I have a MOSS 2007 test server setup and have configured Forms Based Authentication on Internet site (just an extension of the main portal site) that authenticates via an LDAP Active Directory server. Most of it works. I can import profiles from the LDAP provider and LDAP users can authenticate to the FBA URL. The problem I'm running into is with LDAP groups and the Role provider. If I add an LDAP users to a Sharepoint permissions group directly, he can log in and access the site with no problems. However, if I instead add a Group from LDAP (which People Picker finds just fine) then members of that group can authenticate, but get the "Access Denied" page for the portal. Error Access Denied Current User You are currently signed in as: esmu The relevant portions of my web.config (I have entered these into the web.config for the main portal site, the extended site for forms based authentication, and the Central Management server site (making the required change for the default role provider for the central management site): i follow these steps: http://social.msdn.microsoft.com/Forums/en-US/sharepointdevelopment/thread/38239458-ecb3-4983-b51b-d26ba8686a11 And my web config set is: <system.web> <membership defaultProvider="Ldap_eDirectory"> <providers> <add name="Ldap_eDirectory" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="My Server" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" useDNAttribute="true" userContainer="DC=AA,DC=BB,DC=CC,DC=DD" userObjectClass="person" userFilter="(ObjectClass=person)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" /> </providers> </membership> <roleManager defaultProvider="LdapRoleProvider" enabled="true" cacheRolesInCookie="false" cookieName=".PeopleDCRole"> <providers> <add name="LdapRoleProvider" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="my server name" port="389" useSSL="false" groupContainer="DC=AA,DC=BB,DC=CC,DC=DD" groupNameAttribute="sAMAccountName" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(&amp;(ObjectClass=groupOfNames))" userFilter="(&amp;(ObjectClass=person))" scope="Subtree" /> </providers> </roleManager> I have also read this article: http://social.msdn.microsoft.com/Forums/en-US/sharepointadmin/thread/db7fb08a-de9b-4d72-8200-5621ff2f5315/ I added LDAP Domain Users from my site as well as from Ceteral Administration. but still i get access denied error. Is there any body solved this problem. I am waiting for your kind response. thanks, Imran

Dear Mandal, First thank you for you kind information, i have check the site permissions i have the full primary administrator and i can create group in sharepoint. and i can also add LDAP users in that group. and i can Add every LDAP users. and he can login fine. and i can Add LDAP Domain users also. The problem is that if i Add LDAP Domain users to sharepoint groups. not the specific users the LDAP Domain users. when he loging in the site he got error Error Access Denied Current User You are currently signed in as: esmu I can Add Ldap users. but there is 7000 LDAP users. i can not add all of them. I just want to add LDAP Domain usres. like in Windows Authentication i have only add Domain users group and every body can access the site. thanks, Imranoooo

Came across the following articles, could be helpful: http://technet.microsoft.com/en-us/library/cc197251.aspxhttp://msdn.microsoft.com/fr-fr/library/bb975136(en-us).aspxhttp://technet.microsoft.com/en-us/library/cc978014.aspxhttp://www.codedigest.com/Articles/Sharepoint/94_Active_Directory_for_FBA_in_SharePoint_using_LDAP.aspxHewlett Packard pour l'Assistance Utilisateur Microsoft

Dear Sadomo, Thank you for your information. i can add the LdapRoleProvider:Domain Users and i can Add LdapRoleProvider:Domain users but i could not find how to give appropriate permissions to site collection and sites.? waiting for you response. thnaks, Imranoooooo

Thanks for your kind response. i have followed your instruction i have add Ldaproleprovider:Domain users with full control and i have created new user from AD as well as i have created new Group from Active directory and add two users. but could not success. again same error. Error Access Denied Current User You are currently signed in as: esmu thanks,

Of course i have added ldap membership provider and role in three web config file. In intranet, internet and in Central Administration.

Dear Sadomo, thanks for your support. I have resolved the problem. The problem is with Domain users. i have created new Group in Active Directory and add all the users in the new group then add the ldaproleproveder:group. then i can login successfuly. The default Domain users group in active directory does not authorized in sharepoint.it will be better to create new group in active directory and then add that new group in sharepoint server it will work. Once again thank you very much for your all help. tahnks,

Imrannoooooo could you approve that resolution was addind LDAProlProvider:group to active directory group?

Strange....I didn't propose a solution but marked it as if I did...