Configuring LDAP integration for Content Manager
To use LDAP with Content Manager, configure the Content Manager Web sites and Web applications to authenticate against the LDAP server. Note that you can optimize the performance of this basic LDAP setup.
Procedure
- On your Content Manager server machine, click the Server Manager button in the taskbar.
The Server Manager window opens.
- Do one of the following:
- On a Windows 2008 R2 machine, select Roles > Web Server (IIS) > Internet Information Services (IIS) Manager.
- On a Windows 2012 machine, select Tools > Internet Information Services (IIS) Manager.
- In the IIS tree, open the node representing this machine, and select Sites, then select the SDL Tridion Web site.
- Double-click the Authentication icon on the right and change the settings that appear as follows:
- Select the Anonymous Authentication row and click Enable in the Actions area on the right.
- Select each of the other rows in turn and for each row, click Disable in the Actions area on the right. (If necessary, you could choose to keep Digest Authentication and Forms Authentication enabled.)
- Close Server Manager.
- Open %TRIDION_HOME%\web\web.config for editing. The file contains comments indicating what to do to configure the site for LDAP integration. Do the following:
- In the system.webServer/modules section, uncomment the following line:
<add name="LdapAuthenticationHttpModule" type="Tridion.Security.Web.LdapAuthenticationHttpModule, Tridion.Security, Version=7.1.0.52, Culture=neutral, PublicKeyToken=ddfc895746e5ee6b" /> - Uncomment the
behaviorssection undersystem.serviceModel. - Save and close this web.config file.
- In the system.webServer/modules section, uncomment the following line:
- Open %TRIDION_HOME%\web\WebUI\WebRoot\web.config for editing and do the following:
- In the
system.serviceModel/bindings/webHttpBindingsection, find thebindingsection with itsnameattribute set toTridion.Web.UI.ContentManager.WebServices.WebHttpBindingConfigand set theclientCredentialTypeattribute of thetransportelement to the valueNonerather than the default valueWindows. - In the
system.serviceModel/behaviors/serviceBehaviorssection, find thebehaviorsection with itsnameattribute set toTridion.Web.UI.ContentManager.WebServices.DeveloperBehavior. In this section, find a commented-out section namedserviceAuthorizationand remove the comment delimiters:<serviceAuthorization principalPermissionMode="Custom"> <authorizationPolicies> <add policyType="Tridion.Web.ServiceModel.HttpIdentityPolicy, Tridion.Web.ServiceModel"/> <add policyType="Tridion.Web.ServiceModel.HttpPrincipalPolicy, Tridion.Web.ServiceModel"/> </authorizationPolicies> </serviceAuthorization> - Save and close web.config file.
- In the
- Open %TRIDION_HOME%\webservices\web.config for editing, which contains comments indicating what to do to configure the Core Service for LDAP integration, and do the following:
- In the
<system.serviceModel>section, confirm the presence of aserviceHostingEnvironmentelement with anaspNetCompatibilityEnabledattribute set totrue. - In the
system.serviceModel/bindings/basicHttpBindingsection, find the twobindingsections, one with itsnameattribute set toCoreService_basicHttpBindingand another one with itsnameattribute set toStreamDownload_basicHttpBinding. In each section, set theclientCredentialTypeattribute of thetransportelement to the valueNonerather than the default valueWindows. - In the
system.serviceModel/bindings/wsHttpBindingsection, in thebindingsection with itsnameattribute set toCoreService_wsHttpBinding, set themodeattribute of the child elementsecurityto the valueTransportWithMessageCredential, notMessage. Inside thissecurityelement, set theclientCredentialTypeattribute of themessageelement to the valueUserName, notWindows. - Locate the
behaviors/serviceBehaviorssection, and inside thebehaviorelement with itsnameattribute set toTridion.ContentManager.ServiceHost.IISHost.CoreServiceBehavior, uncomment the following element:<serviceCredentials type="Tridion.Security.IdentityModel.LdapSecurityTokenCredentials, Tridion.Security, Version=7.1.0.52, Culture=neutral, PublicKeyToken=ddfc895746e5ee6b"> <userNameAuthentication customUserNamePasswordValidatorType="Tridion.Security.IdentityModel.LdapUserNamePasswordValidator, Tridion.Security, Version=7.1.0.52, Culture=neutral, PublicKeyToken=ddfc895746e5ee6b" userNamePasswordValidationMode="Custom" /> </serviceCredentials> - Save and close this web.config file.
- In the
- Restart IIS.
Results
You have configured LDAP integration in IIS.