Wednesday, August 19, 2009

LdapRoleProvider and Audience Targeting Bug

The MOSS 2007 LdapRoleProvider could be your greatest friend or your worst enemy. Getting it configured correctly is a pain. See the community content I added here for some of my tricks.

There are some limitations on SharePoint role providers:

  • Cannot use the people picker search feature to find partially typed group names
  • You can only have one provider per SharePoint application zone
  • You cannot share a provider across applications/zones
  • The role provider groups cannot be directly accessed via Audience targeting

Today, I spent the day figuring out the following bug and resolution.


  • You have configured audience targeting to use SharePoint groups because you cannot directly target Ldap groups
  • The SharePoint groups contain the Ldap groups
  • The SharePoint groups have no inherent permissions defined


  • The targeted web part does not display even though the user is in the appropriate ldap group


  • The SharePoint group must have at least one permission applied to it.
  • I recommend using the Read or Restricted Read permission, since this should be a minimal permission. Alternatively, create your own minimal permission level.

My guess is that the SP group only parses the RoleProviders upon a permission request. This means that if there have been no relavent permission requests against the group, the group will only contain the non-roleprovider entries (individual accounts) and will not return the correct results to the audience targeting request.

No comments:

Post a Comment