Synchronizing SharePoint profiles data from LDS

 

Background

• On number of occasions, when using claims authentication, Trusted provider bases its authentication on Active Directory LDS.

• In these cases, profile data from LDS needs to be imported into SharePoint

 

Design

SharePoint 2010 supports synchronization , offers mechanism to integrate with different directory services like Active Directory Domain Services, SunOne, Novell directory etc. But out of the box there is no support for synchronizing user profiles with Active Directory Light Directory Services (AD LDS). Hence in scenarios where it is necessary to synchronize with AD LDS, it is recommended to make use of LDIFDE utility (available with Windows 2008 server OS) to extract the profile attributes into flat file and then follow the process as documented in Configure profile synchronization using a Lightweight Directory Interchange Format (LDIF) file (SharePoint Server 2010) - https://technet.microsoft.com/en-us/library/ff959234.aspx

 

Integration Design and Process

 

Listed below are the high level details associated with the profile synchronization process

 

 

 

 

Potential Issue

• Once imported, these profiles need to be linked up with individual users logging into SharePoint using configured Tursted Identity Provider. If this link is absent, then SharePoint ends up creating another profile based on data of the logged user (this contains nothing but the account name)

 

Requirement

• One profile per user should exist in SharePoint (not multiple)

 

Resolution

• My colleague Bryan Porter is the one who pointed me to the solution (noted in his blog https://blogs.msdn.com/b/brporter/archive/2010/07/19/trusted-identity-providers-amp-user-profile-synchronization.aspx). This blog talks about how to link profile data coming from Active Directory.
• For linking profiles coming from LDS, listed below are the values which need to be hard coded in ForeFront Identity Manager.

 

LDS Attribute Name (Used by LDIF MA)	Fim Metaverse Attirbute Name (Used by ILM MA)	SharePoint Property Name (Used by SharePoint MA)	Comments
CustomProperty_LoginID	SPS-ClaimID	SPS-ClaimID	Value in this property needs to match the user's login id. This is the field that SharePoint checks once a user logs in and makes the link to the specific profile.
"Trusted"	SPS-ClaimProviderType	SPS-ClaimProviderType	Hard coded value. This value does not come from LDS
"Trusted Identity Provider Name"	SPS-ClaimProviderID	SPS-ClaimProviderID	Hard coded value. This value does not come from LDS