To access the information in AD like username, first name, last name, given name, CN, Role etc... from sharepoint; the following are some of the options
- Access the Active Directory directly from the Portal
- Create a WCF Service running under privileged user which will access the Active Directory and return the required information
- Create Shared Service provider and use “Profile Import” technique in the sharepoint
Option 1:
This option may not be the good one since every user to the sharepoint need to have access to the corresponding Active Directory. This might not work out in case of using Windows Authentication in the sharepoint.
Option 2: (Using WCF Service)
A WCF Service can be created and make it to run under the highly privileged user who have access to Active Directory. From Portal we can make a WCF call to get the Active Directory information. The service will pull the user information from Active Directory and return back to the portal.
Pros
- Unlike profile import approach, the information about the user is always up-to-date since we are directly fetching the information from Active Directory.
Cons
- One WCF Service has to be setup to access Active Directory. Involves a little bit effort to create & deploy the WCF Service.
- Whenever a user logs-in a web service call has to be made to fetch the Active Directory information. This might affect the performance of the portal a little
Option 3:(Profile Import)
MOSS has the built-in technology for access the Active Directory called “Profile Import shared service”.
To use this,
To use this,
- Shared Services has to be created
- Under “User Profiles and Properties”, “Import Connection” has to configured to the Active Directory
- Using “Configure Profile Import” either incremental or full import has to be configured using the privileged user id and password
- Property mappings have to be created for the information required from Active Directory
- Then sharepoint will import all the profiles from Active Directory and store them in its SQL configuration database
- From Portal using Elevated Privilege we will have to use “UserProfileManager” and access the user profiles.
Pros
- The Active Directory information will be imported and stored in the configuration database of the sharepoint portal. Also, the profile information will be set in the User Context info of the logged-in user. Hence, accessing the Profile Information will have better performance than accessing the WCF Service.
- “Profile Import” technique is in-built in sharepoint and does not involve any coding. Simple configuration settings in the “Sharepoint Central Administration” will suffice
Cons
- The Profile Import from Active Directory will happen through schedule jobs. Hence there is a chance that the latest updated information of the user in Active Directory might not reflect immediately in the User Profile
No comments:
Post a Comment