MOSS 2007 and Novell LDAP Authentication

Issues and Limitations

1 Authentication Method = 1 Web Application

Each authentication method requires its own web application. This means if you wish to share the same content but allow different authentication, you need to extend the existing application as we did. This isn't exactly a limitation as it keeps things simple, but you need to keep an eye on which ports have which authentication methods.

Client Integration Problems

The biggest limitation is the client integration experience. Although you can tick the checkbox to Enable client integration, there is a warning message on the page indicating you may face problems.

I ran into a problem using SharePoint Designer after I enabled LDAP on the farm. At first the Designer couldn't even find the SharePoint site, and eventually it started complaining about authentication. The resolution was to point it at the NTLM-authentication address because it had no chance of getting into the LDAP one.

Another, more serious example of this problem is when LDAP-authenticated users try to create new content from the SharePoint portal. Here's an example of what I see when I try to create a new document from a document library while I'm logged in to the LDAP-authentication port:

Your users can create the documents on their own and then upload them, but they will then have to manually edit the document to change any metadata. Hopefully this will be fixed in a service pack.

Conclusion

I didn't want to end this article talking about issues and limitations, because the truth is SharePoint has a great deal of flexibility when it comes to authentication, and this will only get better. The use of the Provider Model is a wonderful decision because third party vendors can provide authentication providers for SharePoint, and you can even write your own against a documented standard. An added bonus is that all .NET 2.0 + applications you have can also use these providers. Even better, software like IIS 7 will support them as well. So the bad old days of multiple authentication silos are on the wane.

If you have any questions or comments about the content of this article, please feel free to contact me at nick@griffonsolutions.com. I'll try to keep it up-to-date as I learn new things or get good advice from the SharePoint community.

In the meantime, best of luck with your SharePoint deployments!

About the Author

Nick Kellett is a former alumni of the SetFocus Master’s Program Java Track, with over a decade of Java and .NET development experience in New York, London, Ottawa, and Sydney. He has been working with SharePoint since the Office 12 TAP program and is currently contracting in Australia. Nick has delivered over a dozen successful SharePoint 2007 projects for government and private-sector clients. Technical deliverables for these projects include managing low-bandwidth content replication, creating Business Data Catalogue schemas, architecting site and farm topologies, designing master pages, and developing workflow processes.

Nick's Blog: Planet Moss, at http://planetmoss.blogspot.com
Nick's LinkedIn profile at http://www.linkedin.com/in/nicholaskellett

Page 1 | Page 2 | Page 3