Synchronizing SharePoint profiles data from LDS


 

Background

  • On number of occasions, when using claims authentication, Trusted provider bases its authentication on Active Directory LDS.
  • In these cases, profile  data from LDS needs to be imported into SharePoint

 

Design

SharePoint 2010 supports synchronization , offers mechanism to integrate with different directory services like Active Directory Domain Services, SunOne, Novell directory etc. But out of the box there is no support for synchronizing user profiles with Active Directory Light Directory Services (AD LDS). Hence in scenarios where it is necessary to synchronize with AD LDS, it is recommended to make use of LDIFDE utility (available with Windows 2008 server OS) to extract the profile attributes into flat file and then follow the process as documented in Configure profile synchronization using a Lightweight Directory Interchange Format (LDIF) file (SharePoint Server 2010) - http://technet.microsoft.com/en-us/library/ff959234.aspx

 

Integration Design and Process

 

Listed below are the high level details associated with the profile synchronization process

 

 

 

 

Potential Issue

  • Once imported,  these profiles need to be linked up with individual users logging into SharePoint using configured Tursted Identity Provider. If this link is absent, then SharePoint ends up creating another profile based on data of the logged user (this contains nothing but the account name)

 

Requirement

  • One profile per user should exist in SharePoint (not multiple)

 

Resolution

 

LDS Attribute Name

(Used by LDIF MA)

Fim Metaverse Attirbute Name

(Used by ILM MA)

SharePoint Property Name

(Used by SharePoint MA)

Comments

CustomProperty_LoginID

SPS-ClaimID

SPS-ClaimID

Value in this property needs to match the user's login id. This is the field that SharePoint checks once a user logs in and makes the link to the specific profile.

"Trusted"

SPS-ClaimProviderType

SPS-ClaimProviderType

Hard coded value. This value does not come from LDS

"Trusted Identity Provider Name"

SPS-ClaimProviderID

SPS-ClaimProviderID

Hard coded value. This value does not come from LDS

Comments (1)
  1. I need to syn between sharepoint 2010 and ad LDS.  I've followed this article – technet.microsoft.com/…/ff959234.aspx.  However, I'm not quite understand how to link profiles from LDS.  You mention a custom property field – customProperty_LoginID.  Can you please elaborate more on how to map this property to MOSS MA and LDIF MA.  

    What I did is I create customProperty_LoginID in sharepoint Manager User Profile.  Then use miisclient.exe to create the customProperty_LoginID as mentioned in technet.microsoft.com/…/ff959234.aspx.  In LDIF MA, I modified the value

    1)  SPS-ClaimProviderType to "Trusted".  

    2) SPS-ClaimProviderID to the name which is being used in the <membership> in the web.config file

    3)  for mapping, in LDIF MA, I mapped the customProperty_LoginID to customProperty_LoginID as import.  In MOSS MA, I mapped SPS-ClaimID to SPS-ClaimID.  

    Then I run synchronization profile from Central Admin but I cannot see the users get imported in the sharepoint.  Please help

    Thanks.

Comments are closed.

Skip to main content