Authenticate to the CMS using Secure LDAP

Product: CMS

Version: CMS 10, 10.x, CMS 8, 8.x, CMS 9, 9.x

Published: October 9, 2013

Last updated: 1/30/2021

Comments:
0 Comments

Description

The Ingeniux CMS natively supports authentication via LDAP (Lightweight Directory Access Protocol). However, organizations that wish to authenticate using Secure LDAP (also known as LDAP over SSL) must deploy additional code for the authentication to work.

Requirements

  1. Administrative access to the Content Management Server (CMS).
  2. An LDAP server that supports secure LDAP
  3. Appropriate firewall rules to allow the CMS server to communicate with the LDAP server.

Step-by-Step

  1. Identify information needed to connect to the LDAP server. Typical information includes:
    1. Server name/IP (Example: ldap.customer.com)
    2. Search base (Example: ou=people,dc=customer,dc=com)
    3. Bind Account/Lookup Account credentials (if applicable)
    4. Port for Secure LDAP communication (636 by default)
  2. Download the following ZIP file: secure-LDAP-code (7KB).
  3. On your CMS Server, browse to the \xml\App_Code directory.
  4. In this location, back up the LDAPMembershipProvider.cs and LDAPDirectory.cs files.
  5. Unzip the files LDAPMembershipProvider.cs and LDAPDirectory.cs from the ZIP file to the \xml\App_Code directory, overwriting the existing files.
  6. Stop the CMS Application Pool within IIS Manager.
  7. Open \local-appsettings.config and make sure the userdomain value is blank. Save the file.
  8. Open \local-connection-strings.config and configure the connection string to your LDAP server and save the file.
    - Example: .
  9. Open \local-membership.config and modify the file to reflect the information below. Bold indicates values that may be different for your environment:

      

    connectionStringName="IGXLDAPConnectionString"
    bindUsername="ldapAccount"
    bindPassword="ldapAccountPassword"
    ldapFilter="(objectClass=*)"
    ldapUserAttribute="uid"
    connectionSecurity="Anonymous" />

  10. Restart the CMS Application Pool.      

Additional Information

If you are unable to authenticate successfully with the CMS after following the above steps (you recieve a red error message: "Invalid username or password. Please try again.), there are several troubleshooting steps you can take. 

  1. Download a Windows LDAP browser to your Content Management Server. Ingeniux recommends the free Softerra LDAP Browser.
  2. Using the software, replicate your connection information that you put in the CMS configuration files and see if you can bind sucessfully and get a list of users.
  3. If you cannot bind, note the error message that the software outputs. There may be a connection problem between the Content Management Server and the LDAP server, or the connection information may not be correct.
  4. If you can bind using the software, but you cannot authenticate with the CMS, there is a problem with your CMS authentication configuration. 
  5. Make sure you enter all connection information exactly as you did in your LDAP browser.
  6. Make sure you copied the files in secure-LDAP-code.zip as described in steps three and four above.
  7. Turn on trace logging to get additional error information:
    1. Open \web.config
    2. Search for the following line: 
    3. Change pageOutput and enabled to true so that the line looks like this: 
  8. Now, after logging into the CMS, additional error information should be shown, allowing for more specific troubleshooting. 

Support for native Secure LDAP authentication is expected to be added in a future release of the Ingeniux CMS.

 

Comments

There are no comments yet.