Using an LDIF file to import profiles from an LDAP provider


SharePoint Server 2010 currently supports the following LDAP providers for importing user and group profile information into the SharePoint profile store:

  • SunOne 5.2
  • Novell eDirectory 8.7.3
  • IBM Tivoli 5.2

But what if you need to import profile information from a different LDAP provider? Well, the good news is you can! In addition to directly supporting the three LDAP providers listed above, SharePoint Server 2010 also supports using a Lightweight Directory Interchange Format (LDIF) file to import user and group profile information from an LDAP provider to SharePoint Server.

LDIF files are typically used to exchange information with LDAP Directory System Agents (DSAs). However, you can also use an LDIF file to import profiles from your LDAP provider to SharePoint by using the SharePoint Server Synchronization Services Manager.

The following article explains how to do this in detail:

Configure profile synchronization using a Lightweight Directory Interchange Format (LDIF) file (SharePoint Server 2010)

We’ve also provided a sample LDIF file that you can use for testing, along with the Config.xml file that you will need to use when setting up profile synchronization by using an LDIF file. These files can be downloaded here:

Lightweight Directory Interchange Format (LDIF) files for configuring profile synchronization in SharePoint Server 2010

Let us know what you think!

Comments (7)

  1. Still working on getting the official word on this from the product group. Right now, since you can create a direct sync connection between SharePoint Server and AD DS, this is not supported. There's a chance doing this by using an LDIF file may be supported in the future, but I don't have an answer on that yet. Will post here as soon as I know something.

  2. Somugo, I have forwarded your question to the product group and hope to have an answer for you later today.

  3. In order to do this, you need to provide the SID in the import.ldif file for the user to be recognized as an AD based user.

  4. Frank, I'm checking with the product group to see if there is an additional formatting step that is needed here or if there is something we need to do on our end. Stay tuned . . .

  5. Anonymous says:

    I have posted a question here yesterday,

    social.technet.microsoft.com/…/a1706d06-a968-433a-8308-2b79709af03b

    Basically, my problem is that I can't figure out how to hookup a ldif record with an existing SharePoint user account.  For example, if I imput a record under username, or domain/username, it will produce a record under "domain:username" or "domain:domainusrname", but not "domainusrname".  Meanwhile, when user signs in SharePoint via windows authentication, it will always generate a record under "domainusername".  In another word, it will have two user records for the same person.  Can you shut into some light for how to prepare the ldif file so that it can practically useful in my environment.  Thanks.

  6. Frank says:

    I'm in the same situation – is there a resolution for this issue?

  7. Frank says:

    Hi Clake,

    Thanks for the tip, however, it's still not working. Profile data imports fine, but it displays as DOMAIN:username instead of DOMAINusername. I have tried using both versions of the SID – the plain text, with the format 'S-1-5-21-2********8-3*******2-**********-1*****3' and the encrypted version 'AQUAAAAA*****AAAFsDqMufL3X0jX2NrAQUAAA=='. Profile imports fine, no errors, but it's not importing as a domain account.

    Somugo, did you have any luck with this?