SharePoint Notes

Bleeding on the cutting edge …

SharePoint Extranet Solutions with ISA Server 2006 – Part 7: Creating LDAP User Sets

Posted by Christian Dam on April 16, 2008


The last thing we need before we can create the SharePoint Publishing rules, are two ISA User Sets. ISA Server user sets are used to segment internal and external users into groups that the ISA Server uses when granting or denying access.

It is assumed that the following groups are created and populated with appropriate users:

  • External Extranet Users exists in the DMZ Active Directory
  • Internal Extranet Users exists in the corporate domain

Creating a User Set for External users

  1. In the ISA Server Management Console navigate to Array -> <instance> -> Firewall Policy
  2. On the right pane select Toolbox and then Users. Select New to create a new user set
  3. Name the set and click Next
  4. Select Add -> LDAP
  5. Select the LDAP server set from the drop-down box. If a server set is not available, create one as described part 6
  6. In Specified group or user enter the External Extranet Users group created for External Access and click OK
  7. Enter credentials to the LDAP Server and click OK
  8. Verify the group is added to the list and click Next
  9. Click Finish and Apply

Creating a User Set for Internal users

  1. In the ISA Server Management Console navigate to Array -> <instance> -> Firewall Policy
  2. On the right pane select Toolbox and then Users. Select New to create a new user set
  3. Name the set and click Next
  4. Select Add -> Windows users and groups
  5. Click Locations…
  6. Expand Entire Directory and select the corporate domain. Click OK
  7. In the Enter the object names to select text box, enter Internal Extranet Users and click Check Names. Verify the group name is underlines and click OK
  8. Verify the group is added to the list and click Next. Note the group name is listed as a GUID and not the actual user name. Click Next
  9. Click Finish and Apply
Advertisements

Sorry, the comment form is closed at this time.

 
%d bloggers like this: