Microsoft Developer Network >
SharePoint Products and Technologies Forums
>
SharePoint - Setup, Upgrade, Administration and Operation
>
Does MOSS roleManager work with Sun Java dynamic groups?
Does MOSS roleManager work with Sun Java dynamic groups?
- 0We are trying to interface to an LDAP server that seems to be a combo of Open LDAP and Sun Java System directory server (formerly SunOne and/or iPlanet) to do LDAP authentication for forms based authentication (FBA). We got the SharePoint membership provider to work, and we got the role provider to validate group names. However, we cannot get any combination of Web.config entries to handle group membership. The directory we are hitting uses both static (groupMemberAttribute=uniqueMember) and dynamic (groupMemberAttribute=memberURL) groups, but we only need the dynamic groups. Is the SharePoint LDAP role manager even capable of handling LDAP dynamic groups? The only example I've seen anywhere refers only to static groups:
http://msdn.microsoft.com/en-us/library/bb977430.aspx#MOSSFBAPart3_UsingLDAPProvider
This is our environment:LDAP schema snippet and sample entries o=zzz ou=yyy ou=xxx ou=People cn=user.name uid user.name xxxaccounttype AA cn user.name sn name givenName user objectClass top objectClass person objectClass organizationalPerson objectClass inetOrgPerson objectClass xxxperson ou=Groups cn=Full memberURL ldap:///ou=People,ou=xxx,ou=yyy,o=zzz,c=US??sub?(&(objectclass=xxxPerson)(xxxaccounttype=AA)) memberURL ldap:///ou=People,ou=xxx,ou=yyy,o=zzz,c=US??sub?(&(objectclass=xxxPerson)(xxxaccounttype=AR)) memberURL ldap:///ou=People,ou=xxx,ou=yyy,o=zzz,c=US??sub?(&(objectclass=xxxPerson)(xxxaccounttype=RE)) memberURL ldap:///ou=People,ou=xxx,ou=yyy,o=zzz,c=US??sub?(&(objectclass=xxxPerson)(xxxaccounttype=DA)) memberURL ldap:///ou=People,ou=xxx,ou=yyy,o=zzz,c=US??sub?(&(objectclass=xxxPerson)(xxxaccounttype=DR)) memberURL ldap:///ou=People,ou=xxx,ou=yyy,o=zzz,c=US??sub?(&(objectclass=xxxPerson)(xxxaccounttype=NG)) memberURL ldap:///ou=People,ou=xxx,ou=yyy,o=zzz,c=US??sub?(&(objectclass=xxxPerson)(xxxaccounttype=EA)) cn Full objectClass top objectClass groupofuniquenames objectClass groupofurls cn=AA Group cn AA Group objectClass top objectClass groupofuniquenames objectClass groupofurls memberURL ldap:///ou=People,ou=xxx,ou=yyy,o=zzz,c=US??sub?(&(objectclass=xxxPerson)(xxxaccounttype=AA)) cn=RO Group uniqueMember cn=user1.name,ou=People,ou=xxx,ou=yyy,o=zzz,c=US uniqueMember cn=user2.name,ou=People,ou=xxx,ou=yyy,o=zzz,c=US uniqueMember cn=user3.name,ou=People,ou=xxx,ou=yyy,o=zzz,c=US cn RO Group objectClass top objectClass groupOfUniqueNames Extended Web app Web.config snippet <membership defaultProvider="LDAP"> <providers> <add name="LDAP" type="Microsoft.Office.Server.Security.LDAPMembershipProvider,Microsoft.Office.Server,Version=12.0.0.0,Culture=neutral,PublicKeyToken=71E9BCE111E9429C" server="directory.xxx" port="636" useSSL="true" useDNAttribute="false" userDNAttribute="distinguishedName" userNameAttribute="cn" userContainer="ou=people,ou=xxx,ou=yyy,o=zzz,c=us" userObjectClass="person" userFilter="(ObjectClass=person)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" connectionUsername="cn=xxx.moss,ou=xxx administrators,ou=xxx,ou=yyy,o=zzz,c=us" connectionPassword="qqqqqq" logTrace="false" /> </providers> </membership> <roleManager defaultProvider="LDAPGroups" enabled="true" cacheRolesInCookie="true" cookieName=".PeopleDCRole"> <providers> <add name="LDAPGroups" type="Microsoft.Office.Server.Security.LDAPRoleProvider,Microsoft.Office.Server, Version=12.0.0.0,Culture=neutral,PublicKeyToken=71E9BCE111E9429C" server="directory.xxx" port="636" useSSL="true" groupContainer="ou=groups,ou=xxx,ou=yyy,o=zzz,c=us" userNameAttribute="cn" useUserDNAttribute="false" userFilter="(objectClass=person)" groupNameAttribute="cn" dnAttribute="" scope="Subtree" connectionUsername="cn=xxx.moss,ou=xxx administrators,ou=xxx,ou=yyy,o=zzz,c=us" connectionPassword="qqqqqq" /> </providers> </roleManager>
All Replies
- 0
I have a similar issue described here:
LDAP - Role manager problem
Did you solve your problem?
/k3larra - 0k3lara,
I've had a case open with Premier Support now for several months. So far, they have looked and escalated. You look like you are trying to leverage static groups, which has a better chance of working. At least some of the examples on Technet bear a resemblance to your scenario.
Try this: http://msdn.microsoft.com/en-us/library/bb977430.aspx#MOSSFBAPart3_UsingLDAPProvider
Regards,
ET- Proposed As Answer byTimCE Wednesday, January 07, 2009 1:57 AM
- Unproposed As Answer byMike Walsh MVPMVP, ModeratorWednesday, February 18, 2009 4:39 AM
- 0Have you extended the schema on your ldap? We had the same problem and pinpointed that it was caused by a incorrect extension of the schema.
- 0
Please try the configuration I just posted.
http://social.msdn.microsoft.com/Forums/en-US/sharepointdevelopment/thread/0e877951-0b11-4e12-8c65-1d3fe4aec64f/
I also added community content to the article posted above.I waited 3 weeks with MS support trying to get an answer. I finally spent some time and figured it out on my own.
RobertRFreeman - 0ETweedy
Have you found a solution on how to get SharePoint to work with Dynamic groups?
