3.2 Example 2: Active Directory: People Picker Browse Display UI

This example describes the requests that are made when a search for a valid Active Directory User is made from the EUC computer by entering a search string that matches a User's display name, and when that user is located, that User is added to the current Site. The main member protocol used in this sequence is [MS-WSSFO] covering the stored procedures listed in the steps. The sequence diagram has been broken into three figures for reasons of length. The three figures in this section should be viewed as a single sequence. This specific example is for Active Directory operations involving Windows SharePoint Services 3.0.

214185c5-6f78-4fdf-87b1-4fe2497e8867

Figure 8: People Picker Browse Display UI, steps 1 through 18

2290d528-d994-4f22-8fa9-9b7d0db927dc

Figure 9: People Picker Browse Display UI, steps 19 through 37

6376854c-8f74-4c25-8de2-7d2799c8d98b

Figure 10: People Picker Browse Display UI, steps 38 through completion

This scenario is initiated from the "Select People and Groups – Web page Dialog." A user enters a search string in the "Find" text field and then clicks the search icon. For the sake of simplicity, it is assumed that the user has Add privileges for the current Site Group.

The following actions happen:

  1. The EUC first sends a request to the WFE to search for the desired User display name.

  2. The WFE sends an LDAP Global Catalog Search Request to the DC asking for any match in the whole subtree for user or group objects with attributes that contain the search string (a wildcard search version of the User display name) in one of the following attributes:

    • User objects: 'name', 'displayName', 'cn', 'sn', 'SamAccountName', 'mail', SMTP or sip 'proxyAddresses' attributes.

    • Group objects: 'name', 'displayName', 'cn', or 'SamAccountName' attributes.

  3. The DC responds with an LDAP Global Catalog Search Response containing both user and group objects that match the search string.

  4. The WFE initializes information about the Site and its Users by calling the proc_GetTpWebMetadataAndListMetadata Stored Procedure using TDS.

  5. The BEDS returns five Result Sets:

    • Web URL Result Set, which returns the Store-Relative URL of the root of the Site.

    • Domain Group Cache Versions Result Set, which returns information about the version numbers associated with the Domain Group map cache for this Site.

    • Domain Group Cache WFE Update Result Set, which returns information to be used in recomputing the Domain Group map cache for the Site.

    • Site Metadata Result Set, which returns specialized Site Metadata.

    • Event Receivers Result Set, which returns information about the Event Receivers defined for the Site.

  6. The WFE continues collecting information about the Site's User List by calling the proc_GetListMetadataAndEventReceivers Stored Procedure.

  7. The BEDS returns the following four Result Sets:

    • The List Metadata Result Set, which returns the permissions associated with the User List.

    • The NULL Unique Permissions Result Set, which indicates that unique permissions do not exist for the List.

    • The List Event Receivers Result Set, which is empty because there are no Event Receivers defined for this List.

    • The List Web Parts Result Set, which contains information about the List view pages.

  8. The WFE creates a Dynamic SQL query that searches for the submitted search string in the user information list, looking for a match in the display name, account name or email address columns.

  9. The BEDS returns one empty Dynamic SQL Result Set, indicating that a match was not found.

  10. The WFE displays the display name received from the DC as a candidate for selection.

  11. The end user clicks "Add," then "OK". The EUC closes the dialog and redirects the user to the User Information List Web page.

  12. The WFE negotiates authentication with the DC and then sends an LDAP search request to the DC for an object that has a SID attribute equal to the value obtained from the DC in Step 3.

  13. The DC sends an LDAP Search Result containing the attributes of the Active Directory User object.

  14. The WFE again initializes by gathering information about the Site by calling the proc_GetTpWebMetadataAndListMetadata Stored Procedure.

  15. The BEDS returns five Result Sets:

    • The Web URL Result Set, which contains the Store-Relative URL of the root of the Site.

    • The Domain Group Cache Versions Result Set, which contains information about the version numbers associated with the Domain Group map cache for this Site.

    • The Domain Group Cache WFE Update Result Set, which contains information to be used in recomputing the Domain Group map cache for the Site.

    • The Site Metadata Result Set, which contains Site Metadata.

    • The Event Receivers Result Set, which contains information about the Event Receivers defined for the Site.

  16. The WFE sends a request to the BEDS to find security principals that might have login name, display name, or email information matching the user account name returned from the DC. It does so by calling the proc_SecResolvePrincipal Stored Procedure.

  17. The BEDS responds with a return code, but no Result Sets are returned, indicating that no matches were found.

  18. The WFE renders the name as resolved.

  19. The end user clicks "OK" on the "Add Users" page, sending a request to the WFE to add the user to the Site and Site Group.

  20. The WFE negotiates authentication with the DC, and then sends an LDAP search request to the DC for an object that has a SID attribute equal to the value obtained from the DC in Step 3.

  21. The DC sends an LDAP Search Result containing the attributes of the Active Directory User object.

  22. The WFE initializes again by calling the proc_GetTpWebMetadataAndListMetadata Stored Procedure.

  23. The BEDS returns the following 14 Result Sets:

    • The Web URL Result Set, which contains the URL of the Site.

    • The Domain Group Cache Versions Result Set, which contains information about the version numbers associated with the Domain Group map cache for this Site.

    • The Domain Group Cache WFE Update Result Set, which contains binary data needed to refresh the Domain Group map cache.

    • The Site Metadata Result Set, which contains Site Metadata.

    • The Event Receivers Result Set, which contains information about the Event Receivers that are defined for this Site.

    • The Site Category Result Set, which contains the categories of this Site.

    • The Site Metainfo Result Set, which contains the specialized Site Metadata.

    • The Site Feature List Result Set, which contains the List of default Feature identifiers for the Site Collection that contains this Site.

    • The Site Feature List Result Set, which contains the List of Feature identifiers of this Site.

    • An Empty Result Set, which is a Placeholder set.

    • The List Metadata Result Set, which contains the Metadata associated with the specified Document List.

    • The NULL Unique Permissions Result Set, which indicates that there are no special permissions set on the User information list.

    • The Event Receivers Result Set, which contains information about the Event Receivers defined for the Document List.

    • The List Web Parts Result Set, which contains information about the List view pages defined for the user information List.

  24. The WFE sends a request to resolve the selected user names by calling the proc_SecResolvePrincipal Stored Procedure.

  25. The BEDS responds with a Return Code, but no Result Sets are returned, indicating that the user was not found.

  26. The WFE creates a Dynamic SQL query that selects information from the Sec_SiteGroupsView.

  27. The BEDS Returns a Dynamic SQL Result Set with all Site Group Membership Levels signifying the owner of all groups.

  28. The WFE builds a Dynamic Query to determine whether the current user has permission to add a user to the group. It does this by calling the proc_SecGetUsersPermissionsOnGroup Stored Procedure.

  29. The BEDS returns one Dynamic SQL Result Set, which contains one record for the current group, indicating that the current user does not directly have permission to add a user to the group, and is not the owner of the group.

  30. The WFE requests the site map by calling the proc_getSiteMapById Stored Procedure.

  31. The BEDS returns the Site Map By Id Result Set.

  32. The WFE builds a Dynamic Transactional SQL Query to add the User to the Site Collection. The following actions happen:

    1. The transaction begins.

    2. An attempt to add a user to the UserInfo table is performed by calling the proc_SecAddUser Stored Procedure.

    3. If adding the user succeeded, then an attempt to add a person List Item to the User Information List is performed. It does so by calling the proc_AddListItem stored procedure.

    4. If either adding the User to the Site Collection or adding the List Item to the User Information List failed, then the transaction is rolled back; otherwise, the transaction is committed.

  33. One result is returned from the BEDS, containing the Return Code and information about the added User.

  34. The WFE constructs a Dynamic SQL query, selecting full User information about the added User.

  35. The BEDS returns a Dynamic Result Set with the requested information.

  36. The WFE requests the BEDS to add the User to the current Site Group by calling the proc_SecAddUserToSiteGroup Stored Procedure.

  37. The BEDS responds with a Return Code, but no Result Sets are returned.

  38. The WFE negotiates authentication with the DC, and then sends an LDAP search request to the DC for an object that has a SID attribute equal to the value obtained from the DC in Step 3.

  39. The DC sends an LDAP Search Result containing the attributes of the Active Directory User object.

  40. The WFE again initializes its information about the Site by calling the proc_GetTpWebMetadataAndListMetadata Stored Procedure.

  41. The BEDS returns the following 14 Result Sets:

    • Web URL Result Set, which returns the URL of the root of the Site.

    • Domain Group Cache Versions Result Set, which returns information about the version numbers associated with the Domain Group map cache for this Site.

    • Domain Group Cache WFE Update Result Set, which returns binary data needed to refresh the Domain Group map cache.

    • Site Metadata Result Set, which returns specialized Site Metadata.

    • Event Receivers Result Set, which returns information about the Event Receivers defined for this Site.

    • Site Category Result Set, which returns the Categories of the Site.

    • Site Metainfo Result Set, which returns the specialized Site Metadata.

    • Site Feature List Result Set, which returns the List of default Feature identifiers for the Site Collection that contains this Site.

    • Site Feature List Result Set, which returns the List of Feature identifiers of this Site.

    • Empty Result Set, which is a placeholder set.

    • List Metadata Result Set, which returns the Metadata associated with the specified Document List.

    • NULL Unique Permissions Result Set, which is a placeholder set.

    • Event Receivers Result Set, which returns information about the Event Receivers defined for the Document List.

    • List Web Parts Result Set, which returns information about the List Web Parts defined for this Document List.

  42. The WFE creates a Dynamic SQL query that selects information from the Sec_SiteGroupsView view.

  43. The BEDS returns a Dynamic SQL Result Set with all Site Group Membership Levels, signifying the owner of all groups.

  44. The WFE builds a Dynamic SQL Query to obtain updated information about the Site Group to which the User was added.

  45. The BEDS returns one Dynamic SQL Result Set containing information about the Site Group.

  46. The WFE builds a Dynamic Query to determine whether the current user has permission to add a user to the group. It does this by calling the proc_SecGetUsersPermissionsOnGroup Stored Procedure.

  47. The BEDS returns one Dynamic SQL Result Set, which contains one record for the current group, indicating that the current User does not directly have permission to add a user to the group and is also not the owner of the group.

  48. The WFE builds a Dynamic SQL Query to obtain more User information for the Site Group to which the User has been added.

  49. The BEDS returns one Dynamic SQL Result Set of information about the newly added User.

  50. Control is passed back to the EUC.

 
Show: