I wrote a web service to query LDAP so I can merge data from AD and another LDAP source. The web service seems to work fine. It has a finder and a specific finder method.
I used BDC Metaman to create the definition and imported to MOSS. So far so good.
Mapped the user profile properties to the BDC source.
Tried to sync the profile data and it wasn't working. I was getting the following exceptions;
03/15/2008 11:20:37.92 mssdmn.exe (0x1464) 0x0090 SharePoint Portal Server User Profiles 90gy Exception (Watson Reporting Cancelled) System.UnauthorizedAccessException: Access Denied! Only site admin can access Data Source object from user profile DB. at Microsoft.Office.Server.UserProfiles.SRPSite.AdminCheck(String message) at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(IDataRecord rec) at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(String strDSName) at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site, Boolean fAllowEveryoneRead) at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site) at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.GetDataSource() at Microsoft.Office.Server.UserProfiles.BDCConnector.RefreshConfiguration(String sspName)
I found an entry in a blog here which pointed me in the right direction.
I needed to give my search account and content access account these permissions in the Personalization services permissions of Shared Services;
So that was great.
Next problem; now I get the following exception on the users which have a linked record in the secondary import connection;
03/15/2008 11:45:02.48 mssdmn.exe (0x1464) 0x0090 SharePoint Portal Server User Profiles 90gz Exception Profile Import: Exception occured when importing user: 'ai\jhancock'. Access Denied for User 'AI\spsearch'. Securable MethodInstancewith Name 'FindDirectoryUserInstance' has ACL that contains: User 'AI\administrator' with Rights 'Execute, Edit, SetPermissions, UseInBusinessDataInLists, SelectableInClients' Stack Trace: at Microsoft.Office.Server.ApplicationRegistry.MetadataModel.DataClass.ExecuteInternal(LobSystemInstance lobSystemInstance, LobSystem lobSystem, MethodInstance methodInstanceToExecute, Method methodToExecute, ParameterCollection inputParameters, Object& overrideArgs) at Microsoft.Office.Server.ApplicationRegistry.MetadataModel.Entity.ExecuteInternal(LobSystemInstance lobSystemInstance, LobSystem lobSystem, MethodInstance methodInstanceToExecute, Method methodT...
Then I realised that whilst I had set permissions for the BDC, I had not set permissions for the imported application definition.
And then... I realised that I needed to set permissions on the entity in the BDC
And HOORAY! It worked!