Comments (5)
Yvand
commented on August 10, 2024
Hello,
when you leave the LDAPCP admin page and return to it, can you confirm that the check box "This is an Active Directory server, use UserPrincipal.GetAuthorizationGroups" remains unchecked?
Did you try to refresh the non-interactive token in a new PowerShell process, that you start after you changed the setting?
from ldapcp.
Bastien-RB
commented on August 10, 2024
Yes the box is unchecked after come back
the lifetime is 1 minute
from ldapcp.
Bastien-RB
commented on August 10, 2024
I cleared the sharepoint cache on the Front end (C:\ProgramData\Microsoft\SharePoint\Config) And Its resolved the problem thanks for you help
from ldapcp.
Yvand
commented on August 10, 2024
Sure, thanks ! :)
from ldapcp.
sergey-tihon
commented on August 10, 2024
One important NOTE for everyone who troubleshoot augmentation.
Important note
Following LDAP server connection is incorrect (even if Test LDAP connection works)
you should use distinguished name of LDAP server
What's going on
0x80005000 means An invalid ADSI pathname was passed. (Verify that the object exists on the directory server and check for typographic errors of the path.)
If you take a look at the code
Lines 950 to 969 in 985b207
you will see that LDAPCP build domainFQDN using DCs, if they omitted domainFQDN will be equal to String.Empty and when you turn on This is an Active Directory server, use UserPrincipal.GetAuthorizationGroups on this LDAP Server you will see following error in logs
[LDAPCP] Unexpected error occurred while getting AD groups of user [email protected] in LDAP://my.domain.com using UserPrincipal.GetAuthorizationGroups(): System.Runtime.InteropServices.COMException: Unknown error (0x80005000), Callstack:
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
at ldapcp.LDAPCP.GetGroupsFromActiveDirectory(LDAPConnection ldapConnection, OperationContext currentContext, ClaimTypeConfig groupCTConfig)
@Yvand do not you mind to mention it in docs? or even better, improve Test LDAP connection validation?
from ldapcp.
Related Issues (20)
- Searching with email address no longer possible after migrating to SharePoint 2019 HOT 3
- No result in Select People or Group dialog HOT 4
- ldaps HOT 2
- Add-SPSolution : Invalid URI: The format of the URI could not be determined. HOT 3
- How to populate second line in results HOT 6
- Is it possible to hide "Everyone" -group from People Picker? HOT 2
- People Picker Filtering HOT 2
- LDAPs HOT 2
- Force LDAPCP to USE Port 636 HOT 17
- Augmentation does not work with OpenDJ HOT 5
- Augmentation and workflow permissions HOT 4
- Unable to remove email address from people picker popup without breaking quickedit on 2019/SE. HOT 9
- Default logging level triggers Health Analyzer rule HOT 2
- In Central Administration can't see ADFS users in people picker HOT 12
- Augmentation uses SimpleBind regardless of LDAPConnectionsProp.AuthenticationSettings HOT 5
- Additional LDAP filter for user attributes applies to group HOT 2
- Confusion by using LDAPCP with SharePoint Subscription Edition HOT 2
- "Check Permissions" token cache HOT 2
- Claims matching in ULS Logs HOT 6
- People picker is showing another domain users which is not configured in LDAP Connection HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ldapcp.