Forms authentication and Profile Synchronization using LDAP.

Question

Hello everybody,

I have recently migrated a SharePoint 2007 Web Application to 2010, I've configured it for using Claims Authentication because our client wants to log in his users using FBA with their Active Directory username and password. For that purpose I have used the LdapMembershipProvider and LdapRoleProvider.

Now, my first problem is the display name in the people picker; I mean, in another Web Applications configured for using just Windows Authentication the display name is correct, but for this one that is using FBA the display name is just the username, not his real name. Somebody mentioned that using the SharePoint commands for changing the display name would be enough but doing that for hundred of users is not an option. Also, I don't think that the client likes to wait until some developer run that command.

I remember that this problem could be solved on SharePoint 2007 using the profile importation with the LDAP Directory connection. Now it comes my second problem because after configuring the Profile Service Application I note that the LDAP Directory connection is not supported by SharePoint 2010 (Microsoft doesn't mention why) and I could not import the profiles. Another blog post mentioned that using LDIF files I could do and I'm still trying to do work that because I cannot restart the Domain Controller in order to get the LDIF file.

In the mean time I created a Profile manually for an FBA user in order to see if it fixed the People picker Display Name, for my surprise it didn't. The people picker is still showing just the username, for the FBA logged in users too. If I go to the "My Site" site collection it is worst because the display name is in the claims authentication way (i:0#.f|membershipprovider|username), but if I go to the "My Documents" section in the "My Site" site collection, It's showing me the display name as expected. this is my third problem .

So, here are my questions:

1. How can I do for displaying the real name in the people picker?
2. Is there another option for getting the LDIF file without restarting the domain controller?
3. Is there any way to be consistent in the way that SharePoint is showing the Display name in its pages?

Thanks in advance.

Answer 1

Well, after working a bit with my problems, I have some solutions but more questions too.

For fixing the problem of the inconsistent Display Names (Number 3), you should apply the hotfix from the page http://support.microsoft.com/kb/2459257/ .

For getting the LDIF file you can use the command ldifde in the domain controller. Here is the documentation: http://support.microsoft.com/kb/237677 .

Now, after downloading that file on my SharePoint server, I would like to know how to associate that LDAP connection to the FBA profile users because the MS documentation is very generic. I could set up the connection, but when I'm performing a full synchronization the ForeFront Identity Manager is showing me the next errors:

completed-discovery-errors

And in the error details it's showing unmappable-object-type for each user that is in the ldif file.

---

Dasaev Cerqueda Web Application Developer Nuvek, LLC.

Answer 2

After some hours to be working with the LDIF file, I saw that the problem about the unmappable-object-type is because there were some missing fields in the LDIF file, I fixed them for just a test user and the synchronization was not showing errors but now, when I see the profile, it has the Account Name as LDAP::username instead of i:0#.f|membershipprovider|username.

Do you know what I have to do in order to fix the Account Name?

---

Dasaev Cerqueda Web Application Developer Nuvek, LLC.

Answer 3

Did you ever solve the profile import problem?

Answer 4

Having the same issue with the account name formatted as LDAP::username.  Anyone have any ideas?

---

GregM

Answer 5

I take it no really uses the LDIF import option....

---

GregM