Things you should look out for the AD configurations would be below:

  • If organization unit is correctly set up or not?
  • If the LDAP settings
  • Domain controller should be accessible from the servers where the sitecore site is hosted
  • Users workstation must be a member of the appropriate domain.
  • Keep handy the username and password for the LDAP user to use to connect to LDAP.
  • Discuss how many concurrent users can login to the SC as SC content author at same time.
  • Refer how to register for multiple domains if needed.
  • Once users are configured remember to share the correct URLs to login for AD and regular SC CAs. Since it is different for both.
  • Make sure to check the logging if ran into issues.Follow the sitecore AD integration PDF document’s section 4.5 onward for any SSO login issues.
  • Remember that you will need to check in or include the below files since you have changed those from the default settings.
    • web.config
    • sitecore.config
    • IIS settings update on the LDAPLogin.aspx page under IISSite/sitecore/admin folder
    • LDAP.xml
    • ConnectionStrings.config
    • Domains.config file under the app_config/security folder
    • LDAP.config under app_config/include folder
  • Also when you install the SC AD package you will be adding below files to the solution/website folder so those must be present on the site to work correctly. This files are added from this package so make sure it is installed properly on the CM site and published after install.
    • /bin/LightLDAP.dll (the main assembly of the module).
    • /bin/LightLDAPClient.dll (the client assembly of the module).
    • /App_Config/Include/ldap.config (the pluggable configuration file of the module).
    • /sitecore/admin/LDAPLogin.aspx (the login page for the Single Sign-On feature).
    • /sitecore/admin/ProviderStatus.aspx (the statistics page of the provider status).
  • Minimum properties of AD objects
    • The AD user must have the following obligatory properties:
      • securityIdentifier
      • userPrincipalName
      • sAMAccountName
      • comment
      • whenCreated
      • mail
      • pwdLastSet
      • UserAccountControl,
      • msDSUserAccountControlComputed
      • cn,
      • DN,
      • objectCategory,
      • objectClass
      • isdeleted,
      • lastknownparent,
      • lockoutTime,
      • primaryGroupID,
      • pwdLastSet,
      • tokenGroups,
      • usnchanged,
      • usncreated
    • The AD group must have the following obligatory properties:
      • sAMAccountName
      • cn,
      • primaryGroupToken,
      • whenCreated,
      • usncreated,
      • usnchanged
  • Any changes made in Sitecore CMS to the active directory users are done in LIVE mode. The changes are applied immediately to the real Active Directory objects. The only exception is user lock-out; in this case the users are locked out locally from Sitecore CMS and remain active in the Active Directory domain.
  • The Active Directory module also allows you to store the custom properties of a user profile in the attributes of the corresponding domain user object. Check official documentation of Active Directory Module in Sitecore SDN for advanced configuration like Single Sign On. This article is targeted for Sitecore 6.6-7.0 version.
  • You might get below error if you are using Sitecore MVC.

    Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.Parser Error Message: This method cannot be called during the application’s pre-start initialization phase.

    Solution: Add this in your web.config (in the appSettings section):

    <add key=”enableSimpleMembership” value=”false”/>
    <add key=”autoFormsAuthentication” value=”false”/>

 

Advertisements