This feature is available starting from version 4.11.
For on-premise installations, Appspace Intranet offers the possibility to connect to the local Active Directory via LDAP protocol, instead of the default mechanism (Active Directory .NET API). This alternative configuration is totally optional and it is suggested when there are particular conditions in the Active Directory configuration that cause errors consuming it from the Intranet. If no errors are detected, please do not apply this configuration. In any case, please contact Appspace Support before proceeding.
In version 4.11, this configuration is available in WSP installations.
In version 4.12, it is available also in On-prem Add-in installations.
Prerequisites
SharePoint Secure Store Service instance associated with the SharePoint site collection where Appspace Intranet is deployed.
Configuration for WSP installations
- In the SharePoint Central Administration, open the Service Applications section.
- Find the Secure Store Application and click on it to open the application management.
- Create a new Secure Store Application. The target application ID “BeezyLDAPConnection” is mandatory.
- Setup the following application fields (respect the order and the field types):
- Set the application administrators and complete the application setup.
- Set the LDAP credentials associated with the account under the Web Application IIS application pool where the Appspace Intranet site collections run.
- Restart the farm servers.
Configuration for On-prem Add-in installations
- Locate web.config file.
- Edit it and add a new section configuration inside the configuration/configSections node:
<configuration> <configSections> <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" /> <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile [...] <section name="BeezyLDAPConnection" type="Beezy.App.Web.WebConfig.BeezyLDAPConnection, Beezy.App.Web" requirePermission="false" /> </configSections> <log4net configSource="log4net.config" /> [...]NoteThe section node has to be on the same line. - Add the new section with LDAP credentials just below the connectionStrings section:
<log4net configSource="log4net.config" /> <connectionStrings> <!-- Local --> <add name="BeezyDB" connectionString="SERVER=SPDATABASE;Integrated security=SSPI;database=beezy;Application Name=Beezy;" providerName="System.Data.SqlClient" /> </connectionStrings> <BeezyLDAPConnection> <add key="LDAPConnection" value="[ldap server]" /> <add key="LDAPPath" value="[ldap path]" /> <add key="LDAPUserName" value="[directory reader]" /> <add key="LDAPPassword" value="[password]" /> </BeezyLDAPConnection> <system.web> <compilation targetFramework="4.7.2" /> [...] - Please put all these credentials in plain text, in the next section we will proceed to encrypt them.
Encryption of LDAP credentials
Prerequisite: .NET CLI https://learn.microsoft.com/en-us/dotnet/core/tools/
- Locate dotnet.exe. Usually located in C:\Windows\Microsoft.NET\Framework\v4.0.30319 (version may vary)
- Copy Beezy.App.Web.dll to dotnet.exe directory. This DLL is located inside the bin directory of the Beezy Web application.
- Open PowerShell from dotnet.exe directory and with admin privileges, and execute:
To encrypt:
aspnet_regiis.exe -pef "BeezyLDAPConnection" "[web.config path]"
To decrypt:
aspnet_regiis.exe -pdf "BeezyLDAPConnection" "[web.config path]"
Notedotnet.exe directory could be added to the PATH environment variable, and [web.config path] is the absolute path of the web.config file run. - Check the BeezyLDAPConnection section in the web.config file. Now the credentials should be encrypted.