登录
 
Microsoft 开发人员网络 > 论坛主页 > SharePoint - Development and Programming > LdapRoleProvider GetRolesForUser bug?
提出问题提出问题
搜索论坛:
 

已答复LdapRoleProvider GetRolesForUser bug?

  • 2009年1月13日 20:14RobertRFreeman 用户奖牌用户奖牌用户奖牌用户奖牌用户奖牌
     
    登录进行投票
    0
    登录进行投票
    I have configured the standard LDAPRoleProvider to access a Sun Java SunOne LDAP according to the following document:
    http://msdn.microsoft.com/en-us/library/bb977430.aspx#MOSSFBAPart3_UsingLDAPProvider )

    I am able to login via the membership provider and select roles from the role provider.  The problem is that it does not recognize which users are in the LDAP groups.  I coded a usercontrol to output the role provider's GetUsersInRole, IsUserInRole, and GetRolesForUser methods.  The GetUsersInRole works successfully (listing the test users), but the latter methods return false and 0 results respectively.  Has anyone successfully used the LdapRoleProvider?

    Any help would be greatly appreciated.

    Thank you,
    Robert Freeman
    RobertRFreeman
     

答案

  • 2009年2月18日 2:29RobertRFreeman 用户奖牌用户奖牌用户奖牌用户奖牌用户奖牌
     已答复
    登录进行投票
    0
    登录进行投票
    I found a solution to this issue and posted it in the community content on the source article above.
    I will post it here as well:

    Using LDAPRoleProvider with Sun Java Directory Server       

    When configuring Sun Java Directory Server LDAPRoleProvider, the userContainer is also required if the uniqueMember attribute contains the full DN.

    This would be the correct config section (Same as above with the userContainer):

    <roleManager defaultProvider="myorgGroup" enabled="true" cacheRolesInCookie="false" cookieName=".PeopleDCRole" >
    <providers>
    <add
    name="myorgGroup"
    type="Microsoft.Office.Server.Security.LDAPRoleProvider,
    Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral,
    PublicKeyToken=71E9BCE111E9429C"
    server="SunDirectoryServer.myorg.net"
    port="389"
    useSSL="false"
    groupContainer="ou=groups,o=myorg,c=us"
    groupNameAttribute="cn"
    groupMemberAttribute="uniqueMember"
    userContainer="ou=people,o=myorg,c=us"
    userNameAttribute="uid"
    dnAttribute="entryDN"
    groupFilter="(ObjectClass=groupofuniquenames)"
    scope="Subtree"
    />
    </providers>
    </roleManager>

     

    Debugging Ldap Configuration       
    When debugging your ldap configuration section, here are 2 must-have (free) tools:
    1. Softerra Ldap Browser (http://www.softerra.com/download.htm)
      1. Will allow you to easily browse the LDAP structure and test filter and baseDN settings
    2. Microsoft Network Monitor (http://www.microsoft.com/downloads/details.aspx?FamilyID=f4db40af-1e08-4a21-a26b-ec2f4dc4190d&DisplayLang=en)
      1. Used to monitor the ldap calls to and from sharePoint.
      2. Configure the monitor on your SharePoint server as follows (Swap out LdapServerIP)
      3. Don't forget to apply each filter before clicking run

    Capture Filter:
    // Show only LDAP frames
    TCP.Port == 389 or UDP.Port == 389
    and
    IPV4.DestinationAddress == LdapServerIP
    or
    IPV4.SourceAddress == LdapServerIP
    and
    TCP.Port == 389 or UDP.Port == 389


    Display Filter:
    //LDAP
    LDAP
    RobertRFreeman
     

全部回复

  • 2009年2月18日 2:29RobertRFreeman 用户奖牌用户奖牌用户奖牌用户奖牌用户奖牌
     已答复
    登录进行投票
    0
    登录进行投票
    I found a solution to this issue and posted it in the community content on the source article above.
    I will post it here as well:

    Using LDAPRoleProvider with Sun Java Directory Server       

    When configuring Sun Java Directory Server LDAPRoleProvider, the userContainer is also required if the uniqueMember attribute contains the full DN.

    This would be the correct config section (Same as above with the userContainer):

    <roleManager defaultProvider="myorgGroup" enabled="true" cacheRolesInCookie="false" cookieName=".PeopleDCRole" >
    <providers>
    <add
    name="myorgGroup"
    type="Microsoft.Office.Server.Security.LDAPRoleProvider,
    Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral,
    PublicKeyToken=71E9BCE111E9429C"
    server="SunDirectoryServer.myorg.net"
    port="389"
    useSSL="false"
    groupContainer="ou=groups,o=myorg,c=us"
    groupNameAttribute="cn"
    groupMemberAttribute="uniqueMember"
    userContainer="ou=people,o=myorg,c=us"
    userNameAttribute="uid"
    dnAttribute="entryDN"
    groupFilter="(ObjectClass=groupofuniquenames)"
    scope="Subtree"
    />
    </providers>
    </roleManager>

     

    Debugging Ldap Configuration       
    When debugging your ldap configuration section, here are 2 must-have (free) tools:
    1. Softerra Ldap Browser (http://www.softerra.com/download.htm)
      1. Will allow you to easily browse the LDAP structure and test filter and baseDN settings
    2. Microsoft Network Monitor (http://www.microsoft.com/downloads/details.aspx?FamilyID=f4db40af-1e08-4a21-a26b-ec2f4dc4190d&DisplayLang=en)
      1. Used to monitor the ldap calls to and from sharePoint.
      2. Configure the monitor on your SharePoint server as follows (Swap out LdapServerIP)
      3. Don't forget to apply each filter before clicking run

    Capture Filter:
    // Show only LDAP frames
    TCP.Port == 389 or UDP.Port == 389
    and
    IPV4.DestinationAddress == LdapServerIP
    or
    IPV4.SourceAddress == LdapServerIP
    and
    TCP.Port == 389 or UDP.Port == 389


    Display Filter:
    //LDAP
    LDAP
    RobertRFreeman
     
  • 2009年2月18日 2:40RobertRFreeman 用户奖牌用户奖牌用户奖牌用户奖牌用户奖牌
     
    登录进行投票
    0
    登录进行投票
     Here are some details on the issue:

    The group LDAP query filter without the userContainer would look like this:
    (uid=sharepttest)

    With the userContainer the correct filter is:
    (&(ObjectClass=groupofuniquenames)(uniqueMember=uid=sharepttest,ou=people,o=myorg,c=us))


    Note that the prior filter has 2 issues. 
    1. It does not mention the uniqueMember attribute.
    2. It does not include the fully qualified DN

    Hope this helps someone else. :)

    RobertRFreeman