Add connections to LDAP

Applies To: Office SharePoint Server 2007

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.

 

Topic Last Modified: 2007-05-22

Before you perform this procedure, confirm that:

  • You have read the topic Manage import connections.

  • Your system is running either the Standard or Enterprise version of Microsoft Office SharePoint Server 2007.

  • You know the directory service server name and provider name for the Lightweight Directory Access Protocol (LDAP) directory service server.

Important

Administrators must have access to the Shared Services Provider (SSP) administration site, and must have the Manage user profiles permission enabled to complete this procedure. For details, see the "Additional considerations" section in this topic.

To add a connection to LDAP

Use this procedure to add an import connection to LDAP.

Add an import connection to LDAP

  1. Open the administration page for the SSP, as follows:

    1. On the top link bar, click the Application Management tab.

    2. On the Application Management page, in the Office SharePoint Server Shared Services section, click Create or configure this farm's shared services.

    3. On the Manage this Farm's Shared Services page, there is a link to each SSP and links to the Web applications for each SSP. Click the link for the SSP that you want to open.

    You can also access the SSP by clicking the link to the Shared Services Administration home page in the Shared Services Administration section of Quick Launch.

  2. On the SSP home page, in the User Profiles and My Sites section, click User profiles and properties.

  3. On the User Profiles and Properties page, in the Profile and Import Settings section, click View import connections.

  4. On the View Import Connections page, click Create New Connection.

  5. On the Add Connection page, in the Connection Settings section, from the Type menu, click LDAP Directory.

  6. In the Connection name text box, type the name of the connection.

  7. In the Directory service server name text box, type the name of the server for the directory service.

  8. In the Port text box, type the number of the port to use to connect to the domain. To use SSL to help secure the connection, select the Use SSL-secured connection check box, and type a port number that is configured to use SSL in the Port text box.

  9. To minimize the performance impact on the domain controller, type a number of seconds in the Time out text box, and select Enable Server Side Incremental.

  10. In the Provider name text box, type the name of the provider for this connection.

  11. In the Username attribute text box, type the name of the attribute to import.

    Note

    This attribute is the identification attribute for each entry in LDAP directory services, associated with a single user or account. By default, this is the uid attribute.

  12. In the Search Settings section, in the Search base text box, type the distinguished name of the directory node from which to import the users. If you do not know the distinguished name, click the Auto Fill Root Search Base button.

  13. In the User filter text box, you can add new query clauses to the default query to filter which user profiles are imported.

  14. Under Scope, select One level to import one level of user profiles, or Subtree to import all user profiles under the search base.

  15. To improve performance, you can type a maximum number of user profiles to import in the Page Size text box, and type a maximum number of seconds for the import in the Page time out text box.

  16. In the Authentication Information section, select Specify Account and type the account name and password that you want to use to import user profiles from this connection.

    Note

    It is recommended that you specify an account, rather than relying on the default content access account. To use the default content access account, select Use Default Account.

  17. Click OK.

Additional considerations

To add connections to directory services, administrators must have access to the Shared Services Administration site, and must have the Manage user profiles permission enabled. Users with access to the administration site but without the Manage user profiles permission enabled can view the SSP administration home page, but cannot access the User Profiles and Properties page.

In a single-click installation, the account used to install Office SharePoint Server 2007 has the following permissions enabled: Manage user profiles and Manage permissions. The installation account also has access to the Shared Services Administration site.

In an advanced farm installation, the user installing Office SharePoint Server 2007 selects an account to have these management permissions. This account can be used to add the Manage user profiles permission to users and groups responsible for administering user profiles and connections to directory services.