Can people picker resolve NTLM users in an FBA extended site
-
We have a SharePoint 2010 extranet web application that uses claims authentication. •The Intranet zone is using mixed authentication (NTLM against internal AD and FBA against a separate AD). •The Extranet uses FBA only against the separate AD. We have sites that have NTLM users in the Members SharePoint group. We have librarys with "Person" colums limited to the Members group. We would like to allow FBA users to pick NTLM users that are in the Members group when fillng in item metadata. The problem is that the FBA users can see the NTLM users in the people picker but when they select them, the user is not resolved. I realize we could probably work around this by adding NTLM to the Extranet zone but prefer not to do this if possible. My questions are: Is this a scenario where a custom claims provider would be appropriate? Is this a problem that could be resolved with the peoplepicker-searchadforests property? (I've not been able to get my head around a real world example where this property is in play)
-
Answer:
All the PeoplePicker properties work with LDAP queries only. That means the PeoplePicker can not be configured to search specific SharePoint groups (like the Members group) as well. All you can do is limit the search to being SiteCollection users, like this: stsadm -o setproperty –pn peoplepicker-Peopleeditoronlyresolvewithinsitecollection –pv yes –url http://myserver stsadm -o setproperty –pn peoplepicker-onlysearchwithinsitecollection –pv yes –url http://myserver It can however search only specific AD groups if you like: stsadm.exe -o setproperty -url http://myserver -pn "peoplepicker-searchadcustomfilter" -pv "(memberOf=CN=SharePoint,OU=AccessGroups,DC=contoso,DC=local)" Check this article for more information about the PeoplePicker: http://technet.microsoft.com/en-us/library/gg602075.aspx
DrivenDevelopment at SharePoint Visit the source
Other answers
You need to put the FBA configuration (web.config) in your Extended Web Application's web.config as well (which kind of negates the whole point of extending the Web App) in order for users on your internal AD to resolve users within the FBA AD.
Trevor Seward
Related Q & A:
- Can people with loss-of-function mutations to CYP2E1 be resistant to benzene poisoning?Best solution by Quora
- How can people join Yahoo groups without a Yahoo account?Best solution by answers.yahoo.com
- Can people only be allergic to "some" guinea pigs?Best solution by Yahoo! Answers
- What can Yahoo Answers do to improve the quality of their site?Best solution by Yahoo! Answers
- Can I make money from home without making my own site?Best solution by wikihow.com
Just Added Q & A:
- How many active mobile subscribers are there in China?Best solution by Quora
- How to find the right vacation?Best solution by bookit.com
- How To Make Your Own Primer?Best solution by thekrazycouponlady.com
- How do you get the domain & range?Best solution by ChaCha
- How do you open pop up blockers?Best solution by Yahoo! Answers
For every problem there is a solution! Proved by Solucija.
-
Got an issue and looking for advice?
-
Ask Solucija to search every corner of the Web for help.
-
Get workable solutions and helpful tips in a moment.
Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.