您的位置:首页 > 其它

如何配置一个使用UPN登录的站点

2014-12-11 14:56 477 查看
首先需要配置一个form based认证站点,具体方法可以参考微软的文章点击打开链接

有了站点之后,需要在AD中配置UPN,具体方法如下:

1. 启动“Active Directory Domains and Trust”,右击根节点,选择properties:



2.添加一个UPN后缀:



以上在AD中添加UPN的操作也可以用C#代码实现:

DirectoryEntry partitionsContainer = new DirectoryEntry("LDAP://CN=Partitions,CN=Configuration,DC=ForestRootDomain,DC=com");
partitionsContainer["upnSuffixes"].Add("demo.com");
partitionsContainer.CommitChanges();


添加UPN之后,在AD 用户的属性中,就可以看到对应的UPN了:



可以使用powershell批量更新AD用户的UPN:

foreach ($user in get-user)
{
write-host handling user $user.samaccountname -nonewline
[string]$samacc = $user.samaccountname
[string]$upn = "$samacc@demo.com"
if ($user.userprincipalname -eq $upn){
write-host " UPNOK: $upn" -background green -foreground black
}
else {
write-host " UPNFIX:$upn" -backgroundcolor yellow
set-user -identity $samacc -userprincipalname $upn
}
}


当用户有了UPN,最后的步骤就是修改站点的web.config文件了。这里需要修改三个web.config文件,也就是配置claim based认证站点的时候修改过的三个web.config文件:

1. 管理中心的web.config

2. 启用claim based认证的web applicaiton的web.config

3. SecurityTokenServiceApplicaiton的web.config

将这三个文件中的membership与rolemanager节点中的userNameAttribute的值改为“userPrincipalName” (配置文件以SharePoint 2010为例):

<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="membership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="servername" port="389" useSSL="false" userDNAttribute="displayName" userNameAttribute="userPrincipalName" userContainer="OU=MyOU,OU=Company,DC=demo,DC=com" userObjectClass="person" userFilter="(&(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="roleManager" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="servername" port="389" UseSSL="false" groupContainer="OU=MyOU,OU=Company,DC=demo,DC=com" groupNameAttribute="cn" groupNameAlternateSearchAttribute="samAccountName" groupMemberAttribute="member" userNameAttribute="userPrincipalName" dnAttribute="distinguishedName" groupFilter="(&(ObjectClass=group))" userFilter="(&(ObjectClass=person))" scope="Subtree" />
</providers>
</roleManager>
然后就可以使用UPN来登录SharePoint站点了。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航