Hi all,
I'm trying to get alerts working for our extranet users, which are stored in AD LDS. Alerts work fine when I add a user explicitly to a List's ACL instead of using the LDAP group (role) the user is a member of. I've narrowed it down to the fact that the Timer service is not aware of the role provider I've set up, as per this article:
http://msdn.microsoft.com/en-us/library/bb977430.aspx
Thus the timer service thinks the user doesn't have access to the list, and should not receive an alert for the list - i.e. security trimming.
The article is for the SQL role provider though, not LDAP, so I think my syntax is wrong somewhere. This is what I configured:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <configuration> <system.web> <membership defaultProvider="ADAMMembership"> <providers> <add name="ADAMMembership" type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="mysrv01" port="50000" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="cn" userContainer="CN=Users,CN=SharePoint,DC=mydomain,DC=local" userObjectClass="user" userFilter="(ObjectClass=user)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" /> </providers> </membership> <roleManager defaultProvider="LdapRole" enabled="true" cacheRolesInCookie="true" cookieName=".PeopleDCRole"> <providers> <add name="LdapRole" type="Microsoft.Office.Server.Security.LDAPRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="mysrv01" port="50000" useSSL="false" groupContainer="CN=Users,CN=SharePoint,DC=mydomain,DC=local" groupNameAttribute="cn" groupMemberAttribute="member" userNameAttribute="cn" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" scope="Subtree"/> </providers> </roleManager> <authentication mode="Forms"> <forms loginUrl="/_layouts/login.aspx" /> </authentication> <identity impersonate="true" /> <globalization fileEncoding="utf-8" /> </system.web> </configuration>
I've restarted the timer service after adding the file to the \bin folder. Any ideas?
thanks
Ray