3.2 Example 2: Active Directory: People Picker Browse Display UI

This example describes the requests that are made when a search for a valid Active Directory user is made from the end-user client computer by entering a search string that matches a user's display name, and when that user is located, that user is added to the current site. The main member protocol used in this sequence is [MS-WSSFO] covering the stored procedures listed in the steps. The sequence diagram has been broken into three figures because of size limitations. The three figures in this section represent a single sequence. This specific example is for Active Directory operations involving Windows SharePoint Services 3.0.

People Picker Browse Display UI, steps 1 through 18

Figure 8: People Picker Browse Display UI, steps 1 through 18

People Picker Browse Display UI, steps 19 through 37

Figure 9: People Picker Browse Display UI, steps 19 through 37

People Picker Browse Display UI, steps 38 through completion

Figure 10: People Picker Browse Display UI, steps 38 through completion

This scenario is initiated from the "Select People and Groups" dialog. A user enters a search string in the "Find" text field and then clicks the search icon. For the sake of simplicity, it is assumed that the user has Add privileges for the current site group (section 2.9.1.5).

The following actions happen:

  1. The end-user client first sends a request to the front-end web server to search for the desired User display name.

  2. The front-end web server sends a Lightweight Directory Access Protocol (LDAP) Global Catalog Search request to the domain controller (DC) asking for any match in the whole subtree for user objects or group objects with attributes that contain the search string (a wildcard search version of the user display name) in one of the following attributes:

  3. The DC responds with an LDAP Global Catalog Search response containing both user objects and group objects that match the search string.

  4. The front-end web server initializes information about the site and its users by calling the proc_GetTpWebMetadataAndListMetadata stored procedure using the Tabular Data Stream (TDS) protocol, as specified in [MS-TDS].

  5. The back-end database server returns five result sets:

    • Web URL Result Set, which returns the store-relative URL of the root of the site.

    • Domain Group Cache Versions Result Set, which returns information about the version numbers associated with the domain group map cache for this site.

    • Domain Group Cache WFE Update Result Set, which returns information to be used in recomputing the domain group map cache for the site (2).

    • Site Metadata Result Set, which returns specialized site metadata.

    • Event Receivers Result Set, which returns information about the event receivers defined for the site.

  6. The front-end web server continues collecting information about the site's user list by calling the proc_GetListMetadataAndEventReceivers stored procedure.

  7. The back-end database server returns the following four result sets:

    • List Metadata Result Set, which returns the permissions associated with the user list.

    • NULL Unique Permissions Result Set, which indicates that unique permissions do not exist for the list.

    • List Event Receivers Result Set, which is empty because there are no event receivers defined for this list (1).

    • List Web Parts Result Set, which contains information about the list view pages.

  8. The front-end web server creates a dynamic SQL query that searches for the submitted search string in the user information list, looking for a match in the display name, account name or email address columns.

  9. The back-end database server returns one empty dynamic SQL result set, indicating that a match was not found.

  10. The front-end web server displays the display name received from the DC as a candidate for selection.

  11. The end user clicks Add, then OK. The end-user client closes the dialog and redirects the user to the User Information List web page.

  12. The front-end web server negotiates authentication with the DC and then sends an LDAP Search request to the DC for an object that has a security identifier (SID) attribute equal to the value obtained from the DC in Step 3.

  13. The DC sends an LDAP Search result containing the attributes of the Active Directory user object.

  14. The front-end web server again initializes by gathering information about the site (2) by calling the proc_GetTpWebMetadataAndListMetadata stored procedure.

  15. The back-end database server returns five result sets:

    • Web URL Result Set, which contains the store-relative URL of the root of the site (2).

    • Domain Group Cache Versions Result Set, which contains information about the version numbers associated with the domain group map cache for this site (2).

    • Domain Group Cache WFE Update Result Set, which contains information to be used in recomputing the domain group map cache for the site (2).

    • Site Metadata Result Set, which contains site metadata.

    • Event Receivers Result Set, which contains information about the event receivers defined for the site (2).

  16. The front-end web server sends a request to the back-end database server to find security principals that might have login name, display name, or email address information matching the user account name returned from the DC. It does so by calling the proc_SecResolvePrincipal stored procedure.

  17. The back-end database server responds with a return code, but no result sets are returned, indicating that no matches were found.

  18. The front-end web server renders the name as resolved.

  19. The end user clicks OK on the Add Users page, sending a request to the front-end web server to add the user to the site and site group.

  20. The front-end web server negotiates authentication with the DC, and then sends an LDAP Search request to the DC for an object that has a SID attribute equal to the value obtained from the DC in Step 3.

  21. The DC sends an LDAP Search result containing the attributes of the Active Directory user object.

  22. The front-end web server initializes again by calling the proc_GetTpWebMetadataAndListMetadata stored procedure.

  23. The back-end database server returns the following 14 result sets:

    • Web URL Result Set, which contains the URL of the site (2).

    • Domain Group Cache Versions Result Set, which contains information about the version numbers associated with the domain group map cache for this site (2).

    • Domain Group Cache WFE Update Result Set, which contains binary data needed to refresh the domain group map cache.

    • Site Metadata Result Set, which contains site metadata.

    • Event Receivers Result Set, which contains information about the event receivers that are defined for this site (2).

    • Site Category Result Set, which contains the categories of this site (2).

    • Site Metainfo Result Set, which contains the specialized site metadata.

    • Site Feature List Result Set, which contains the list of default feature identifiers for the site collection that contains this site.

    • Site Feature List Result Set, which contains the list of feature identifiers of this site (2).

    • Empty Result Set, which is a placeholder set.

    • List Metadata Result Set, which contains the metadata associated with the specified document list.

    • NULL Unique Permissions Result Set, which indicates that there are no special permissions set on the user information list.

    • Event Receivers Result Set, which contains information about the event receivers defined for the document list (1).

    • List Web Parts Result Set, which contains information about the list view pages defined for the user information list (1).

  24. The front-end web server sends a request to resolve the selected user names by calling the proc_SecResolvePrincipal stored procedure.

  25. The back-end database server responds with a return code, but no result sets are returned, indicating that the user was not found.

  26. The front-end web server creates a dynamic SQL query that selects information from the Sec_SiteGroupsView.

  27. The back-end database server returns a dynamic SQL result set with all site group membership levels signifying the owner of all groups.

  28. The front-end web server builds a dynamic SQL query to determine whether the current user has permission to add a user to the group. It does this by calling the proc_SecGetUsersPermissionsOnGroup stored procedure.

  29. The back-end database server returns one dynamic SQL result set, which contains one record for the current group, indicating that the current user does not directly have permission to add a user to the group, and is not the owner of the group.

  30. The front-end web server requests the site map by calling the proc_getSiteMapById stored procedure.

  31. The back-end database server returns the Site Map by Id Result Set.

  32. The front-end web server builds a dynamic transactional SQL Query to add the user to the site collection. The following actions happen:

    1. The transaction begins.

    2. An attempt to add a user to the UserInfo table is performed by calling the proc_SecAddUser stored procedure.

    3. If adding the user succeeded, then an attempt to add a person list item to the User Information List is performed. It does so by calling the proc_AddListItem stored procedure.

    4. If either adding the user to the site collection or adding the list item to the User Information List failed, then the transaction is rolled back; otherwise, the transaction is committed.

  33. One result is returned from the back-end database server, containing the return code and information about the added user.

  34. The front-end web server constructs a dynamic SQL query, selecting full user information about the added user.

  35. The back-end database server returns a dynamic SQL result set with the requested information.

  36. The front-end web server sends a request to the back-end database server to add the user to the current site group by calling the proc_SecAddUserToSiteGroup stored procedure.

  37. The back-end database server responds with a return code, but no result sets are returned.

  38. The front-end web server negotiates authentication with the DC, and then sends an LDAP Search request to the DC for an object that has a SID attribute equal to the value obtained from the DC in Step 3.

  39. The DC sends an LDAP Search result containing the attributes of the Active Directory user object.

  40. The front-end web server again initializes its information about the site (2) by calling the proc_GetTpWebMetadataAndListMetadata stored procedure.

  41. The back-end database server returns the following 14 result sets:

    • Web URL Result Set, which returns the URL of the root of the site (2).

    • Domain Group Cache Versions Result Set, which returns information about the version numbers associated with the domain group map cache for this site (2).

    • Domain Group Cache WFE Update Result Set, which returns binary data needed to refresh the domain group map cache.

    • Site Metadata Result Set, which returns specialized site metadata.

    • Event Receivers Result Set, which returns information about the event receivers defined for this site (2).

    • Site Category Result Set, which returns the categories of the site (2).

    • Site Metainfo Result Set, which returns the specialized site metadata.

    • Site Feature List Result Set, which returns the list of default feature identifiers for the site collection that contains this site (2).

    • Site Feature List Result Set, which returns the list of feature identifiers of this site (2).

    • Empty Result Set, which is a placeholder set.

    • List Metadata Result Set, which returns the metadata associated with the specified document list.

    • NULL Unique Permissions Result Set, which is a placeholder set.

    • Event Receivers Result Set, which returns information about the event receivers defined for the document list (1).

    • List Web Parts Result Set, which returns information about the list (1) Web Parts defined for this document list (1).

  42. The front-end web server creates a dynamic SQL query that selects information from the Sec_SiteGroupsView view.

  43. The back-end database server returns a dynamic SQL result set with all site group membership levels, signifying the owner of all groups.

  44. The front-end web server builds a dynamic SQL query to obtain updated information about the site group to which the user was added.

  45. The back-end database server returns one dynamic SQL result set containing information about the site group.

  46. The front-end web server builds a dynamic Query to determine whether the current user has permission to add a user to the group. It does this by calling the proc_SecGetUsersPermissionsOnGroup stored procedure.

  47. The back-end database server returns one dynamic SQL result set, which contains one record for the current group, indicating that the current user does not directly have permission to add a user to the group and is also not the owner of the group.

  48. The front-end web server builds a dynamic SQL query to obtain more user information for the site group to which the user has been added.

  49. The back-end database server returns one dynamic SQL result set of information about the newly added user.

  50. Control is passed back to the end-user client.