I’ve just finished adding a new feature to SLK 1.7 which allows the Domain Group Enumeration of members to be swapped out for an alternative implementation. This is pretty much an edge case, which isn’t going to be needed by the vast majority of SLK users, but it has allowed me to add an implementation which prevents domain groups being used to assign to.
The reason I added this functionality is that a customer had a need, was willing to pay to get it developed in the timescale they needed and I decided it wouldn’t negatively impact the project. They needed it as they were using Active Directory Federation Services and had implemented some custom functionality in their projects which allowed them to associate users in the federated domains, with local Active Directory groups. Of course, SLK didn’t understand this, and couldn’t link the membership of the groups with the federated users. As SLK is a key part of their SharePoint implementation this was a problem.
They could have used the federated users in SharePoint groups which would have worked out of the box with SLK, but decided that it didn’t fit in with their architecture. So we figured out a pluggable method of enumerating the group members would work best. They can write a class which understands their architecture and just plug it into SLK.
Do Not User Active Directory Groups Implementation
As part of the implementation I’ve created a plug in which prevents the use of Active Directory groups for assigning work through SLK. This was mainly as a test case for the pluggable architecture, but I choose this as it is a potentially useful functionality rather than just a random test. When this plug in is chosen no active directory groups are displayed when choosing SLK Members. The two main areas where SLK Members are displayed are the assignment properties page when creating or editing an assignment and the SLK Members web part.
I don’t expect this to be used very often, but I can see the occasional use of it.
This is configured in the SlkSettings.xml file i.e. at the site collection + level. To configure it you add a DomainGroupEnumerator element just before any Query elements.
The DomainGroupEnumerator has two attributes:
- Type. This is the fully qualified type name of the class which is being plugged in.
- Assembly. This is the strong name of the assembly containing the type.
- So for the Do Not Use AD Groups implementation the configuration entry would be:
<DomainGroupEnumerator Type="Microsoft.SharePointLearningKit.DomainGroupEnumeratorNoGroups" Assembly="Microsoft.SharePointLearningKit, Version=184.108.40.206, Culture=neutral, PublicKeyToken=24e5ae139825747e"/>
As this is part of the SLK project there is a short version of it which is
To use the default implementation, which enumerates AD groups just leave out the DomainGroupEnumerator element or have an empty Type.
Implementing Your Own Domain Group Enumerator
To implement your own version of a Domain Group Enumerator, all you need to do is:
- Be using a version of SLK which supports this functionality. i.e. 1.7 onwards, or source code change set 683742a29967 onwards (24 March 2012).
- Create a class inheriting from DomainGroupEnumerator.
- Override the method EnumerateGroup. The method signature is:
public abstract DomainGroupEnumeratorResults EnumerateGroup(SPUser
domainGroup, SPWeb web, TimeSpan timeRemaining, bool hideDisabledUsers);
The parameters are:
- SPuser domainGroup.
- SPWeb web: The SPWeb the permission is for. This may be needed to add users to SharePoint if they aren’t already added. Used by the default implementation as not all group members may have accessed SharePoint before. May not be needed for other implementation.
- TimeSpan timeRemaining: The time remaining to enumerate all groups. This can be ignored as SLK will check it before enumerating any more groups if there are any. Used by the default implementation to check time elapsed before enumerating nested groups.
- bool hideDisabledUsers: Whether to hide disabled members of the group. Primarily used by the default implementation.
The return value is a DomainGroupEnumeratorResults. This has 3 properties which must be set by the implementation:
- IncludeGroup. bool. Whether to include the group in the SLK membership. Defaults to true.
- Users. List<SPUser>. Add the group members to this list.
- Errors. List<string>. Add any errors to this list.
If you want to look at the two included implementation, all the domain group enumerator classes are in the source code in Slk\Dll\enumerateDomainGroups.