Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
ManifoldCF 1.5
-
None
Description
It looks like, at least in some cases, in SharePoint 2010 it is not SharePoint groups that correspond to AD groups, but rather SharePoint users that correspond to AD groups. For example:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <GetUserCollectionFromGroupResponse xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/"> <GetUserCollectionFromGroupResult> <GetUserCollectionFromGroup> <Users> <User ID="3620" Sid="" Name="Axxx Dxxx" LoginName="i:0#.w|domain\dxxx" Email="..." Notes="" IsSiteAdmin="False" IsDomainGroup="False" Flags="0"/> <User ID="1199" Sid="" Name="itstrain" LoginName="i:0#.w|domain\itstrain" Email="..." Notes="" IsSiteAdmin="False" IsDomainGroup="False" Flags="0"/> <User ID="2871" Sid="" Name="Law Library helpdesk account" LoginName="i:0#.w|domain\reflaw" Email="..." Notes="" IsSiteAdmin="False" IsDomainGroup="False" Flags="0"/> <User ID="5135" Sid="" Name="Library Desk - GP" LoginName="i:0#.w|domain\lib-deskgp" Email="" Notes="" IsSiteAdmin="False" IsDomainGroup="False" Flags="0"/> <User ID="5899" Sid="" Name="DOMAIN\$0kjf00-gcsje70g79fm" LoginName="c:0+.w|s-1-5-21-3052554794-3770484871-3874881240-511616" Email="" Notes="" IsSiteAdmin="False" IsDomainGroup="True" Flags="0"/> </Users> </GetUserCollectionFromGroup> </GetUserCollectionFromGroupResult> </GetUserCollectionFromGroupResponse> </soap:Body> </soap:Envelope>
We therefore need to look at child users of groups to come up with the right tokens. Furthermore, the SharePoint/AD authority should always generate user tokens, not group tokens.