> tag in the file.
Part 3 – Setting up Central Administration
NOTE: If other sites have different kinds of authentication (FBA, etc.), there MAY ALREADY be <connectionStrings> section - if so, ONLY add the <add name="adconn" INSIDE the section - for example:
NOTE: If other sites have different kinds of authentication, there may ALREADY BE providers listed in the <providers> section, if that is the case, you ONLY want to add the provider entry above the </providers> tag:
Be aware that the name indicated by the "defaultProvider" may be set - you should leave this 'as is' OR if 'admembers' will be the default, change it.
Depending on the setup, an error may redirect to the default SharePoint error page thus masking what the real issue may be. To properly ‘debug’ the issue it is necessary to enable debugging in SharePoint. In the SharePoint Hive (usually c:\program files\common files\microsoft shared\web server extensions\14, but the installation may be different), open that folder and locate and open the TEMPLATE folder then the LAYOUTS folder. In this folder, there is also a web.config file. Edit this file and locate the <customErrors tag and change the mode from “On” to “Off”: