SharePoint Notes

Bleeding on the cutting edge …

SharePoint Extranet Solutions with ISA Server 2006 – Part 6: Configuring ISA to use LDAP

Posted by Christian Dam on April 16, 2008

OK, let’s turn our attention to the ISA Server configurations again. It’s time to configure the LDAP connectivity! 

Create Connectivity Verifier
To test and verify the LDAP connection to the Active Directory in the DMZ, a Connectivity verifier can be created:

  1. In the ISA Server Management Console navigate to Array -> <Instance> -> Monitoring
  2. Select the Connectivity Verifiers tab
  3. On the right pane click Create New Connectivity Verifier
  4. Name the Verifier and click Next
  5. Enter the IP address or server name of the LDAP Server
  6. In Group type used to categorize the connectivity verifier select Active Directory
  7. Verify the Establish a TCP connection to port is set to LDAP and click Next
  8. Click Finish and Apply

The connectivity is now being verified and the Result should evaluate to Good in a few seconds. The status is also being propagated to the Dashboard view

Add LDAP Server

  1. In the ISA Server Management Console navigate to Array -> <Instance> -> Configuration -> General
  2. Click Specify RADIUS and LDAP Servers
  3. Select the LDAP Servers Tab
  4. Click Add
  5. Name the LDAP Set and click Add
  6. Enter Server name, Server description and Time-out and click OK. The Server name must either be an IP address or a name that is resolvable in DNS
  7. Enter the fully-qualified domain name (e.g. dmzad.local) and clear the option to Use Global Catalog
  8. Enter the User name and Password of the user account that is used to lookup users in the DMZ Active Directory Domain
  9. Click OK
  10. Back on the Authentication Servers page, click New
  11. Enter the Login expression and LDAP server set. The Login expression is the string that the users enters when they authenticate, is it usually in the form of a Active Directory login or an email address, for example:
    Since we configured the MOSS LDAP connection the way we did, use *@dmzad.local
  12. It is possible to create several login expressions for the same LDAP server set if you want to allow for more flexibility
  13. Click OK
  14. Click Close
  15. Finally, Apply the changes



Sorry, the comment form is closed at this time.

%d bloggers like this: