Documentation Center

Configuring LDAP security

If you have configured the Content Manager so that it can access LDAP directories, you can add users from an LDAP compliant directory service.

Before you begin

The information in this section assumes that you have already set up impersonation users and LDAP is already configured and working. For more information on LDAP configuration, see the implementor's documentation portal.

Archive Manager Explorer does not support:
  • LDAP used in combination with the Business Connector.
  • The importing membership to User Groups from LDAP.

Procedure

  1. Open Internet Information Services (IIS) Manager.
  2. Go to the SDL Archive Manager Explorer Web application and open the Web.Config file located in the root folder in a text editor.
  3. In the <tridionConfigSections> section, enable the following line and specify the full path to your Tridion.ContentManager.config file:
    <add filePath="C:\Program Files (x86)\Tridion\config\Tridion.ContentManager.config" />
  4. In the <system.web><httpModules> section, enable the following line:
    <add name="LdapAuthenticationHttpModule" type="Tridion.Security.Web.LdapAuthenticationHttpModule,  Tridion.Security, Version=6.1.0.25, Culture=neutral, PublicKeyToken=ddfc895746e5ee6b" />
  5. Only if you use IIS 7.5, in the <system.webServer><Modules> section, enable the following line:
    <add name="LdapAuthenticationHttpModule" type="Tridion.Security.Web.LdapAuthenticationHttpModule,  Tridion.Security, Version=6.1.0.25, Culture=neutral, PublicKeyToken=ddfc895746e5ee6b" />
  6. In the <appSettings> section, set the authorization.method value:
    • to CoreService to use Content Manager authorization for users in Content Manager and LDAP:
      <add key="authorization.method" value="CoreService"/>
    • to None to use LDAP authorization for users in LDAP only:
      <add key="authorization.method" value="None"/>
  7. In the <appSettings> section of your In the Web.Config file, locate the following line and specify the TCM URI of your Archive Manager User Group in the value field. For example:
    <add key="security.group.uri" value="tcm:0-24-65568"/>
  8. Save and close Web.Config.
  9. In IIS, make sure the SDL Archive Manager Explorer application pool Identity is set to Network Service (the default).
  10. Configure IIS security settings:
    1. Select the SDL Archive Manager Explorer Web site and double-click the Authentication icon on the right.
    2. Select the Anonymous Authentication row and click Enable in the Actions area on the right.
    3. Select each of the other rows in turn and for each row, click Disable in the Actions area on the right. (If necessary, you could choose to keep Digest Authentication and Forms Authentication enabled.)
  11. Close IIS.