Create a new AD LDS instance by AD LDS Setup Wizard.<\/p>\n
Connect to the new instance by ADSI Edit tool,then create account in the instance as shown in the following screenshot.<\/p>\n <\/p>\n Create a web application<\/strong><\/p>\n Go to Central Administration>Application Management<\/p>\n Click on Manage Web Applications<\/p>\n Click New<\/p>\n Slect Claims Based Authentication<\/p>\n Identity providers<\/p>\n Check the Enable Windows Authentication box or you won’t be able to crawl site<\/p>\n Check the Enable ASP.NET Membership and Role Provider check-box<\/p>\n In the Membership provider name edit box,type LdapMembership1<\/p>\n In the Role provider name edit box,type LdapRole1.<\/p>\n Create a new site collection<\/strong><\/p>\n Go to Central Administration>Application Management<\/p>\n Click Create site collections<\/p>\n Select the newly created web application<\/p>\n Fill in a name and select a template<\/p>\n Adjust the web.config of the Central Administration site<\/strong><\/p>\n Open the Central Administration site’s web.config file<\/p>\n Find the <system.web>entry<\/p>\n Past the following XML directly below it<\/p>\n <membership defaultProvider=”LdapMembership1″><\/p>\n <providers><\/p>\n <add name=” LdapMembership1″ type=”Microsoft.Office.Server.Security.LdapMembershipProvider,<\/p>\n Microsoft.Office.Server.UserProfiles, Version=14.0.0.0, Culture=neutral,<\/p>\n PublicKeyToken=71e9bce111e9429c”<\/p>\n server=”dc.BoostSolutions.com”<\/p>\n port=”389″<\/p>\n useSSL=”false”<\/p>\n userDNAttribute=”distinguishedName”<\/p>\n userNameAttribute=”cn”<\/p>\n userContainer=”CN=Users,CN=sharepoint,DC=boost,DC=COM”<\/p>\n userObjectClass=”user”<\/p>\n userFilter=”(ObjectClass=user)”<\/p>\n scope=”Subtree”<\/p>\n otherRequiredUserAttributes=”sn,givenname,cn” \/><\/p>\n <\/providers><\/p>\n <\/membership><\/p>\n <roleManager enabled=”true” defaultProvider=”AspNetWindowsTokenRoleProvider”><\/p>\n <providers><\/p>\n <add name=”LdapRole1″ type=”Microsoft.Office.Server.Security.LdapRoleProvider,<\/p>\n Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral,<\/p>\n PublicKeyToken=71e9bce111e9429c”<\/p>\n server=”dc.BoostSolutions.com”<\/p>\n port=”389″<\/p>\n useSSL=”false”<\/p>\n groupContainer=”CN=Users,CN=sharepoint,DC=boost,DC=COM”<\/p>\n groupNameAttribute=”cn”<\/p>\n groupNameAlternateSearchAttribute=”samAccountName”<\/p>\n groupMemberAttribute=”member”<\/p>\n userNameAttribute=”cn”<\/p>\n dnAttribute=”distinguishedName”<\/p>\n groupFilter=”(ObjectClass=group)”<\/p>\n userFilter=”(ObjectClass=person)”<\/p>\n scope=”Subtree” \/><\/p>\n <\/providers><\/p>\n <\/roleManager><\/p>\n Double check whether the <membership>and<rolemanager>entries only exist ones.Delete any double entries.<\/p>\n Paste the following XML below the <PeoplePickerWildcards>entry.<\/p>\n <clear \/><\/p>\n <add key=”AspNetSqlMembershipProvider” value=”%” \/><\/p>\n <add key=”LdapMemberShip1″ value=”*”\/><\/p>\n <add key=”LdapRole1″ value=”*”\/><\/p>\n Adjust the web.config of the claims based web application<\/strong><\/p>\n Open the claims based web application’s web.config file<\/p>\n Locate the <membership>entry<\/p>\n Past the following XML directly below the <providers>entry.<\/p>\n <add name=” LdapMembership1″ type=”Microsoft.Office.Server.Security.LdapMembershipProvider,<\/p>\n Microsoft.Office.Server.UserProfiles, Version=14.0.0.0, Culture=neutral,<\/p>\n PublicKeyToken=71e9bce111e9429c”<\/p>\n server=”dc.BoostSolutions.com”<\/p>\n port=”389″<\/p>\n useSSL=”false”<\/p>\n userDNAttribute=”distinguishedName”<\/p>\n userNameAttribute=”cn”<\/p>\n userContainer=”CN=Users,CN=sharepoint,DC=boost,DC=COM”<\/p>\n userObjectClass=”user”<\/p>\n userFilter=”(ObjectClass=user)”<\/p>\n scope=”Subtree”<\/p>\n otherRequiredUserAttributes=”sn,givenname,cn” \/><\/p>\n Locate the <roleManager>entry<\/p>\n Past the following XML directly below the <providers>entry.<\/p>\n <add name=”LdapRole1″ type=”Microsoft.Office.Server.Security.LdapRoleProvider,<\/p>\n Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral,<\/p>\n PublicKeyToken=71e9bce111e9429c”<\/p>\n server=”dc.BoostSolutions.com”<\/p>\n port=”389″<\/p>\n useSSL=”false”<\/p>\n groupContainer=”CN=Users,CN=sharepoint,DC=boost,DC=COM”<\/p>\n groupNameAttribute=”cn”<\/p>\n groupNameAlternateSearchAttribute=”samAccountName”<\/p>\n groupMemberAttribute=”member”<\/p>\n userNameAttribute=”cn”<\/p>\n dnAttribute=”distinguishedName”<\/p>\n groupFilter=”(ObjectClass=group)”<\/p>\n userFilter=”(ObjectClass=person)”<\/p>\n scope=”Subtree” \/><\/p>\n Past the following XML below the PeoplePickerWildcards entry<\/p>\n <clear \/><\/p>\n <add key=”AspNetSqlMembershipProvider” value=”%” \/><\/p>\n <add key=”LdapMemberShip1″ value=”*”\/><\/p>\n <add key=”LdapRole1″ value=”*”\/><\/p>\n Adjust the web.config of the Security Token Service(STS)virtual directory<\/strong><\/p>\n NB:If your environment is multiple servers,you will need to change the Security Token Service virtual directory on each server hosting either Central Administration or the claims based web application<\/strong><\/p>\n Open the Security Token Service (STS)virtual directory web.config file<\/p>\n Find the <system.web>entry<\/p>\n Add a <system.web> entry directory below it<\/p>\n Past the following XML directly below the <system.web> entry <\/strong><\/p>\n <membership defaultProvider=”LdapMembership1″><\/p>\n <providers><\/p>\n <add name=” LdapMembership1″ type=”Microsoft.Office.Server.Security.LdapMembershipProvider,<\/p>\n Microsoft.Office.Server.UserProfiles, Version=14.0.0.0, Culture=neutral,<\/p>\n PublicKeyToken=71e9bce111e9429c”<\/p>\n server=”dc.BoostSolutions.com”<\/p>\n port=”389″<\/p>\n useSSL=”false”<\/p>\n userDNAttribute=”distinguishedName”<\/p>\n userNameAttribute=”cn”<\/p>\n userContainer=”CN=Users,CN=sharepoint,DC=boost,DC=COM”<\/p>\n userObjectClass=”user”<\/p>\n userFilter=”(ObjectClass=user)”<\/p>\n scope=”Subtree”<\/p>\n otherRequiredUserAttributes=”sn,givenname,cn” \/><\/p>\n <\/providers><\/p>\n <\/membership><\/p>\n <roleManager enabled=”true” defaultProvider=”AspNetWindowsTokenRoleProvider”><\/p>\n <providers><\/p>\n <add name=”LdapRole1″ type=”Microsoft.Office.Server.Security.LdapRoleProvider,<\/p>\n Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral,<\/p>\n PublicKeyToken=71e9bce111e9429c”<\/p>\n server=”dc.BoostSolutions.com”<\/p>\n port=”389″<\/p>\n useSSL=”false”<\/p>\n groupContainer=”CN=Users,CN=sharepoint,DC=boost,DC=COM”<\/p>\n groupNameAttribute=”cn”<\/p>\n groupNameAlternateSearchAttribute=”samAccountName”<\/p>\n groupMemberAttribute=”member”<\/p>\n userNameAttribute=”cn”<\/p>\n dnAttribute=”distinguishedName”<\/p>\n groupFilter=”(ObjectClass=group)”<\/p>\n userFilter=”(ObjectClass=person)”<\/p>\n scope=”Subtree” \/><\/p>\n <\/providers><\/p>\n <\/roleManager><\/p>\n Add a <\/system.web>entry directly below it<\/p>\n Add a user policy to the web application<\/strong><\/p>\n Go to Central administration>Application Management<\/p>\n Click on Management Web Applications<\/p>\n Select the claims based web application<\/p>\n Click on User Policy<\/p>\n Click on the Add Users link<\/p>\n Click Next button<\/p>\n Click the Address Book icon.<\/p>\n Type in the NT login or account name and click the search button.if it’s working correctly you should see at least two entries for the Account-one is for the user’s Active Directory account,and one is for that same account but which was found using LDAP provider.<\/p>\n Select the account in the User section and click the Add button<\/p>\n Click the OK button<\/p>\n Check the Full Control checkbox,then click the Finish button.<\/p>\n You can browser to the web application and log in using forms based authentication.<\/p>\n![\"\"](\"http:\/\/www.BoostSolutions.com\/blog\/wp-content\/uploads\/2011\/06\/rocky1.jpg\")
<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n