- Oct 30, 2000
- 14,665
- 440
- 126
So I'm trying to setup User Profile Service Synchronization on my site using Active Directory. Right now I have a site set up for claims forms base authentication. If I use the connection string that accesses the System.Web.Security.ActiveDirectoryMembershipProvider DLL in the web config then it works. If I use the other DLL which is Microsoft.Office.Server.Security.LdapMembershipProvider as a connection string recommended off MSDN then the forms based authentication setup doesn't work. Or at least I can't figured out what the hell is wrong exactly with it. I'll post what those connection strings I'm trying in a moment are.
Anyhow, I have User Profile Service running with an account that has AD permissions to replicate changes. I go to setup a new connection for User Profile Service Synchronization to sync through the FBA connection I have set through the web config. From the drop down box on the setup new connection screen, I chance the Authentication Provider Type from Windows Authentication to Trusted Claims Provider Authentication.
When I do the drop down for the Authentication Provider Instance is changed to No Trusted Providers were found!
If I attempt to change the Authentication Provider Type to Forms Based Authentication then I get a Sharepoint Error page with nothing useful on it.
Here is the web.config code for the two forms based connection strings. The first one is the one that works.
That one works when I have it in the web config. In central admin for the website application I make sure to set the forms based authentication to use "admembers" for the ASP.NET Membership provider name in the authentication providers of the site.
This is the one off MSDN that I can not get to work though.
That one doesn't work. Not sure why but it doesn't. There are examples all over the net showing both ways. I've followed them all as best I can, but can't get the second way to work when I set it up as the connection for my forms based authentication to my active directory server.
Either way, it doesn't matter because the User Profile Service Synchronization won't recognize a Forms Based Authentication connection at all. I can setup a Windows Authentication connection for synchronization no problem. Just not the Forms Based Authentication connection.
Literally at my wit's end in trying to figure this out.
Anyhow, I have User Profile Service running with an account that has AD permissions to replicate changes. I go to setup a new connection for User Profile Service Synchronization to sync through the FBA connection I have set through the web config. From the drop down box on the setup new connection screen, I chance the Authentication Provider Type from Windows Authentication to Trusted Claims Provider Authentication.
When I do the drop down for the Authentication Provider Instance is changed to No Trusted Providers were found!
If I attempt to change the Authentication Provider Type to Forms Based Authentication then I get a Sharepoint Error page with nothing useful on it.
Here is the web.config code for the two forms based connection strings. The first one is the one that works.
Code:
<membership defaultProvider="i">
<providers>
<clear />
<add name="admembers"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="adconn"
connectionUsername="Domain\spadm"
connectionPassword="xxxxxx"
enableSearchMethods="true"
attributeMapUsername="sAMAccountName" />
<add name="i"
type= "Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
</providers>
</membership>
<connectionStrings>
<add name="adconn" connectionString="LDAP://DOMAIN.COM/DC=DOMAIN,DC=COM" />
</connectionStrings>
That one works when I have it in the web config. In central admin for the website application I make sure to set the forms based authentication to use "admembers" for the ASP.NET Membership provider name in the authentication providers of the site.
This is the one off MSDN that I can not get to work though.
Code:
<membership defaultProvider="i">
<providers>
<clear />
<add name="LDAPmembership"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="DOMAIN.COM"
port="389"
useSSL="false"
useDNAttribute="false"
userDNAttribute="distinguishedName"
userNameAttribute="sAMAccountName"
userContainer="OU=Users,DC=DOMAIN,DC=COM"
userObjectClass="person"
userFilter="(&(ObjectClass=*))"
scope="Subtree"
otherRequiredUserAttributes="sn,givenName,cn" />
<add name="i"
type= "Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
</providers>
</membership>
That one doesn't work. Not sure why but it doesn't. There are examples all over the net showing both ways. I've followed them all as best I can, but can't get the second way to work when I set it up as the connection for my forms based authentication to my active directory server.
Either way, it doesn't matter because the User Profile Service Synchronization won't recognize a Forms Based Authentication connection at all. I can setup a Windows Authentication connection for synchronization no problem. Just not the Forms Based Authentication connection.
Literally at my wit's end in trying to figure this out.