Commerce Server User Profile - Active Directory Integration
Commerce server profile can be extended to store some of profile information in Active Directory or in any other data store. Normally user's information like Username, Password, and Address etc will be stored in Active Directory. Whenever a user is created using commerce server profile API, an active AD user will also get created. Normally password information about the user will be stored in SQL Server. If we are storing both Username and Password in AD following points need to be noted.
- Active Directory stores user password in an encrypted way and it never exposes the password to the external applications.
- Commerce Server Profile API's or UpmMembership provider of commerce can validate user credentials, only when password information is stored in SQL Server.
- If we store password also in AD, Commerce Server does not authenticate the user. ValidateUser of the membership provider will not return true for correct credentials also. The reason is due to the fact explained in point 1. AD never exposes password.
- If we store password in AD, we need to do Active Directory LDAP queries to check the user credential details. Using ActiveDirectoryMembership provider will be a cleaner approach. LDAP queries will be taken care by the provider.
Points to be remembered while creating Active Directory Data Source
- 389 port should be used to connect to AD.
- cn= Users should be the parent URL
- Domain name can be specified in Domain Name text box
List of User DataMembers to be mapped against Data Object
AD Data Member |
Description |
cn |
Logon Name (Primary and Dual Key) |
sAMAccountName |
Logon Name |
userPrincipalName |
Logon Name |
uniCodePwd |
Password |
givenName |
First Name |
sn |
Last Name |
userAccountControl |
To make the account active. Always set 101 as the value to enable the account in Active Directory. To make the account In-Active set the property to 546. |