144 7.1 The SharePoint User Profile
7.1 The SharePoint User Profile
From a conceptual point of view, the user profile is somewhat similar to a
standard SharePoint list that is globally accessible. Indeed, it is a shared ser-
vice and can therefore be used by any site in any farm using the SSP. As with
all lists, it is extensible in the columns it contains, it supports multi-valued
fields, and the items in it can be indexed. But given that it is specifically
designed for user information, it has some other features that normal lists
don’t have, such as the ability to populate certain columns from external data
sources.
A common misconception is that the user profile is required and/or
involved when authorizing access to a SharePoint site. This is not the case,
and there is no requirement to implement the profile at all. When you grant
access for a user to a SharePoint site, the user is validated against the underly-
ing authentication provider you are using—by default, this is the AD and the
profile is not involved at all for this operation. Indeed the user details for
each site collection are stored in a table called UserInfo, and this information
is modifiable by site collection administrators. End users can also see and
modify their own site details by clicking on the My Settings option, which
appears under the Welcome menu at the top right corner of a SharePoint site
page (as shown in Figure 7.1). But this information about a user is minimal,
is scoped to a site collection, and is not kept synchronized with the original
user object. Therefore, this information is not that useful and can very
quickly become stale.
If you do implement the profile, far richer information about people can
be displayed when navigating to a person’s details and, furthermore, it can
also be kept up to date with the underlying directory service, which makes it
far more appealing.
7.1.1 Populating the User Profile
So how does information get into the user profile? There are various
options, from manually adding entries, to having entries dynamically cre-
ated, to writing your own import, to importing from external data sources.
The last of these is the one most likely to be used by the vast majority of
people, and the most common external data source will be some form of
directory service. Why? The user profile is very much like SharePoint’s own
people directory, and therefore the data it contains is very similar to that of
any directory service.
It should come as no surprise that user profiles can be imported from the
AD. This ability was there in SPS 2003, but now we also have the option of
importing from any LDAP directory, or even through the BDC. The latter
7.1 The SharePoint User Profile 145
Chapter 7
can be very useful if your master data source for people is perhaps controlled
by a human resources–type business application, such as Seibel or PeopleSoft.
An SSP administrator will have to first configure the import, which
involves specifying the import source and also setting up connections to the
external data sources. Although the import itself can only come from one
external source, you can set up individual profile properties that can be popu-
lated from different sources, assuming you have a property in the profile that
can be used as a key into the external source. Setting up an AD source is the
most straightforward, as it will look at the current forest that the SharePoint
server itself is running in and automatically discover a suitable domain con-
troller from which to import profiles. You can choose to import objects from
the current domain or from the entire forest, should you be running in a mul-
tidomain forest. You also specify a schedule for a full and incremental import.
You then need to configure an import connection for the source. We can
see the default connection created for importing from the current active
directory domain in Figure 7.2.
There are three sections for configuring the connection: connections,
search, and authentication. The connections settings allow you to specify
where to connect to in terms of domain controller, port, SSL, and time out
values, and the authentication settings allow you to specify which account to
use to access the AD. This account must have read access to the objects that
you want to import.
The search settings section allows you to formulate the LDAP query that
will eventually be executed against the AD. This grants you granular
control over where to start your search (search base), how deep to go (scope),
Figure 7.1
User settings from
a WSS site
Get Microsoft SharePoint 2007 Technologies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
