Sitecore Active Directory Module 1.3 setup guide

Recently I have installed Sitecore Active Directory Module 1.3 against Sitecore 8.2 update 3 – 170407 overall I got the integration fully working and I was happy with it…

I have performed the configuration on premise, but theoretically should work also in IAAS / PAAS approach assuming that you can perform the LDAP queries…

This is the list of the steps that I have performed to configure it

1) Download Sitecore Active Directory module 1.3

https://dev.sitecore.net/Downloads/Active_Directory/1_3/Active_Directory_1_3.aspx

2) Install Sitecore Module

Upload and install the sitecore package

3) Amend the Connection string Adding:

<add name="LDAP_CONN" connectionString="LDAP://DOMAINCONTROLLERNAME:389/OU=Sitecore,OU=Dev,OU=AppStreams,OU=PARENT,OU=PARENT,OU=Locations... DC=com" />

Note OU are used to filter within the Active directory forest… Generally you do not want to have all the AD users on Sitecore but just a subset preassigned to your forest (eg. IT & Marketing users).

Also note that you need to have a service user to perform LDAP queries, in this case

4) Add Domain in the domain.config

<domain name="DOMAIN" ensureAnonymousUser="false" />

5) Amend Sitecore Config

<membership>
<provider providerName="sql" storeFullNames="true" wildcard="%" domains="*" />
<provider providerName="ad" storeFullNames="false" wildcard="*" domains="DOMAIN" />
</membership>

<roleManager>
<provider providerName="sql" storeFullNames="true" wildcard="%" domains="*" ignoredUserDomains="" allowedUserDomains="" />
<provider providerName="ad" storeFullNames="false" wildcard="*" domains="DOMAIN" />
</roleManager>

6) Amend WebConfig

Amend all the switching providers appropriately

<add name="ad" type="LightLDAP.SitecoreADMembershipProvider" connectionStringName="LDAP_CONN" applicationName="sitecore" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" connectionProtection="Secure" connectionUsername="DOMAIN\sitecoredev" connectionPassword="XXXXX" attributeMapUsername="sAMAccountName" enableSearchMethods="true" enablePasswordReset="false" />

<add name="ad" type="LightLDAP.SitecoreADRoleProvider" connectionStringName="LDAP_CONN" applicationName="sitecore" attributeMapUsername="sAMAccountName" cacheSize="2MB" username="DOMAIN\sitecoredev" password="XXXX" />

note that you need to have a service user like SitecoreDev to perform LDAP queries…

7) Test it

now you can login as a Sitecore Admin and try to add domain users and set them as Administrator…

8) Bugfix to login with AD users… within Sitecore 8.2 Update 3 you need to install the following hotfix in order to be able to login…

https://kb.sitecore.net/articles/520134

From https://sitecore.app.box.com/s/31iyjczyqt5r59f4gtk6q65qmkloa7fh

Copy the file in the Bin

Update

<add name="switcher" type="Sitecore.Support.Security.SwitchingMembershipProvider, Sitecore.Support.139945" applicationName="sitecore" mappings="switchingProviders/membership" />

https://sitecoresysadmin.wordpress.com/2017/04/12/sitecore-how-to-fix-login-attempt-leads-to-application-crash-when-ad-module-1-3-is-used/comment-page-1/#comment-64 

9) Test it again to login to Sitecore shell with an active directory user selected as Admin…

Happy Sitecore!!!!