Say, you have Domino up and running in your organisation and your looking into deploying Sharepoint 2007. Wouldn't it be nice if you could make use of the user accounts created in your Domino directory for authentication in Sharepoint ?
Well, you can, and it's even not that difficult. If found this post written by Liam Cleary and modified the things a bit to focus on Domino.
First, make sure you have the LDAP task running on your Domino server. Pretty straightforward, if it's not running, just type
LOAD LDAP
on your server console.
Then log in into your sharepoint server as an administrator and locate the web.config file for your administration server. On my server it was located in
c:\Inetpub\wwwroot\wss\VirtualDirectories\32675
The last part of the path is the port on which your administration server is listening and might differ for your specific installation.
Edit the web.config fil and locate the line saying
<machineKey validationKey="632BB5DBD219C1CCC41E4B91EEAED7D4F078727EDABEEBDA" decryptionKey="F703ACB5FE87B1B17F4DD8D6D519857F3B3C6EE4DA6C95A3" validation="SHA1" />
Add after that line this xml snippet:
<membership defaultProvider="LDAPMember"><providers><add name="LDAPMember" type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="localhost" port="389" useSSL="false" userDNAttribute="uid" userNameAttribute="uid" userContainer="*" userObjectClass="person" userFilter="(ObjectClass=person)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" /></providers></membership>
<roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".PeopleDCRole"><providers><add name="LDAPRole" type="Microsoft.Office.Server.Security.LDAPRoleProvider,
Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="localhost" port="389" useSSL="false" groupContainer="*" groupNameAttribute="cn" groupMemberAttribute="member" userNameAttribute="uid" dnAttribute="fullname" groupFilter="(ObjectClass=dominogroup)" scope="Subtree" /></providers></roleManager>
Notice that in the xml code above there are two references to the LDAP/Domino server (I marked them blue), in my case localhost. Make sure you change those to your servername.
After you did that, locate the web.config file for your current sharepoint application (the one that listens on port 80). It's probably located in
c:\Inetpub\wwwroot\wss\VirtualDirectories\80
And add the same lines at the same location as you did for the first web.config file.
We are almost there, please stick with me for a bit more.
Open your Central Adminstration site and navigate to
Application Management > Authentication Providers
On the top right of the list you can switch to your current sharepoint site (the one listening on port 80).
Click on the 'Default' zone to edit it. You will get a form to complete.
Change Authentication Type to: Forms
The form reloads and a few additional fields appear.
Enter "LDAPMember" in the Membership provider name field (if you changed the name in the web.config use that name here. It should be identical to the name used in the config file)
Enter LDAPRole in the Role Manager name field.
Disable Client Integration (it doesn't work well when you use Forms based authentication).
Click save.
We are almost done now. Now in order for you to have access using your new accounts to you main website, you will have to grant some users access rights.
You can do that by navigating to
Central Administration > Application Management > Policy for Web Applications
Now click 'Add Users'. Make sure you select your 'default' sharepoint application listening on port 80 again. Then pick a zone (I picked 'default') and click next.
Add a Domino shortname (for instance yours) in the Users field and click the little icon to check the user names. If everything went well, your username should become black underlined. Assign the appropriate permissions, and click 'finish'
You are all done. Navigate to your main site and you should see a form to log in, enter your Domino shortname, your Domino password and you should log in.