This project has moved and is read-only. For the latest updates, please go here.

How to resolve users from multiple ADFS systems (Resolve User profile users using LDAP)

Dec 30, 2014 at 3:02 PM
Hi! Thanks for LDAP CP.

We have two ADFS systems and users of both the systems will be synchronized in to our SharePoint farm, One is ADFS1 and another for the ADFS2 (Gmail,Yahoo users).

LDAP resolves the ADFS1 users. But I have the following questions for ADFS2 users

how do i resolve these users in user profiles using LDAPCP?

I mean.. Will LDAP also look into the User profiles that are in ADFS2 ? If not what would you suggest that works better for the User Profile users to be resolved for external users as well.

Thanks,
Kumar
Jan 5, 2015 at 12:04 PM
HI Yvan,

Gentle Reminder! Can you please help me with the reply on the question for teo ADFS systems.

I understood that source code is searching all the claims and then if not found then its searching in LDAP.
Jan 5, 2015 at 6:08 PM
Hello,

LDAPCP can query 1 or multiple LDAP servers, so it's not an issue to have users in multiple LDAP servers.
The only limitation is that it must be LDAP servers, and of course accessible from SharePoint processes.
Are your users in ADFS2 stored in a LDAP directory? If yes then you can just add the new LDAP connection in LDAPCP admin page.

If not (you mention Gmail,Yahoo users), then the other option is to set a keyword that will automatically validate unreachable users. For example you type "extuser:yvand@yahoo.com" and LDAPCP creates "yvand@yahoo.com". You can do that in claims table page (on claim type of your choice).

Does that answer your question?

cheers,
Yvan
Jan 8, 2015 at 12:15 AM
For your adfs2 users you have to write your own code if you want a search experience because LDAPCP can only query LDAP endpoint which neither ADFS,GMAIL,or Yahoo have. If the search experience is not required, then you can allow all users with Yvand's keyword as said. If you want the search experience you have no choice but to write code that can reach some authority to query. Your best bet perhaps would be to manually query the UPS with ssom, or populate your own sql table of users and hit with ado.net. If this is the case, then the question is about where the best place is to stub in your resolve logic.
Jan 8, 2015 at 9:22 AM
Yes, Thank you. But SSOM code is not allowed.