Steps:
- Web Application was created with Claims Authentication using Windows NTLM Authentication
- FBA (Forms Based Authentication) was enabled post app creation
Was able to set up Forms Authentication for userContainer="OU=Students,DC=internal,DC=college,DC=edu"
However
userContainer="OU=Faculty and Staff,DC=internal,DC=college,DC=edu"
did not work.
Ideally, users in both OUs would be authenticated, so we tried: userContainer="CN=Domain Users,CN=Users,DC=internal,DC=college,DC=edu"
and that did not work.
To rule out an issue with binding to spaces, we tried userContainer="CN=Users,DC=internal,DC=college,DC=edu", that did not work either.
The test student account was able to login when userContainer was set to Students OU. Not sure why it wouldn't work when UserContainer is set to Users group.
Is there something that needs to change when using group instead of OU? and is there something to accommodate spaces in LDAP string? Space needs to be escaped by \ only if trailing or leading and using single or double quote around it did not work (tried both the character and HTML character.)
Thank you very much for your help!
Edit: Space is no longer an issue with OU name--it works. However, still cannot get group DN in usercontainer to work. Users that are part of an AD group and authorized via that group cannot login to SharePoint FBA if groupcontainer is DC=internal,DC=college,DC=edu or OU=Group Management,DC=internal,DC=college,DC=edu. Group Management is OU with most of our groups.
