Friday, June 15, 2007

I've been struggling to implement Open LDAP Authentication. I've posted a technical article about it how to do it here. Today I ran into some more technical issues around it: the big one as mentioned is client integration but there is also an issue around web permissions.

I created a master page that had a variety of images, uploaded into a SharePoint portal's Style Library. This was done on the default port 80, which had Windows Authentication. When extending this app to allow LDAP Authentication, I had a problem: the image and css references in the master page all resolved to the new port number, and didn't show up, because they didn't exist in the SharePoint database for that application.

SharePoint Designer couldn't access the new LDAP site because of the client integration issue, so I couldn't upload the images and css to it.

As a workaround, I tried to hardcode the references to point to the port 80 worked for some of my user accounts but not for others.

Finally I had to create a completely non-SharePoint site in IIS, make it anonymous authentication, stick all the images and css in there, and reference that site from the Master Page. Not pretty, but it worked.

The moral of the story: SharePoint and Forms-Based Authentication is PAINFUL.


  1. Why didn't you just upload the images to the TEMPLATE\IMAGES folder and reference them that way? Would that have worked?

  2. That's an excellent question. I did try to centralize the images in SharePoint, but the problem I was running into was IIS not being able to authenticate the requests due to the fact I was using LDAP authenticated accounts and it expected valid Windows credentials before it served up the pictures. Turning Anonymous User authentication on in IIS did work, but I didn't want to enable that for the SharePoint portal, I just needed a fix to get the images working. So the next best (least worst?) option was to enable Anonymous Authentication for a completely separate, non-SharePoint website, which works but adds a small maintenance burden.


Note: only a member of this blog may post a comment.