LDAP

High Level iWeb Configuration

Use the information in this topic as a reference for high-level configuration of the iWeb interface. For more information, contact your Abila representative.

Enable Forms Authentication

  1. Enable Web.Config Settings and configure LDAP settings, including the list of groups allowed to access the site.
  2. If the group setting is empty, all users who authenticate to the LDAP will be allowed in.

  3. Web.Config should have settings to do the following:
    1. Enable Forms Authentication for iWeb.
    2. Enable Anonymous Access for the Login Form, the image on the login form (images/login.jpg), and TestConnection.aspx (heartbeat page.)
    3. Disable a setting on the FormsAuthentication Module (iWeb app -> Modules -> Edit FormsAuthentication -> Uncheck the checkbox.)
    4. Set cookie name – see xvi.1 for additional information.

LDAP Configuration

Please see Forms Based Authentication for more information.

Relevant Web.Config Settings

LDAPConfig

This setting is found under the <configuration> section in the iweb/web.config file.

  • The LDAP URLs of the directory services is specified in this section.
  • You can have more than one LDAP configured.
  • The first listed LDAP is the default.

    Only one LDAP is queried per login attempt based on the Doman specified by the user.

  • In the example configuration below, the default domain is “av”, so specifying “av\” with the login name is optional.

    For example when the user logs in to the CORP domain he/she must specify the domain on the login page. e.g. “CORP\username” (without quotes). If the user is logging into the AV domain, he/she can successfully log in by either typing “av\username” or simply “username”.

  • To connect to a directory service over a secure LDAP, simply specify the port in the URL; for example, “LDAP://av.com:636”.
<LDAPconfig>
       <LDAP url="LDAP://av.com" />
       <LDAP url="LDAP://corp.avectra.com" />
       <LDAP url="LDAP://avhost.ld" />
</LDAPconfig>

Note: The following settings are found under the <appsettings> section in the iweb/web.config file.

HostingAllowedSuffixes

This setting specifies the AD groups that are allowed access to the NetForum iWeb site. This option cannot be empty. Only those security groups specified in the system option can access NetForum.

When the user attempts to login, NetForum performs an LDAP lookup for the user's account in the Directory. If the user is found, NetForum looks up the security Groups of which the user is a member. If any of the security Groups match the list of groups specified in the HostingAllowedSuffixes, then the user is successfully authenticated and allowed into iWeb.

HostingAutoCreateSuffix

NetForum automatically creates a NetForum user record for the Authenticated user as long as the user is a member of the specified domains in this setting.

HostingDefaultGroups

NetForum automatically adds the newly created user to the list of comma-separated NetForum groups specified in this setting.

Examples

    <add key="HostingAllowedSuffixes" value="RDUsers_AVCTR,serveradmins@avctr,R&D Enterpise"/>
    <add key="HostingAutoUserCreateSuffix" value="avhost,corp"/>
    <add key="HostingDefaultGroups" value="netFORUMUser"/>

HostingAutoCreateGroupDomainMappings

This setting was introduced in NetForum 2014 to give the administrator more granular control over the automatic user creation process. In the following example ,any user in the Everyone group can login to NetForum and they will be added to the netFORUMUser security group. While anyone in the R&D developers AD group, will be added to the AvectraAdmin and AvectraDev groups.

<HostingAutoCreateGroupDomainMappings>
    <add key="R&D Developers" value="AvectraAdmin,AvectraDev" />
    <add key="Everyone" value="netForumUser" />
</HostingAutoCreateGroupDomainMappings>