Connecting Sitecore with an LDAP Server is pretty easy with Sitecore’s Active Directory Module. Setting up the module is not hard, but if you follow the official documentation you’ll end up updating a lot of your Web.config file, which may be a problem for several reasons:
- You can easily lose track on your customizations;
- Upgrading Sitecore for a newer version may become harder;
- During development you may be forced to turn your LDAP module off, basically undoing the setup of your providers, which is not straight-forward.
After facing these issues a couple times I decided to look for a better approach.
Biggest limitation is by far the need to update your Web.config, as the changes are not in the Sitecore portion and thus cannot be automatically patched by files in your /App_Config/Include folder. Best you can do is to create patches with the configurations, then include them at the Web.config.
Step by step
- Add the LDAP connection settings to your ConnectionStrings.config:
<add name=”ManagersConnString” connectionString=”LDAP://yourldapserver.com:389/DC=your,DC=domain” />
- At your Web.config, find your <system.web> section and comment out your <membership>, <roleManager> and <profile> nodes – these will be all replaced by includes;
- At the same level you commented out, add a <machineKey> node as covered at the official documentation:
<machineKey validationKey=”BDDFE367CD36AAA81E195761BEFB073839549FF7B8E34E42C0DEA4600851B0065856B211719ADEFC76F3F3A556BC61A5FC8C9F28F958CB1D3BD8EF9518143DB6″ decryptionKey=”0DAC68D020B8193DF0FCEE1BAF7A07B4B0D40DCD3E5BA90D” validation=”SHA1″ />
- Still at this level let’s add three includes for Membership, RoleManager and Profile providers:
<!– Includes –>
<membership configSource=”App_Config\AD\Membership.config” />
<roleManager configSource=”App_Config\AD\RoleManager.config” />
<profile configSource=”App_Config\AD\Profile.config” />
- As well as the three includes for disabling the module. We let it commented for now, which makes the module enabled:
<membership configSource=”App_Config\AD\Membership_Disabled.config” />
<roleManager configSource=”App_Config\AD\RoleManager_Disabled.config” />
<profile configSource=”App_Config\AD\Profile_Disabled.config” />
- You have also to add your mapped domain(s) to App_Config\Security\Domains.config:
<domain name=”ad” ensureAnonymousUser=”false”/>
- Now create a folder called “AD” at App_Config and drop the six config files that are zipped at this link:
– AD-configs – Don’t forget to review all files (except the “_Disabled.config” that stores the native Sitecore configurations) to make sure you username, password and domains are corretly set!
Now when you want to turn the module off you just have to comment out the lines from #4 and uncomment #5 – pretty easy.