Configure profile synchronization using a Lightweight Directory Interchange Format (LDIF) file (SharePoint Server 2010)

 

Applies to: SharePoint Server 2010

This article describes how to use a Lightweight Directory Interchange Format (LDIF) file to synchronize user and group profile information between Microsoft SharePoint Server 2010 and a Lightweight Directory Access Protocol (LDAP) provider not directly supported by Microsoft SharePoint Server 2010. For a list of directly supported LDAP providers, such as Active Directory Domain Services (AD DS), see Identify directory services and business systems. We recommend that you only use the following procedures for those LDAP providers not in the directly supported LDAP provider list.

Overview

An LDIF file is an ASCII file that can be used to exchange information with LDAP Directory System Agents (DSAs). You can also use an LDIF file to synchronize profile information with SharePoint Server 2010. To do this, you must create an LDIF file by using your LDAP provider and save it to the %rootdir%\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Ma-data\ directory on the server running SharePoint Server. The LDIF file must be saved to the LDIF <MA_Name> folder within this directory and must contain the profile information that you want to synchronize with SharePoint Server 2010. The schema for the LDIF file should be similar to the schema shown in the import.ldif sample file, which can be downloaded using the following link: https://go.microsoft.com/fwlink/p/?LinkId=202107. The configuration file that contains the schema shown in import.ldif can be downloaded using the following link: https://go.microsoft.com/fwlink/p/?LinkId=202107. This config.xml file contains the default properties that will be imported from the LDIF file into SharePoint Server. This schema is used to create an LDIF management agent (MA) that links the information in the LDIF file to SharePoint Server 2010. Creating an LDIF MA is done by using the Import Management Agent function in the SharePoint Server Synchronization Services Manager.

Once you have created an LDIF file that conforms to the schema shown in the sample LDIF file and created an LDIF MA, you can customize the default profile property schema by adding properties not included in the default schema. To do this, you must first use the SharePoint Server Synchronization Service Manager to add the additional profile properties to the MOSS MA. After you have added any additional profile properties to the MOSS MA, you must then add the additional properties to the Forefront Identity Manager (FIM) metaverse by using the Synchronization Management Service. The final step is to add the additional profile properties to the LDIF MA.

Because the MOSS MA only imports profile properties into SharePoint Server if they are present in the LDIF file, unwanted profile properties can be excluded from synchronization by excluding them from the LDIF file. Although you can also exclude properties from import by excluding them from the MOSS MA schema, the preferred method is to exclude any unwanted profile properties from the LDIF file.

After you have created an LDIF MA and added any additional properties that you want to synchronize, you can then run Profile Synchronization from SharePoint Server 2010 Central Administration to import the profiles into SharePoint Server. This will synchronize the profile information in the LDIF file with the profile information in the SharePoint Server profile store and will also synchronize profile information from other directory services or business systems that are based on any other profile synchronization connections that you have configured.

Task requirements

Before you perform this procedure, confirm the following:

Important

See the SharePoint Server 2010 release notes for other task requirements that may be needed for Profile Synchronization.

Tasks in this article

  • Create an LDIF management agent

  • Add profile properties to the default property schema

Create an LDIF MA

You can create an LDIF MA to synchronize user and group profile information between Microsoft SharePoint Server 2010 and a Lightweight Directory Access Protocol (LDAP) by using the Synchronization Service Manager.

To create an LDIF MA by using the Synchronization Service Manager

  1. Verify that you have the following administrative credentials:

    • To use the Synchronization Service Manager to create an LDIF MA, you must be a Service Application Administrator for the User Profile Service application. The Service Application Administrator for the User Profile Service application must also have write permissions on the %rootdir%\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Ma-data\ directory.
  2. Download the default schema file (config.xml) from https://go.microsoft.com/fwlink/p/?LinkId=202107 and save it to the %rootdir%\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Ma-data\ directory.

  3. Open the Synchronization Service Manager by browsing to %rootdir%\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\ and double-clicking miisclient.exe.

  4. In the Synchronization Service Manager, click Management Agents and then, under Actions, click Import Management Agent.

  5. Select the config.xml file and then click Open.

  6. On the Create Management Agent page of the Create Management Agent wizard, type a name for the LDIF MA in the Name field. The name must be preceded by "MOSSLDAP-", for example, MOSSLDAP-TestLDIFMA.

  7. Optionally, type a description for the LDIF MA in the Description box.

  8. Click Next through the remaining pages of the Create Management Agent wizard.

  9. On the Configure Extensions page of the Create Management Agent wizard, click Finish.

  10. Save the LDIF file you generated by using your LDAP provider in the newly created LDIF <MA_Name> folder in the %rootdir%\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Ma-data\ directory.

    You can now run profile synchronization from Central Administration in SharePoint Server 2010 to import the profiles from the LDIF file into the SharePoint Server profile store. For more information about how to run profile synchronization in SharePoint Server 2010, see Start profile synchronization manually (SharePoint Server 2010).

    Note

    If you need to add any custom profile properties to the default property schema, you should add them before running profile synchronization.

Add custom profile properties to the default profile property schema

Before you run profile synchronization, you can add a custom profile property to the default profile property schema by creating the following:

  1. The custom property in SharePoint Server by using Central Administration

  2. The custom property in the MOSS MA

  3. The custom property in the FIM metaverse

  4. The custom property in the LDIF MA

  5. An export mapping from the LDIF MA to the FIM metaverse

  6. An import mapping from the FIM metaverse to the MOSS MA

Important

Complete the procedures in the following order to add a new profile property to the default profile property schema.

To create a custom profile property in SharePoint Server

  • If the profile property does not exist in SharePoint Server, create a custom profile property in SharePoint Server by using Central Administration.

To create a custom profile property in the MOSS MA

  1. Verify that you have the following administrative credentials:

    • To use the Synchronization Service Manager to create a new profile property in the MOSS MA, you must be a Service Application Administrator for the User Profile Service application. The Service Application Administrator for the User Profile Service application must also have write permissions on the %rootdir%\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Ma-data\ directory.
  2. Open the Synchronization Service Manager by browsing to %rootdir%\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\ and double-clicking miisclient.exe.

  3. Select the MOSS MA from the Management Agent list in the Synchronization Service Manager and then, under Actions, click Properties.

    Note

    The MOSS MA appears in the Management Agent list in the Synchronization Service Manager as "MOSSGUID".

  4. On the Properties page, under Management Agent Designer, click Configure Attributes.

  5. On the Properties page, under Configure Attributes, click New.

  6. In the New Attribute dialog box, enter the name of the new profile property in the Name field. This name must be the same name as the profile property that you created in the SharePoint Server Central Administration.

  7. Select a data type for the new profile property from the drop-down list. This data type must be the same as the one specified in SharePoint Server.

  8. In the New Attribute dialog box, in the Value constraints section, enter a minimum and maximum character length for the new profile property and then click OK.

  9. On the Properties page, under Management Agent Designer, click Define Object Type.

  10. On the Properties page, under Define Object Types, select User and then click Edit.

  11. In the Edit Object Type dialog box, in the Select mandatory attributes section, select the new profile property and then click Add to make the new profile property either a required profile property or an optional profile property. When you are done, click OK.

Create a new profile property in the FIM metaverse

  1. Verify that you have the following administrative credentials:

    • To use the Synchronization Service Manager to create a new profile property in the FIM Metaverse, you must be a Service Application Administrator for the User Profile Service application. The Service Application Administrator for the User Profile Service application must also have write permissions on the %rootdir%\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Ma-data\ directory.
  2. Open the Synchronization Service Manager by browsing to %rootdir%\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\ and double-clicking miisclient.exe.

  3. Click Metaverse Designer.

    Under Object Types, select the person object.

    In the lower Actions section, click Add Attribute.

  4. In the Add Attribute To Object Type dialog box, click New attribute.

  5. In the New Attribute dialog box, type the name of the new profile property in the Attribute name field. This name must be the same name as the profile property that you created in the SharePoint Server Central Administration.

  6. Select the data type from the Attribute type drop-down list. This data type must be the same as the one specified in SharePoint Server.

  7. If the new profile property is a multi-valued property, click to select Multi-valued and then click OK.

Create a new profile property in the LDIF MA

  1. Verify that you have the following administrative credentials:

    • To use the Synchronization Service Manager to a new profile property in the LDIF MA, you must be a Service Application Administrator for the User Profile Service application. The Service Application Administrator for the User Profile Service application must also have write permissions on the %rootdir%\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Ma-data\ directory.
  2. Open the Synchronization Service Manager by browsing to %rootdir%\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\ and double-clicking miisclient.exe.

  3. Select the LDIF MA from the Management Agent list in the Synchronization Service Manager and then, under Actions, click Properties.

  4. On the Properties page, under Management Agent Designer, click Configure Attributes.

  5. On the Properties page, under Configure Attributes, click New.

  6. In the New Attribute dialog box, enter a name for the new profile property in the Name field. This name must be the same name as the profile property that you created in the SharePoint Server Central Administration.

  7. Select a data type for the new profile property from the drop-down list. This data type must be the same as the one specified in SharePoint Server.

  8. In the New Attribute dialog box, in the Value constraints section, enter a minimum and maximum character length for the new profile property and then click OK.

  9. On the Properties page, under Management Agent Designer, click Define Object Type.

  10. On the Properties page, under Define Object Types, select User and then click Edit.

  11. In the Edit Object Type dialog box, in the Select mandatory attributes section, select the new profile property and then click Add to make the new profile property either a required profile property or an optional profile property. When you are done, click OK.

Create an import mapping from a new LDIF MA profile property to a new metaverse profile property

  1. Verify that you have the following administrative credentials:

    • To use the Synchronization Service Manager to create an import mapping from a new LDIF MA profile property to a new Metaverse profile property, you must be a Service Application Administrator for the User Profile Service application. The Service Application Administrator for the User Profile Service application must also have write permissions on the %rootdir%\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Ma-data\ directory.
  2. Open the Synchronization Service Manager by browsing to %rootdir%\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\ and double-clicking miisclient.exe.

  3. Select the LDIF MA from the Management Agent list in the Synchronization Service Manager and then, under Actions, select Properties.

    Under Management Agent Designer, click Configure Attribute Flow.

  4. In the Configure Attribute Flows section, select Object Type: User from the Data Source Attribute column.

  5. In the Build Attribute Flow section, under Flow Direction, select Import.

  6. In the Build Attribute Flows section, under Data source attribute, select the name of the new profile property.

  7. In the Build Attribute Flows section, under Metaverse attribute, select the name of the new profile property, click New, and then click OK. The new import mapping should now show in the Configure Attribute Flow section of the Properties pane.

Create an export mapping from a new metaverse profile property to a new MOSS MA profile property

  1. Verify that you have the following administrative credentials:

    • To use the Synchronization Service Manager to create an export mapping from a new Metaverse profile property to a new MOSS MA profile property, you must be a Service Application Administrator for the User Profile Service application. The Service Application Administrator for the User Profile Service application must also have write permissions on the %rootdir%\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Ma-data\ directory.
  2. Open the Synchronization Service Manager by browsing to %rootdir%\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\ and double-clicking miisclient.exe.

  3. Select the MOSS MA from the Management Agent list in the Synchronization Service Manager and then, under Actions, select Properties.

    Under Management Agent Designer, click Configure Attribute Flow.

  4. In the Configure Attribute Flows section, select Object Type: User from the Data Source Attribute column.

  5. In the Build Attribute Flow section, under Flow Direction, select Export.

  6. In the Build Attribute Flows section, under Data source attribute, select the name of the new profile property.

  7. In the Build Attribute Flows section, under Metaverse attribute, select the name of the new profile property, click New, and then click OK. The new export mapping should now show in the Configure Attribute Flow section of the Properties pane.

See Also

Concepts

Manage profile synchronization (SharePoint Server 2010)
Plan for profile synchronization (SharePoint Server 2010)
Configure profile synchronization (SharePoint Server 2010)
Start profile synchronization manually (SharePoint Server 2010)
Schedule profile synchronization (SharePoint Server 2010)