We would like to host multiple customers in a single WSS 3.0 web application (so we can use https instead of custom SSL ports). Because they are different customers, we don't want them to 'see' each other when doing directory lookups. We have not been able to configure WSS 3.0 to map different OUs to different site collections within the same web application. Is that even possible? Or is there another mechanism to achieve our desired behavior?
We believe we can create the desired behavior by using separate web applications for each customer, but then we loose the ability to use a common SSL port.
We can use either an AD with separate OUs for the different customers, or a custom membership provider.
What I did in SP 2003 was to make a main portal that clients didn't see or have access to - https://extranet.mycompany.com. No reason to think it wouldn't work the same or similar in 2007.
"beneath" that I created site collections for each client w/ a unique ID for each client. so client x would be https://extranet.mycompany.com/sites/1324
etc. You control access at the site collection level for site 1324 - and you can make and manage the list of sites at the extranet "parent" - granting internal users access at the parent if needed and at each individual site.
Hope that makes sense...
The solution is to use the following stsadm operation: setsiteuseraccountdirectorypath.
It also works in WSS 3.0 SP1.