Comments (7)
Yvand
commented on August 10, 2024
Can you check SharePoint logs and filter on Product/Area LDAPCP ?
from ldapcp.
barnabus86
commented on August 10, 2024
Thanks for the quick response.
I've had a look in the logs on both of our WFE Servers and can only see the following with a Area of LDAPCP
[LDAPCP] LdapcpConfig PersistedObject changed, refreshing configuration af4b169e-bcb8-905a-1330-573c79e468af
Looking further in to the logs, i can see the following
[LDAPCP] Got 3 result(s) in 0ms from
[LDAPCP] Added permission: claim value: "", claim type: "http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" d54b169e-bc92-905a-3b7c-676cf146b6da
because Name is a protected Claim, i have mapped display name from Adfs (Adfs v4/2016) as "isregistereduser" (this is only a test environment).
Some of our users have a normal user account and a domain admin account. If i search for any of these users by name, it shows 2 results, but only displays the Domain Admin account (we wouldn't want to give these accounts permissions).
To add, we are running LDAPCP v2017.06
from ldapcp.
Yvand
commented on August 10, 2024
It's a bit weird
Can you show the claims mapping configuration in central admin > security > LDAPCP claims mapping page?
from ldapcp.
barnabus86
commented on August 10, 2024
We were previously mapping the UPN against the LDAP attribute UPN, but decided to use sAMAccountName instead. I haven't updated the ADFS claim type to "windows account name" as i already had UPN mapped as a claim type in my trusted token issuer. I'm happy to change this if you think it makes a difference.
from ldapcp.
Yvand
commented on August 10, 2024
The last row may be the cause of this: it duplicates the displayName attribute on the previous row (the "linked to identity claim" one).
But do you really need the claim type isregistereduser? I don't think it makes sense to bind a claim type to the attribute displayName: it's not unique and 2 users may have the same.
Can you try to remove isregistereduser row and see if results are returned correctly?
Otherwise, if you really need isregistereduser claim type, you may remove the displayName row "linked to identity claim"
from ldapcp.
barnabus86
commented on August 10, 2024
Hi Yvand,
Removing the isregistereduser has resolved the issue.
Thanks for the help.
LDAPCP has really saved us a lot of time in our move to ADFS Authentication.
from ldapcp.
Yvand
commented on August 10, 2024
Awesome, thank you for your feedback :)
from ldapcp.
Related Issues (20)
- LDAPCP on a non-ADFS federated setup HOT 2
- Domain groups can't be added after resolving it in people picker HOT 5
- LDAPCP on a farm with Windows / Kerberos authentication HOT 2
- need to remove the users with (role) prefix HOT 2
- Using Custom LDAPCP wsp and standard LDAPCP wsp HOT 9
- LDAP Filter for Two Classes HOT 4
- Augmentation does not work with Nintex Workflow and Other third party HOT 4
- Searching by Name on samAccountName HOT 2
- User Can't receive emails HOT 2
- EntraCP claimprovider issue HOT 4
- [LDAPCPSE] After adding a LDAPS connection as second option, going to global config page will error out HOT 21
- LDAPCPSE An item with LDAP newAttribute 'userPrincipalName' and LDAP class 'user' already exists for the object type 'User' HOT 10
- LDAPCP Second Edition - MaxSearchResultsCount. HOT 3
- [LDAPCPSE] question about search result windows size in peoplepicker HOT 4
- Filter on Active user by default HOT 5
- Unable to Connect to LDAP for the following reason: Unknow error (0x80005000) HOT 8
- Security regrading the package HOT 3
- Challenges with User Identification and Activity Logging in LDAPCP on SharePoint 2013 HOT 1
- Properties DirectoryObjectAttribute and DirectoryObjectClass are required HOT 13
- Claims augmentation nested groups depth HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ldapcp.