Comments (8)
I don't know how you got that error.
Can you filter SharePoint logs on Product/Area "LDAPCP" to get more information?
from ldapcp.
We're having such an Issue too.
From Time to Time the People Picker Shows only entries with System.byte[]. After some time it's working again without any Change.
While Picking, the ULS Log Shows this:
05/14/2018 10:26:40.17 w3wp.exe (XXX:0x38F8) 0x5914 LDAPCP LDAP Lookup 1337 Medium [LDAPCP] Got 4 result(s) from all LDAP server(s) with query "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(| (&(objectclass=user)(userPrincipalName=rump*)(&(!(sAMAccountName=mypc*))(!(UserPrincipalName=admin_)))) (&(objectclass=group)(sAMAccountName=rump)(!(groupType:1.2.840.113556.1.4.803:=2147483652))) (&(objectclass=user)(displayName=rump*)(&(!(sAMAccountName=mypc*))(!(UserPrincipalName=admin_)))) (&(objectclass=user)(cn=rump)(&(!(sAMAccountName=mypc*))(!(UserPrincipalName=admin_)))) (&(objectclass=user)(sn=rump)(&(!(sAMAccountName=mypc*))(!(UserPrincipalName=admin_)))) (&(objectclass=user)(mail=rump)(&(!(sAMAccountName=mypc*))(!(UserPrincipalName=admin_)))) (&(objectclass=user)(SAMAccountName=rump)(&(!(sAMAccountName=mypc*))(!(UserPrincipalName=admin_)))) (&(objectclas... f1fe669e-1929-0070-dc16-bde7e9d1c479
05/14/2018 10:26:40.17 w3wp.exe (XXX:0x38F8) 0x5914 LDAPCP LDAP Lookup 1337 Medium ...s=user)(givenname=rump*)(&(!(sAMAccountName=mypc*))(!(UserPrincipalName=admin_*)))) ))" f1fe669e-1929-0070-dc16-bde7e9d1c479
05/14/2018 10:26:40.17 w3wp.exe (XXX:0x38F8) 0x5914 LDAPCP LDAP Lookup 1337 Medium [LDAPCP] 1 permission(s) to create after filtering f1fe669e-1929-0070-dc16-bde7e9d1c479
05/14/2018 10:26:40.17 w3wp.exe (XXX:0x38F8) 0x5914 LDAPCP Claims Picking 1337 Medium [LDAPCP] Added permission: claim value: "System.Byte[]", claim type: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" f1fe669e-1929-0070-dc16-bde7e9d1c479
When I select that System.byte[] object and try to use it, I get a correlation ID. ULS to this Shows it's searching for "System.byte[], result: User does not exist or isn't unique:
05/14/2018 10:26:47.03 w3wp.exe (XXX:0x38F8) 0x237C LDAPCP LDAP Lookup 1337 Medium [LDAPCP] Connecting to "LDAP://XXXXX.XX" with AuthenticationType "None" and filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(| (&(objectclass=user)(userPrincipalName=system.byte[])(&(!(sAMAccountName=mypc*))(!(UserPrincipalName=admin_)))) ))" f2fe669e-09cc-0070-dc16-b8b991804476
05/14/2018 10:26:47.05 w3wp.exe (XXX:0x38F8) 0x237C LDAPCP LDAP Lookup 1337 Medium [LDAPCP] "LDAP://XXXXX.XX" returned 0 result(s) f2fe669e-09cc-0070-dc16-b8b991804476
05/14/2018 10:26:47.05 w3wp.exe (XXX:0x38F8) 0x237C LDAPCP LDAP Lookup 1337 Medium [LDAPCP] LDAP queries on all servers completed in 11ms (current timeout is 10000ms) f2fe669e-09cc-0070-dc16-b8b991804476
05/14/2018 10:26:47.05 w3wp.exe (XXX:0x38F8) 0x237C LDAPCP LDAP Lookup 1337 Medium [LDAPCP] This LDAP query did not return any result: "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(| (&(objectclass=user)(userPrincipalName=system.byte[])(&(!(sAMAccountName=mypc))(!(UserPrincipalName=admin_*)))) ))" f2fe669e-09cc-0070-dc16-b8b991804476
05/14/2018 10:26:47.05 w3wp.exe (XXX:0x38F8) 0x237C LDAPCP Claims Picking 1337 Unexpected [LDAPCP] Validation of incoming claim returned 0 permissions instead of 1 expected. Aborting operation f2fe669e-09cc-0070-dc16-b8b991804476
05/14/2018 10:26:47.05 w3wp.exe (XXX:0x38F8) 0x237C SharePoint Foundation Authentication Authorization a7wir Unexpected GetUserInfoFromMembershipProvider: Request is in a web context and we can't find the user so we are failing. LoginName: 'i:0e.t|XXX|system.byte[]', bIsRole: 'False'. f2fe669e-09cc-0070-dc16-b8b991804476
05/14/2018 10:26:47.05 w3wp.exe (XXX:0x38F8) 0x237C SharePoint Foundation Claims Authentication ax8ng Medium ensureUserExistsInternal2: managedCodeInterop.getUserInfoFromMembershipProvider return values. bSuccess: 'False' wzLogin: 'i:0e.t|XXX|system.byte[]' wstrUserKey: '' f2fe669e-09cc-0070-dc16-b8b991804476
05/14/2018 10:26:47.05 w3wp.exe (XXX:0x38F8) 0x237C SharePoint Foundation General 8kh7 High The user does not exist or is not unique. f2fe669e-09cc-0070-dc16-b8b991804476
from ldapcp.
Checked some more:
Replay LDAP Query via Powershell: Correct UPN is delivered.
IISreset solves the problem until the next occurence.
from ldapcp.
Without a reliable repro it will be tough to troubleshoot.
- Does issue affect 1 claim type? Multiple/all?
- Do other results (in the same search) display correctly while you repro issue?
- Do you query AD servers?
from ldapcp.
We're using LDAPCP to query one active directory domain for ADFS-Claims. There is only one identity Claim (UPN) configured, some other possible claims (e.g. Name, mail, samaccountname) are mapped to this one.
When the issue occurs all claims from this domain are shown with System.byte[]. Users from another domain using windows authentication (and therefore not LDAPCP) are displayed correctly. So in fact all LDAPCP results are broken.
Additional User Information such as the title is displayed as usual in the result.
I dont' know if this is relevant, but we're using exactly the same configuration in three different farms for over one year now. So far the only farm on which this is happening is the farm using Project Server (including Project Server permission mode).
from ldapcp.
Thank you for the details, a couple more questions:
- Is UPN claim type mapped to LDAP attribute "userPrincipalName"?
- When you repro this issue in a web app, can you repro it in central administration (e.g. in "change site collection administrators" page)?
from ldapcp.
•Is UPN claim type mapped to LDAP attribute "userPrincipalName"? => Yes
•When you repro this issue in a web app, can you repro it in central administration (e.g. in "change site collection administrators" page)? => I don't know as we're normally not using LDAPCP in the Central Administration (All Admin-Accounts are in the other Domain). I will try this the next time the Issue occurs.
from ldapcp.
Hi.
We are facing exactly te same issue, but in our case IIS reset doesn't help :(
What is interesting we are using one provider for 2 web apps and on one of them everything is working fine, we are facing issues only on the second one (though it was working for sometime).
[EDIT]
I have redeployed the solution and now everything is working fine. Will keep an eye on it how long it lasts.
from ldapcp.
Related Issues (20)
- Customization in LDAP solution HOT 3
- Replay LDAP query test returned user account result but people picker doesn't return this user account HOT 8
- Target Audience not working for LDAPCP groups added to sharepoint groups HOT 6
- LDAPCP on a non-ADFS federated setup HOT 2
- Domain groups can't be added after resolving it in people picker HOT 5
- LDAPCP on a farm with Windows / Kerberos authentication HOT 2
- need to remove the users with (role) prefix HOT 2
- Using Custom LDAPCP wsp and standard LDAPCP wsp HOT 9
- LDAP Filter for Two Classes HOT 4
- Augmentation does not work with Nintex Workflow and Other third party HOT 4
- Searching by Name on samAccountName HOT 2
- User Can't receive emails HOT 2
- EntraCP claimprovider issue HOT 4
- [LDAPCPSE] After adding a LDAPS connection as second option, going to global config page will error out HOT 21
- LDAPCPSE An item with LDAP newAttribute 'userPrincipalName' and LDAP class 'user' already exists for the object type 'User' HOT 10
- LDAPCP Second Edition - MaxSearchResultsCount. HOT 3
- [LDAPCPSE] question about search result windows size in peoplepicker HOT 4
- Filter on Active user by default HOT 5
- Unable to Connect to LDAP for the following reason: Unknow error (0x80005000) HOT 8
- Security regrading the package HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ldapcp.