Active Directory module provides the integration of Active Directory domain with the Sitecore solution.We can integrate the domain users and groups available into Sitecore CMS as Sitecore users and Sitecore roles.
As part of this blog we will be using Active Directory Module 1.3 which runs on Sitecore 8.2, the complete list of modules can be checked here- https://dev.sitecore.net/Downloads/Active_Directory.aspx
Download AD Module 1.3 from here- https://dev.sitecore.net/Downloads/Active_Directory/1_3/Active_Directory_1_3.aspx
Once Module Installation is completed, here are the next steps i followed:
Modifying Config files:
Connectionstring.config
In connectionstring.config file, add a new connectionstring which has AD details , in the following screenshot it’s just a test OU name, but you will be replacing this with real OU, you can also apply filters for OU, so that you are exposing only those groups which are expected and required to be a part of Sitecore, like Admin,IT, Sales and etc.
Domains.xml.config
Open Domains.config.xml and add a new domain to it, file can be found here- App_Config->Security->Domains.xml.config
Web.config– MembershipProvider
Add new membership provider.
<add name=”ad” type=”LightLDAP.SitecoreADMembershipProvider” connectionStringName=”LDAPConnString”
applicationName=”sitecore” minRequiredPasswordLength=”1″ minRequiredNonalphanumericCharacters=”0″
requiresQuestionAndAnswer=”false” requiresUniqueEmail=”false” connectionUsername=”username”
connectionPassword=”password” connectionProtection=”Secure” attributeMapUsername=”sAMAccountName”
enableSearchMethods=”true” />
Web.config– RoleProvider
Add new role provider.
<add name=”ad” type=”LightLDAP.SitecoreADRoleProvider” connectionStringName=”LDAPConnString” applicationName=”sitecore” <add name=”ad” type=”LightLDAP.SitecoreADRoleProvider” connectionStringName=”LDAPConnString” applicationName=”sitecore” username=”username” password=”password” attributeMapUsername=”sAMAccountName” cacheSize=”50MB” />
Web.config– ProfileProvider– (Optional)
Note: We need to have an AD user to perform LDAP queries, else you won’t be able to connect to your AD Instance, the same username and password will be set to membership and role provider.
Activating Switching providers:
In web.config file,in <system.web> section, browse for <membership> element and find the provider called sitecore and set its realProviderName attribute to switcher.
In web.config file, in <system.web> section, browse for <roleManager> element find the provider inside called sitecore and set its realProviderName attribute to switcher.
Adding the Domain-Provider Mappings:
This will be done in sitecore.config
Now, we are done with all basic configuration(s) which are required to be added and configure in order to start using Active Directory Module, go ahead and test it.
Login to Sitecore using admin, and you should be able to see users and roles from AD instance, from this point you can give add AD users to CMS roles, once this is done, please try to login using AD user.
When i was working on this, i tried to login using AD user, and got this error.
Sitecore has provided hot fix for this, and upon applying the fix, i was able to login to Sitecore using AD credentials.
https://kb.sitecore.net/articles/520134
After applying the patch, try to load Sitecore again and you should be all set now.
Hope this helps somebody.
I am working on integrating this module with Sitecore Paas (Azure), and will share the findings with the community soon.
Happy learning 🙂
Ankit Joshi's Sitecore Blog 