Configuring LDAP settings

Windows Active Directory is a directory service created by Microsoft. Active Directory uses a number of standardized protocols to provide a variety of network service, including LDAP. LDAP is Lightweight Directory Access Protocol for accessing directories over an IP network.

You configure LDAP settings in the following way:

  1. In the main menu, click Administration » Settings.
    The Basic Settings page appears.
  2. Click Advanced link.
    The Settings page appears.
  3. Expand Security node in the left of the page.
  4. Click LDAP Settings » LDAP Connections.
    A list of all configured connections appears. You can edit an existing connection by clicking it or you can create a new connection by clicking Create new button.
  5. Configure the following properties:

    Name  The name of the connection is used for distinguishing LDAP connections in Sitefinity.
    ServerName Enter the name of the server where LDAP is hosted.
    Port Enter the LDAP server port.
    The default post is 389.
    ConnectionDomain Enter the domain of the LDAP server.
    ConnectionUsername Enter the username for logging to the LDAP server.
    ConnectionPassword Enter the password for logging to the LDAP server.
    UseSsl Indicates whether the connection use SSL or not
    ResultCacheExpirationTime Enter the seconds, for which the system caches the LDAP server response results. 
    MaxReturnedUsers Enter the maximum number of users that is returned on one request to the LDAP. This number is used for internal paging of results, in order to avoid overconsumption of memory and slow retrieval of big chunks of data.
    UserDns Enter the base/root distinguished name (DN) for the users.
    UserFilter Enter the filter that is applied when requesting users from the LDAP. You must use the standard LDAP query syntax.
    MaxReturnedRoles Enter the maximum number of roles that is returned on one request to the LDAP. This number is used for internal paging of results, in order to avoid overconsumption of memory  and slow retrieval of big chunks of data.
    RolesDNs Enter the base/root distinguished name (DN) for the roles.
    RolesFilter Enter the filter applied when requesting users from the LDAP. You must use the standard LDAP query syntax.
    ConnectWithLogOnCredentials Indicates whether to use current user credentials or those entered above. If you select this checkbox, the LDAP is connected and browsed with the credentials that the user provides on logging into Sitefinity backend and you do not have to enter user and password into the LDAP configuration.
    AuthenticationType

    Enter the type of authentication.

    The default type is Negotiate, which indicates that Microsoft Negotiate authentication is used on the connection.

  6. When you are finished with the configurations, click Save changes.
  7. To select which is the default LDAP connection to be used, click LDAP Settings and enter the name of the connection in DefaultLdapConnection input field and click Save changes button.

    EXAMPLE: The following screenshot shows an example of an LDAP configuration:

  8. After configuring the LDAP settings on the Settings page, perform the following:
    1. Click Security » Membership Providers » LdapUsers.
      Select Enabled checkbox and click Save changes.
    2. Click Security » Role Providers » LdapRoles.
      Select Enabled checkbox and click Save changes.
  9. Restart the application.

RECOMMENDATION: We recommend that you set the maximum query string in the requesting filtering configuration to 7200. This is useful if you are going to setup SSO with LDAP membership provider, because the default length is 2048 bytes and query strings longer than this are rejected and return HTTP error.
To do this, open the web.config file and under <system.webServer> node, insert the following:

<security>
      <requestFiltering>
        <requestLimits maxQueryString="7200" />
      </requestFiltering>
    </security>

Additional information about LDAP

LDAP is based on X.500 specification and specified in Directory service (RFC1777). It stores attribute based data and is more often used to read than to write to the directory. There are no transactions and no rollback.
LDAP has a hierarchical data structure. Directory entries are in a tree-like structure called Directory Information Tree (DIT). The following screenshot displays a sample DIT:

LDAP uses the following attribute abbreviations:

uid User ID 
cn
Common Name 
sn
Surname 
l
Location 
ou
Organizational Unit
o
Organization 
dc
Domain Component 
st
State
c
Country 

Search filters

The following table lists the meaning of operators used in search filters:

Symbol
Meaning
&
AND
|
OR
!
NOT
~=
Approximately equal
>=
Greater than or equal
<=
Less than or equal
*
any

EXAMPLE: The following are examples of search filters:

  • (objectclass=posixAccount)
  • (cn=Mickey M*)
  • (|(uid=fred)(uid=bill))
  • (&(|(uid=jack)(uid=jill))(objectclass=posixAccount))

Next steps

+1-888-365-2779
sales@sitefinity.com

Related topics:

Feedback

How useful is this article?

Tell us more

Submit
Your message was successfully sent.

We appreciate your feedback.

Your message could not be sent.

OK