Comments on: Filtering the SharePoint People Picker Results

By: Rob

Rob — Tue, 02 Mar 2010 14:28:30 +0000

Another option, again limited to site collections, is to specify the OU for users for the site:

stsadm -o setsiteuseraccountdirectorypath -path “CN=Sales,DC=ContosoCorp,DC=local” –url http://server_name

which is great for locking down the users with access to a particular site. Sorry I can’t help with subsites though!

By: Rob

Rob — Tue, 02 Mar 2010 11:26:15 +0000

@Greg
Actually, Greg, on reflection, the situation is even worse for you than I first thought! The PeoplePicker actually returns users from two locations – from a direct query against Active Directory (or whatever directory services you’ve set up), and against users that have actually “hit” the site collection … not subsite. Even if you wrote a specific LDAP query that managed to overcome the issue, you’ll still have incorrect users returned, I believe

A redesign based on site collections, writing a custom plugin to replace the people picker, or simply locking down the entire people picker from external access would seem to be your only options, in my opinion, of course.

By: Rob

Rob — Tue, 02 Mar 2010 11:07:36 +0000

@Greg
Bad news, Greg. The security model (as relates to the peeople picker) is based around the Site Collection, not subsites. If you use site collections, then

stsadm -o setproperty –url http:// –pn peoplepicker-onlysearchwithinsitecollection –pv yes

would do exactly what you need. I’m not an LDAP specialist, and altering the query will affect the entire web application, so you need to be careful, but it might be possible to write custom LDAP scripts to return an appropriate subset of users with either the custom filter or custom query options, depending on your directory services configuration.

Out of the tin, SharePoint seems designed to work with Site Collections being the security scope, though, not subsites within them. Sorry for the negative response – I think you’d be better off working with site collections for customers, not subsites.

By: Greg

Greg — Mon, 01 Mar 2010 18:47:13 +0000

@Rob
I have an issue where we are using subsite for different customers. When people participate on these separate subsites they can view all contacts (all of our customers) when searching using the people picker. Very Bad. Is there a way to only return results based on who has access ot that subsite?

Thanks
Greg

By: Rob

Rob — Fri, 06 Nov 2009 15:37:12 +0000

Viraj – If you want to carry out totally custom queries based on lists with SharePoint itself, you’ll need to write a custom component to return the user list, not the People Picker. By its nature, the People Picker is designed to work with SharePoint and Active Directory Security – users assigned to the Site Collection, or in certain groups in AD, for example. Writing a dedicated webpart to return people for security based on lists should be pretty straightforward, but its a task I’d hand over to my development team.

By: Viraj Vashi

Viraj Vashi — Fri, 06 Nov 2009 14:33:03 +0000

I have one query related with people picker.
I want to allow to search only those users who are assigned for respective project in people picker.
I am explaining you my requirement in details:
I have tow custom lists.
One is CustomList_Project:
In CustomList_Project custom list, i have following columns:
1) Project name: Textbox(User enter project name)
2) Assigned To: People picker(User assigned for this project)

Second is: CustomList_Second
1) Project name(which is lookup control and whose values come from CustomList_Project(which is custom list)
2) GetProjectOwner : People picker: When i select project name then it would only allow to search those users who have assigned for this project.
(By default it is comming all users)

Regards,
Viraj Vashi