Comments (21)
Sent you 3 problem step recorder files for the following scenarios. All of them have identical error.
- With default LDAP
- With no LDAP
- With default LDAP and random LDAP
from ldapcp.
@desmondkung the error happens because there is no group claim type set in the trust in your environment.
I opened PR #207 to handle this correctly.
In the meantime, you can fix the issue in the current version by removing the group claim type from the LDAPCPSE configuration, using the script below:
Add-Type -AssemblyName "Yvand.LDAPCPSE, Version=1.0.0.0, Culture=neutral, PublicKeyToken=80be731bc1a1a740"
$config = [Yvand.LdapClaimsProvider.LDAPCPSE]::GetConfiguration()
$settings = $config.Settings
$settings.ClaimTypes.Remove($settings.ClaimTypes.GroupIdentifierConfig)
$config.ApplySettings($settings, $true)
from ldapcp.
Alright! I'll test this out tomorrow morning =)
from ldapcp.
I just published a nightly build which contains this fix
from ldapcp.
Just tested. No more error messages =) Will the release build be created soon? Else, I might just use this nightly first.
Thank you so much!
from ldapcp.
@desmondkung this is clearly unexpected. You can add an LDAPS entry using this PowerShell script:
Add-Type -AssemblyName "Yvand.LDAPCPSE, Version=1.0.0.0, Culture=neutral, PublicKeyToken=80be731bc1a1a740"
$config = [Yvand.LdapClaimsProvider.LDAPCPSE]::GetConfiguration()
$settings = $config.Settings
# Add a new lDAP Connection
$ldapConnection = New-Object "Yvand.LdapClaimsProvider.Configuration.LdapConnection"
$ldapConnection.LdapPath = "LDAP://contoso.local:636/DC=contoso,DC=local"
$ldapConnection.Username = "<account>"
$ldapConnection.Password = "<password>"
$ldapConnection.EnableAugmentation = $true
$settings.LdapConnections.Add($ldapConnection)
$config.ApplySettings($settings, $true)
To understand your scenario, can you send the output of this:
$trust = Get-SPTrustedIdentityTokenIssuer "YOUR_SPTRUST_NAME"
$trust.ClaimTypeInformation | fl MappedClaimType, IsIdentityClaim
from ldapcp.
Hi @Yvand,
MappedClaimType: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
IsIdentityClaim: True
from ldapcp.
Is there a way to reset all LDAPCPSE settings back to default via PowerShell so that I can try again? Including the removal of the recently added LDAPS connection.
from ldapcp.
current ldap settings
Identifier : fe5fe0de-8c6a-48f6-8fff-d28e704771b6
LdapPath : Connect to SharePoint domain
Username :
Password :
AdditionalMetadata :
AuthenticationType : Secure, Signing, Sealing
UseDefaultADConnection : True
EnableAugmentation : False
GetGroupMembershipUsingDotNetHelpers : False
GroupMembershipLdapAttributes : {memberOf, uniquememberof}
LdapEntry : System.DirectoryServices.DirectoryEntry
LdapEntryServerAndPort : LDAP://<removed>
InitializationSuccessful : False
DomainName :
DomainFQDN :
DomaindistinguishedName :
UpgradedPersistedProperties : {}
Identifier : 9b9ec788-ad57-44e8-841d-5dabc8107cac
LdapPath : LDAP://<removed>
Username : <domain\username removed>
Password : <removed>
AdditionalMetadata :
AuthenticationType : Secure, Signing, Sealing
UseDefaultADConnection : False
EnableAugmentation : False
GetGroupMembershipUsingDotNetHelpers : False
GroupMembershipLdapAttributes : {memberOf, uniquememberof}
LdapEntry : System.DirectoryServices.DirectoryEntry
LdapEntryServerAndPort : LDAP://<removed>
InitializationSuccessful : False
DomainName :
DomainFQDN :
DomaindistinguishedName :
UpgradedPersistedProperties : {}
from ldapcp.
Is there a way to reset all LDAPCPSE settings back to default via PowerShell so that I can try again? Including the removal of the recently added LDAPS connection.
You can run those commands to delete and recreate the configuration:
[Yvand.LdapClaimsProvider.LDAPCPSE]::DeleteConfiguration()
[Yvand.LdapClaimsProvider.LDAPCPSE]::CreateConfiguration()
from ldapcp.
- I've deleted and re-created the configuration via PowerShell by running those two commands.
- In central admin, I deleted the default LDAP connection to SharePoint domain and added only the LDAP server I want to connect to.
- Clicked on the "Test LDAP Connection" and it passed.
- Clicked on "Add LDAP Connection", then click on "OK" at the top.
- Back at the Security page, click on "Global configuration" and error appears.
from ldapcp.
Another way to reproduce.
- Delete and re-create the configuration via PowerShell.
- In central admin, go to security, click on global configuration.
- Click on "OK" button at the top.
- Back at the Security page, click on "Global configuration" and error appears.
from ldapcp.
Can you check the SharePoint log on the server running CA, filter on Produt/Area LDAPCP, and verify if errors/messages are recorded?
from ldapcp.
There's only 1 line if I filter ULS logs via Product.
"Successfully updated configuration 'LDAPCPSEConfig' with Id <guid>"
from ldapcp.
@desmondkung the log is not giving more information. I would really like to understand the root cause: Are you able to repro the issue, whatever you type in the new LDAP connection? Can you repro if you remove the default LDAP connection?
from ldapcp.
@desmondkung the log is not giving more information. I would really like to understand the root cause: Are you able to repro the issue, whatever you type in the new LDAP connection? Can you repro if you remove the default LDAP connection?
I can try tomorrow morning.
To make sure I understand correctly, are you asking if I remove the default LDAP connection, leaving it with no LDAP connection, will the issue occur?
BTW, the log you referring to, does it include the ULS log I sent to your mail?
from ldapcp.
Yes, basically I'm curious if you can reproduce the issue even with typing dummy data, e.g. LDAP://whatever
.
Or, if it requires a specific test.
And also, if depends whever the default connection is present or not.
I'm sure it is a bug, but right now I cannot repro it. I hope I will be able to repro with your help
Yes, I reviewed the log you sent, and it contains nothing helpful
from ldapcp.
Error: Value cannot be null. Parameter name: type.
from ldapcp.
weird that I did not repro it, but it should be fixed in b4c5d97
from ldapcp.
I think the only way left to tell would be to deploy the new release once your pull request is done.
from ldapcp.
Thanks for confirming!
from ldapcp.
Related Issues (20)
- Replay LDAP query test returned user account result but people picker doesn't return this user account HOT 8
- Target Audience not working for LDAPCP groups added to sharepoint groups HOT 6
- LDAPCP on a non-ADFS federated setup HOT 2
- Domain groups can't be added after resolving it in people picker HOT 5
- LDAPCP on a farm with Windows / Kerberos authentication HOT 2
- need to remove the users with (role) prefix HOT 2
- Using Custom LDAPCP wsp and standard LDAPCP wsp HOT 9
- LDAP Filter for Two Classes HOT 4
- Augmentation does not work with Nintex Workflow and Other third party HOT 4
- Searching by Name on samAccountName HOT 2
- User Can't receive emails HOT 2
- EntraCP claimprovider issue HOT 4
- LDAPCPSE An item with LDAP newAttribute 'userPrincipalName' and LDAP class 'user' already exists for the object type 'User' HOT 10
- LDAPCP Second Edition - MaxSearchResultsCount. HOT 3
- [LDAPCPSE] question about search result windows size in peoplepicker HOT 4
- Filter on Active user by default HOT 5
- Unable to Connect to LDAP for the following reason: Unknow error (0x80005000) HOT 8
- Security regrading the package HOT 3
- Challenges with User Identification and Activity Logging in LDAPCP on SharePoint 2013 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ldapcp.