DFS 8.0.2 - Active Directory Module Guide

Owned by Mathias Mattson (MHM)
Mar 14, 2017


1 Installation

The installation the following steps have been done.

  • Install Sitecore
  • Install DAM for Sitecore 8 and configure it.
  • Install Sitecore Active Directory Module and configure it.

The DAM for Sitecore 8 Active Directory module is distributed as a usual Sitecore package. You can install it using the installation Wizard.

2 Configuration

Once DAM for Sitecore 8 and Sitecore Active Directory Module have been configured, the membership providers in the web.config file may look as below.

<membership defaultProvider="sitecore" hashAlgorithmType="SHA1">
<providers>
<clear />
<add name="sitecore" type="Sitecore.Security.SitecoreMembershipProvider, Sitecore.Kernel" realProviderName="DefaultDigizuiteMembershipProvider" providerWildcard="%" raiseEvents="true" />
<add name="sql" type="System.Web.Security.SqlMembershipProvider" connectionStringName="core" applicationName="sitecore" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="256" />
<add name="switcher" type="Sitecore.Security.SwitchingMembershipProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/membership" />
<add name="ad" type="LightLDAP.SitecoreADMembershipProvider" connectionStringName="UsersConnString" applicationName="sitecore" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" connectionUsername="dfs\[USERNAME]" connectionPassword="[PASSWORD]" connectionProtection="Secure" attributeMapUsername="sAMAccountName" enableSearchMethods="true" />
<add name="DefaultDigizuiteMembershipProvider" type="DFS.Digizuite.Security.DefaultDigizuiteMembershipProvider, DFS.Digizuite"
applicationName="sitecore" realProviderName="sql" providerWildcard="%" raiseEvents="true" baseAddress="DFS.AssetSiloSettings.Default.BaseAddress"
userFolderId="30000"/>
</providers>
</membership>

A membership provider called "DefaultDigizuiteMembershipProvider" is added and configured as the realProviderName for "sitecore" provider.

A membership provider called "ad" is added for Sitecore AD module.

To configure DAM for Sitecore 8 Active Directory Module, make the following changes to the above membership providers.

  • Set the realProviderName attribute of "sitecore" provider to "switcher".
  • Set the type attribute of "ad" provider to "DFS.Digizuite.LDAP.DefaultDigizuiteADMembershipProvider".

Since the "switcher" provider is enabled, the switchingProviders section in file App_Config/Sitecore.config should look similar as below.

<switchingProviders>
 <membership>
 <provider providerName="DefaultDigizuiteMembershipProvider" storeFullNames="true" wildcard="%" domains="*" />
 <provider providerName="ad" storeFullNames="false" wildcard="*" domains="dfs" />
 </membership>
 <roleManager>
 <provider providerName="DefaultDigizuiteRoleProvider" storeFullNames="true" wildcard="%" domains="*" ignoredUserDomains="" allowedUserDomains="" />
 <provider providerName="ad" storeFullNames="false" wildcard="*" domains="dfs" />
 </roleManager>
 <profile>
 <provider providerName="sql" storeFullNames="true" wildcard="%" domains="*" ignoredDomains="" />
 </profile>
 </switchingProviders>

3 Best practices

DAM for Sitecore v8.0 only supports the synchronization of Sitecore domain users between Sitecore and DAM. To set the correct roles for your AD users in Sitecore, you can use indirect membership (role in role).

For example:

  • In Active Directory: User AD1 is a member of AD group DFS\Sitecore Admin.
  • In DAM: User DFS\AD1 is a member of Sitecore\Digizuite DAM for Sitecore Administrator group.
  • In Sitecore: Assign DFS\Sitecore Admins role as a member of Sitecore\Digizuite DAM for Sitecore Administrator role.

In the above example, user DFS\AD1 and all users who are DFS\Sitecore Admin members will have the access permission as Sitecore\Digizuite DAM for Sitecore Administrator in Sitecore.