Sunday, April 17, 2011

Can MOSS 2007 integrate with multiple LDAP/AD stores?

Can MOSS integrate and get user profiles from multiple Active Directory and/or LDAP stores?

I have seen from Integrating Microsoft SharePoint Server With Oracle Virtual Directory that there may be intermediary products that can help with this.

It looks like Rohati has a solution as well, but is the out of the box without third party products?

From stackoverflow

  • One way would be to extend your website application and to attach different providers to different zones. I think there're should be something like LDAP Membership Provider you can use. But I guess that's not what you're looking for.

    Another way would be to build your own Membership Provider which internally retrieves users, groups from multiple sources.

    Kirk Liemohn : I'm thinking here more of user profiles (e.g., My Sites) than I am just authentication and group membership, but both are important.

  • Here is one solution SharePoint AD Information Sync, which can let you export AD user files into list. However, the trouble is you need know it just can get user profiles from Active Directory but can not LDAP stores and I am not sure it can do that from multiple Active Directory.

    Anyway, it is a ugly solution. Maybe helpful to you.

    Kirk Liemohn : Not what I needed, but an interesting solution. Thanks for sharing.

  • Cannot answer for non-AD LDAPs but with with multiple forests where you have a trust, one-way will work, it is no big problem. You need to do two things, add the people to the people picker, http://technet.microsoft.com/en-us/library/cc262051.aspx, and then run a command to import the user profile information, link on above link. Besure to run the command also on your MySites so that profile is correct.

    Alot more information can be found by searching for sharepoint and multiple forests.

    Kirk Liemohn : This may do the trick for my client. Thanks for sharing.

  • Our client found a SharePoint 2007 Shared Services Provider User Profile Importer from CodePlex that may help too.

  • Since the web.config entries only have one entry for hostname, port, userContainer, etc..., it is hard to see how you can do that without using a third party virtual directory product. Oracle can do it but so can Symlabs or OptimalId and probably any other VD on the market. Those are not free. But Penrose is a free LDAP Proxy and my guess is that you should be able to do it with Penrose too.

Posted by Mu Cat at 4:18 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)