Sunday, March 29, 2009

The Code Factory - A Hangout for Ottawa Startups

I’ve started renting shared workspace at the Code Factory, a “collaborative co-working space” at 246 Queen street in downtown Ottawa. I’ve purchased about 40 hours of time so far. I can use meeting rooms, internet, coffee machines, lending libraries, and even some entertainment in the form of a foosball table and a Wii.

 P1010484 P1010480 P1010481 P1010482 P1010483

The owner, Ian Graham, calls himself a “Management Consultant and Entrepreneurial Catalyst”. He’s very enthusiastic about the startup scene in Ottawa, and definitely wants to help act an incubator and organizer of it.

It’s a neat place to hang out and meet entrepreneurs. There’s at once an informal and exciting vibe, and every time I’ve been there I’m come back amped up. Although I mostly work out of a home office it’s worth it to rent a bit of space because I like the chance to meet people, and I’m learning a lot about what’s going on in Ottawa and especially in the startup community.

It’s great to see such a place in Ottawa, which has tons of IT knowledge and has done for many decades…The Ottawa high tech scene actually has some very deep roots, due to the presence of government research and development agencies, a highly educated workforce, a strong telecommunications sector, and (more recently) some major hardware and software firms such as Nortel, Cognos, and Corel, which generated a lot of spinoffs. To prove the point, there’s a neat family tree on the wall showing the genesis of Ottawa-Gatineau startups and their sources (government, research, telecom, and so on).


View Larger Map

Thursday, March 26, 2009

LDAP Authentication – More Tips

After posting about why LDAP authentication for intranets are a bad idea, I received some more emails with some tips I thought I would share.

Although most people commented that they would try to take the approach of synchronizing their e-Directory identity store to a slave Active Directory, a few were in the unfortunate position of having to implement LDAP anyway.

So if you fall into that camp, here are a few more approaches that might help you. As always your mileage might vary:

Wen He posted some great advice on modifying the People Picker for LDAP Membership providers. This is a pretty common problem – even if the profiles are importing successfully, the people picker may not show them. So here’s the quick code to do this:

you will need to add a key specifying the LDAP Membership “LDAPMember” to the <PeoplePickerWildcards> section into the web.config for the web application and Central Admin as shown:

<PeoplePickerWildcards>

<clear />

<add key="AspNetSqlMembershipProvider" value="%" />

<add key="LDAPMember" value="*" />

</PeoplePickerWildcards>

The line with the key="LDAPMember" and the value value="*" that explicitly specify a wildcard enables PeoplePicker to be able to search for People and Groups by enumerating users from LDAP directory. You know that if you don’t add this line, the PeoplePicker will look only for an exact match on the user ID.

Wen He goes on to describe user and group filtering against LDAP in SharePoint. It’s a great post, highly descriptive and comprehensive.

I also received an email from Krzysztof Wolski – after setting up LDAP and trying to log in he was having problems with “Unknown Error” (one of my all-time favourite exception messages ever!):

We have to use LDAP authentication because this
is an official requirement of our client.
I've solved the problem with "Unknown error" - I've changed the default user
for Application pool and set the identity information in web.config for 81
web application to :
<identity impersonate="true" userName="WIN2003\#USER#" password="#PASS#" />
We've used the same user for Application pool and impersonation.

Krzysztof also mentions one other potential gotcha that occurs if your e-Directory store is set to not allow anonymous authentication. He solved it this way:

We've successfully installed Sharepoint with LDAP Authentication.
One more thing we've added to the LdapMembershipProvider in web.config:
    <membership>
      <providers>
        <add server="#IP#" port="389" useSSL="false" useDNAttribute="false"
userDNAttribute="cn" userNameAttribute="cn"
                userContainer="o=MyCompany" userObjectClass="user"
userFilter="(&amp;(ObjectClass=inetOrgPerson))" scope="Subtree"
                otherRequiredUserAttributes="sn,givenName,cn"
name="LdapMembership"
type="Microsoft.Office.Server.Security.LDAPMembershipProvider,
Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral,
PublicKeyToken=71E9BCE111E9429C"
                connectionUsername="#USERNAME#"
                connectionPassword="#PASSWORD#" />
      </providers>
    </membership>
eDirectory configuration in our case was configured to not allow anonymous
access.

Thanks Krzysztof for the great tips!

I hope this information helps those of you doing LDAP integration – but even more I hope you don’t have to do this in the first place :)