This project has moved and is read-only. For the latest updates, please go here.

Dynamic results within people picker using custom claims provider

Oct 15, 2014 at 8:52 AM
Edited Oct 15, 2014 at 8:54 AM
Hi experts,

I am stuck with a problem relating the people picker search and our claims provider. I think it is not mainly related with our LDAPCP provider implementation but I knew no better place where I could find experts to this topic.

Our Environment:
We have a SharePoint WebApplication that has direct access to an active directory (CorpAD). Furthermore the WebApplication is connected (via AD FS) to an additional active directory (PartnerAD) in a different zone were our SharePoint servers have no access to. In order to allow CorpAD users to permit partners (PartnerAD), we implemented a custom claims provider (LDAPCP) with a keyword (“partner:”) that can be used in people picker controls. This all works fine!

The problem that we are facing now is that ParterAD users also find CorpAD users when they are using the people picker control. We want to restrict that.
To solve that problem, I decided to override the method FillSearch() of our custom claims provider, check if a user is a CorpAD or a PartnerAD user, and only show CorpAD results to CorpAD users. Surprisingly I realized that the searchTree I get in the FillSearch() method is empty. In other words, the LDAP query against the CorpAD is made in a later stage of the life cycle or the people picker control uses multiple searchTrees and consolidate them in a later stage.

Can I somehow alter the searchTree of the AD results? Or better, can I somehow avoid that an LDAP query is made against the AD if I am a PartnerAD user.

I know that I can configure the people picker (with stsadm) to only search within the site collection. But this would affect ALL users (also CorpAD users), which is not what we want.

I am thankful to every suggestion.