There are some limitations on SharePoint role providers:
- Cannot use the people picker search feature to find partially typed group names
- You can only have one provider per SharePoint application zone
- You cannot share a provider across applications/zones
- The role provider groups cannot be directly accessed via Audience targeting
Today, I spent the day figuring out the following bug and resolution.
- You have configured audience targeting to use SharePoint groups because you cannot directly target Ldap groups
- The SharePoint groups contain the Ldap groups
- The SharePoint groups have no inherent permissions defined
- The targeted web part does not display even though the user is in the appropriate ldap group
- The SharePoint group must have at least one permission applied to it.
- I recommend using the Read or Restricted Read permission, since this should be a minimal permission. Alternatively, create your own minimal permission level.
My guess is that the SP group only parses the RoleProviders upon a permission request. This means that if there have been no relavent permission requests against the group, the group will only contain the non-roleprovider entries (individual accounts) and will not return the correct results to the audience targeting request.