Quantcast
Channel: LDAP/AD Claims Provider For SharePoint
Viewing all 270 articles
Browse latest View live

New Post: Query within site collection

April 5, 2016, 4:34 am
$
0
0
Thank you for your great feedback!
Please let me know if you have any issue, and feel free to rate the project (from the homepage) to show your satisfaction about it :)
Search

New Post: Disable TLS protocols

April 6, 2016, 12:40 pm
$
0
0
We are in the process of disabling TLS 1.0 and 1.1 on the server, but when I do I am no longer able to open the SharePoint page. It says the an existing connection was forcibly closed by the remote host. It works ok if I just have those two protocols enabled in the registry. We are using SharePoint 2013. Would disabling those two protocols have anything to do with this solution or do I just need to also disable the same on the ADFS server?

Thanks in advanced.

New Post: Disable TLS protocols

April 6, 2016, 11:18 pm
$
0
0
Hello, which page(s) causes this error?

New Post: AD security group\Exchange distribution list email property is missed

April 7, 2016, 1:35 am
$
0
0
Hello,
can you check SharePoint logs to validate if it calls LDAPCP?
Since it doesn't actually define a permission, I'm not sure if that should populate metadata, does the same code work for users?
thanks,
Yvan

New Post: Disable TLS protocols

April 18, 2016, 8:16 am
$
0
0
I did more searching and found out that SharePoint requires both TLS 1.0 and 1.1 so we turned them back on, on the SharePoint servers.

Thanks.

New Post: Disable TLS protocols

April 19, 2016, 5:12 am

New Post: Due to limitations of SharePoint API, do not associate LDAPCP with more than 1 SPTrustedIdentityTokenIssuer

April 19, 2016, 11:55 pm
$
0
0
but you were able to associate LDAPCP with more than 1 SPTrustedIdentityTokenIssuerassociations.
If yes, Please let me know detailed steps you have done.
I am not able to associate

New Post: Ldap connection error

April 20, 2016, 7:26 am
$
0
0
Hello Yvand,
i have found the solution to connect with LDAPCP to my Ldap Sun Server with LDAPS !

The connection string is :

LDAP Path : LDAP://ServerDNSName/uid=xxx,ou=xxx,dc=xxx
Username : uid=xxxx,ou=xxx,dc=xxx
Password : xxx

Check the FastBind box

The public certificate and root certification chain of the ldaps must be in the local store of the Sharepoint server.
I have found the solution thanks to this site : http://poshcode.org/86

Regards
Search

New Post: LDAPCP People Picker in SharePoint Multi Tenant

April 20, 2016, 12:54 pm
$
0
0
Hi Yvand,

I can see that work has been progressing on the LDAP People picker since I was her last time :)

Is there any progress as far as using this in our Multi-tenant scenario? We are now designing our SharePoint 2016 MT system.

Cheers,
Ulrik

New Post: Ldap connection error

April 21, 2016, 8:04 am
$
0
0
Great, thanks for posting the solution here!

New Post: Due to limitations of SharePoint API, do not associate LDAPCP with more than 1 SPTrustedIdentityTokenIssuer

April 21, 2016, 8:11 am
$
0
0
Hello, again, LDAPCP will not work if it is associated to several SPTrustedIdentityTokenIssuser: there is code that checks this and LDAPCP deactivate itself if so.
And it does so for very good reason: SharePoint does not let LDAPCP know for which trust it is currently called, and this information is vital to work correctly.
Thanks,
Yvan

New Post: LDAPCP People Picker in SharePoint Multi Tenant

April 26, 2016, 4:36 am
$
0
0
Hello Ulrik,
currently it's still not possible to customize LDAP filter based on the current context (web application).
Would that help if it was possible in next version through custom code only (by inheriting LDAPCP class)?
Note that the main drawback is that you won't be able to use LDAPCP administration pages
thanks,
Yvan

New Post: User names randomly getting changed

April 26, 2016, 8:09 am
$
0
0
We are using LDAP CP version: 1019992 and we had started noticing this behavior since Nov 2015. Users information within the person or group column in a SharePoint list/library gets randomly changed to a different users information when a new item is created or existing item is modified. For example if I have a person/group column called User and if it has a value Steve Jobs when a user modifies and save this item the value within the User column could randomly change from Steve Jobs to Bill Gates and it happens intermittently. It also does not necessary get changed to a same user all the time. For example in this case it can also get changed from Steve Jobs to Donald Trump. This is very intermittent behavior we had started noticing but is occurring very frequently. Can you please provide some insights on how to get this issue fixed?

New Post: LDAPCP People Picker in SharePoint Multi Tenant

April 26, 2016, 11:25 am
$
0
0
Hi Yvand,

Thank you very much for getting back to me. SharePoint in Multi Tenant mode is basically the standard release code base but doeing a scripted install and using the -partitionmode flag to enable data partitioning. The Subscription Service then allocates a unique GUID for each subscription. All data belonging to the tenant is then tagged with the Subscription ID.

Here is a quick overview: https://technet.microsoft.com/en-us/library/dn659287.aspx

We are in fact running all tenants under a single Webapp - for each Tenant/subscription we then configure people picker to restrict the search scope to the tenant OU:

We configure this using the Set-SPSiteSubscriptionConfig cmdlet with the -UserAccountDirectoryPath https://technet.microsoft.com/en-us/library/ff607622.aspx

So while running under Negotiate auth People Picker will aerch only its own OU.

This behaviour breaks for the built in people picker when the farm is configured to use ADFS auth.

Ideally we could therefore have situation where ldapcp identifies which SIte is calling the People picker, this site will have the SubscriptionID property as a GUID (always). This sub ID has a property UserAccountDirectoryPath which could then be used to restrict the search.

I don't know if any of this makes sense, however, I must admit that we have not done any recent testing of this either for built-in people picker or for ldapcp.

We will be moving forward with a Multi tenant test install of SP 2016 as soon as it's RTM code is available. That install will be configured for ADFS auth (token based)

If you could indicate if my idea of using the SubscriptionID info to restrict search could be within the scope of ldapcp. I could then have our own development team look at it.

Be hearing from you

New Post: LDAPCP People Picker in SharePoint Multi Tenant

April 27, 2016, 4:29 am
$
0
0
Hello,

ok, I understand your scenario, but I cannot say if LDAPCP would be capable of this because I don't have such setup.
But this is something you can check on your side: basically, what matters is the value of parameter "context" that SharePoint passes to methods FillSearch and FillResolve: it contains the URL and this is the only thing LDAPCP may use to apply a filter based on your needs.

So you can check the value of parameter "context" in different tenants and confirm if it contains the URL of the tenant.
Unfortunately you can't check it with LDAPCP directly, but a simple way is to create a custom claims provider that inherits LDAPCP and overrides method SetCustomConfiguration (that gets the context too).
You can find example of this if you download "LDAPCP for Developers".

Thanks,
Yvan

As a side note, it's especially important to check the value of parameter "context" when it's called from FillSearch(...SPClaim...) method, as it can be different from other methods.
Search

New Post: Ldap connection error

April 28, 2016, 7:18 am
$
0
0
Hello,
i have just forgotten the port 636 in the LDAP connection string...
So the LDAP Path is : LDAP://ServerDNSName:636/uid=xxx,ou=xxx,dc=xxx

Regards

New Post: How to use {domain} and {fqnd} tokens?

May 27, 2016, 3:48 am
$
0
0
From home page I read that:
Supports dynamics tokens "{domain}" and "{fqdn}" to add domain information on permissions to create.
I suppose these tokens allow adding qualified group names to permissions like "c:0-.t|adfs|domain\group" rather than the default unqualified name "c:0-.t|adfs|group"?

If so, how do I use it? Does it also work with domain trusts? That is when users from different domains/forests log in with 1 identity provider.

Thank you for answers and for a product, that should have been a feature of SharePoint itself.

New Post: How to use {domain} and {fqnd} tokens?

May 30, 2016, 7:40 am
$
0
0
Hello,
thank you for your feedback.
You can use them to add to values returned by LDAP Servers.
e.g. LDAP returns "role" but you want permission to be created as "domain\role", then you do so by:
  • go to central admin > security > LDAPCP claims mapping
  • edit "role" claim type and edit "Prefix to add to value returned" like this:
    {domain}\
    or:
    {fqdn}\

New Post: Not findinf users in external domain

June 1, 2016, 5:26 am
$
0
0
Hi,
I have deployed the solution to a SharePoint server which is in a forest which is formed by contoso.loc and an external domain external.loc connected to the SharePoint by ADFS.

If put the claim of the external domain in site permission as user@external.loc I am able to login to the portal, but when i search for users Im only getting users from contoso.loc and not from external.loc.

I am trying to configure the LDAP connection to the external domain as the following LDAP://OU=XX,DC=external,DC=loc
Username: user
Password: pwd

I also tried to configure the OU where the user is, but with no luck, always I am receiving the same error "The user name or password is incorrect"

Any suggestions?, thanks!!

Created Unassigned: Cannot assign permission to a group that has the same name in 2 domain forests [2532]

June 2, 2016, 4:08 am
$
0
0
Hello

Given that for role claim I have added "Prefix to add to value returned": "fqdn\", i can search and find groups in bouth domains and they get listed and i can choose from:
* domain1.local\Duplicate Group
* domain2.local\Duplicate Group

However when choosing a group and trying to create permission, LDAPCP doesn't handle it well. From ULS:

```
06.02.2016 13:38:49.44 w3wp.exe (0x7F4C) 0x2F10 LDAPCP LDAP Lookup 1337 Medium [LDAPCP] Connect to AD this server is member of, with application pool credentials e82d829d-4ac4-a00b-c963-d16364812a77
06.02.2016 13:38:49.44 w3wp.exe (0x7F4C) 0x2F10 LDAPCP LDAP Lookup 1337 Medium [LDAPCP] Connect as domain2.local\SPProfileSync to LDAP://domain2.local:636/DC=domain2,DC=local. e82d829d-4ac4-a00b-c963-d16364812a77
06.02.2016 13:38:49.45 w3wp.exe (0x7F4C) 0x2F10 LDAPCP LDAP Lookup 1337 Verbose [LDAPCP] Got 1 result(s) from LDAP://domain1.local/DC=domain1,DC=local e82d829d-4ac4-a00b-c963-d16364812a77
06.02.2016 13:38:49.52 w3wp.exe (0x7F4C) 0x48B4 LDAPCP LDAP Lookup 1337 Verbose [LDAPCP] Got 1 result(s) from LDAP://domain2.local:636/DC=domain2,DC=local b52d829d-3a4b-a00b-c963-d4789374d0bf
06.02.2016 13:38:49.52 w3wp.exe (0x7F4C) 0x2F10 LDAPCP LDAP Lookup 1337 Medium [LDAPCP] Querying of LDAP servers finished in 79ms (current timeout is 0ms) e82d829d-4ac4-a00b-c963-d16364812a77
06.02.2016 13:38:49.52 w3wp.exe (0x7F4C) 0x2F10 LDAPCP LDAP Lookup 1337 Medium [LDAPCP] Got 2 result(s) from all LDAP server(s) with query "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(| (&(objectclass=group)(sAMAccountName=duplicate group)) ))" e82d829d-4ac4-a00b-c963-d16364812a77
06.02.2016 13:38:49.52 w3wp.exe (0x7F4C) 0x2F10 LDAPCP LDAP Lookup 1337 Medium [LDAPCP] 2 permission(s) to create after filtering e82d829d-4ac4-a00b-c963-d16364812a77
06.02.2016 13:38:49.52 w3wp.exe (0x7F4C) 0x2F10 LDAPCP Claims Picking 1337 Verbose [LDAPCP] Created permission: display text: "(Role) domain1.local\Duplicate Group", value: "domain1.local\Duplicate Group", claim type: "http://schemas.microsoft.com/ws/2008/06/identity/claims/role", and filled with 0 metadata. e82d829d-4ac4-a00b-c963-d16364812a77
06.02.2016 13:38:49.52 w3wp.exe (0x7F4C) 0x2F10 LDAPCP Claims Picking 1337 Verbose [LDAPCP] Created permission: display text: "(Role) domain2.local\Duplicate Group", value: "domain2.local\Duplicate Group", claim type: "http://schemas.microsoft.com/ws/2008/06/identity/claims/role", and filled with 0 metadata. e82d829d-4ac4-a00b-c963-d16364812a77
06.02.2016 13:38:49.52 w3wp.exe (0x7F4C) 0x2F10 LDAPCP Claims Picking 1337 Unexpected [LDAPCP] Validation with LDAP lookup created 2 permissions instead of 1 expected. Aborting operation e82d829d-4ac4-a00b-c963-d16364812a77

```
The result is that the group is not added to permissions.
If i choose a group name that doesn't exist in another domain, everything is OK.



Viewing all 270 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>