Checkbox 5 supports integration with one or more Active Directory (AD) domains and makes use of the .NET ActiveDirectoryMembership provider to do this. When AD integration is enabled, Active Directory users will be able to login to Checkbox using their AD credentials. Additionally, AD users will appear in the Checkbox User Manager to allow roles and profile property values to be configured for these users.
Please note that some issues with AD integration were corrected with the very latest version of Checkbox. If your version was downloaded before October 19, 2011, please download the latest version of Checkbox and update your installation.
To enable AD integration, you will need to make the following changes to the Checkbox web.config file:
1. Configure Active Directory Connection String
In the <connectionStrings /> section of the web.config, locate the Active Directory connection string. Change the connection string attribute so that it looks like the following (Replace the values for [DOMAIN CONTROLLER], [DOMAIN], and [TLD] that are appropriate for your environment):
<add name="ADConnectionString1" connectionString="LDAP://[DOMAIN CONTROLLER]/DC=[DOMAIN],DC=[TLD]" />
Important Note: Not all Active Directory connection strings are created equally!
Ask your Active Directory Administrator for the appropriate connection string if you aren't sure.
2. Change Default Membership Provider
Locate the <membership /> section of the web.config around line 198 of the web.config and change the default provider from "CheckboxMembershipProvider" to "ChainingMembershipProvider".
<membership defaultProvider="ChainingMembershipProvider" userIsOnlineTimeWindow="20">
3. Enable "Chaining Membership Provider"
Near line 205 of the web.config, remove the comment delimiters around the provider definition. Be sure to remove the end comment (-->) as well. The provider definition should look like:
<add name="ChainingMembershipProvider" type="Checkbox.Web.Providers.ChainingMembershipProvider,Checkbox.Web.Providers" chainedProviders="CheckboxMembershipProvider,ActiveDirectoryMembershipProvider1" checkboxMembershipProvider="CheckboxMembershipProvider" applicationName="/" />
4. Enable "Active Directory" Membership Provider
Near line 218 of the web.config, remove the comment delimiters around the provider definition. The provider definition should look like:
<add name="ActiveDirectoryMembershipProvider1" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=22.214.171.124, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString1" connectionProtection="None" connectionUsername="[AD User Name]" connectionPassword="[Password]" attributeMapUsername="[AD Attribute to map to UserName, such as sAMAccountName]" enableSearchMethods="true" />
5. Configure Active Directory Membership Provider
a. Replace [AD User Name] and [Password] with credentials of an account that can access the Active Directory and list users.
b. Configure the attributeMapUsername property. This is the name of the Active Directory user attribute that Checkbox will map to a user name. In most cases "sAMAccountName" is the appropriate value.
Important Note: The value used in the [attributeMapUsername] is case sensitive!
That's about it. We recommend testing these settings before moving them into a production environment as an improper configuration can prevent any users or respondents from accessing Checkbox.