Saturday, March 15, 2008

Using the BDC to sync profile data error

I wrote a web service to query LDAP so I can merge data from AD and another LDAP source. The web service seems to work fine. It has a finder and a specific finder method.

I used BDC Metaman to create the definition and imported to MOSS. So far so good.

Mapped the user profile properties to the BDC source.

Tried to sync the profile data and it wasn't working. I was getting the following exceptions;

03/15/2008 11:20:37.92     mssdmn.exe (0x1464)                         0x0090    SharePoint Portal Server          User Profiles                     90gy    Exception    (Watson Reporting Cancelled) System.UnauthorizedAccessException: Access Denied! Only site admin can access Data Source object from user profile DB.     at Microsoft.Office.Server.UserProfiles.SRPSite.AdminCheck(String message)     at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(IDataRecord rec)     at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(String strDSName)     at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site, Boolean fAllowEveryoneRead)     at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site)     at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.GetDataSource()     at Microsoft.Office.Server.UserProfiles.BDCConnector.RefreshConfiguration(String sspName)

I found an entry in a blog here which pointed me in the right direction.

I needed to give my search account and content access account these permissions in the Personalization services permissions of Shared Services;


So that was great.

Next problem; now I get the following exception on the users which have a linked record in the secondary import connection;

03/15/2008 11:45:02.48     mssdmn.exe (0x1464)                         0x0090    SharePoint Portal Server          User Profiles                     90gz    Exception    Profile Import: Exception occured when importing user: 'ai\jhancock'. Access Denied for User 'AI\spsearch'. Securable MethodInstancewith Name 'FindDirectoryUserInstance' has ACL that contains:      User 'AI\administrator' with Rights 'Execute, Edit, SetPermissions, UseInBusinessDataInLists, SelectableInClients'  Stack Trace:    at Microsoft.Office.Server.ApplicationRegistry.MetadataModel.DataClass.ExecuteInternal(LobSystemInstance lobSystemInstance, LobSystem lobSystem, MethodInstance methodInstanceToExecute, Method methodToExecute, ParameterCollection inputParameters, Object[]& overrideArgs)     at Microsoft.Office.Server.ApplicationRegistry.MetadataModel.Entity.ExecuteInternal(LobSystemInstance lobSystemInstance, LobSystem lobSystem, MethodInstance methodInstanceToExecute, Method methodT...

Then I realised that whilst I had set permissions for the BDC, I had not set permissions for the imported application definition.


And then... I realised that I needed to set permissions on the entity in the BDC


And HOORAY! It worked!

1 comment:

gbelzile said...

Thank you so much! You just made my day!