[LDAPCPSE] After adding a LDAPS connection as second option, going to global config page will error out #203
Comments
|
@desmondkung this is clearly unexpected. You can add an LDAPS entry using this PowerShell script: Add-Type -AssemblyName "Yvand.LDAPCPSE, Version=1.0.0.0, Culture=neutral, PublicKeyToken=80be731bc1a1a740"
$config = [Yvand.LdapClaimsProvider.LDAPCPSE]::GetConfiguration()
$settings = $config.Settings
# Add a new lDAP Connection
$ldapConnection = New-Object "Yvand.LdapClaimsProvider.Configuration.LdapConnection"
$ldapConnection.LdapPath = "LDAP://contoso.local:636/DC=contoso,DC=local"
$ldapConnection.Username = "<account>"
$ldapConnection.Password = "<password>"
$ldapConnection.EnableAugmentation = $true
$settings.LdapConnections.Add($ldapConnection)
$config.ApplySettings($settings, $true)To understand your scenario, can you send the output of this: $trust = Get-SPTrustedIdentityTokenIssuer "YOUR_SPTRUST_NAME"
$trust.ClaimTypeInformation | fl MappedClaimType, IsIdentityClaim |
|
Hi @Yvand, MappedClaimType: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn |
|
Is there a way to reset all LDAPCPSE settings back to default via PowerShell so that I can try again? Including the removal of the recently added LDAPS connection. |
|
current ldap settings |
You can run those commands to delete and recreate the configuration: [Yvand.LdapClaimsProvider.LDAPCPSE]::DeleteConfiguration()
[Yvand.LdapClaimsProvider.LDAPCPSE]::CreateConfiguration() |
|
|
Another way to reproduce.
|
|
Can you check the SharePoint log on the server running CA, filter on Produt/Area LDAPCP, and verify if errors/messages are recorded? |
|
There's only 1 line if I filter ULS logs via Product.
|
|
@desmondkung the log is not giving more information. I would really like to understand the root cause: Are you able to repro the issue, whatever you type in the new LDAP connection? Can you repro if you remove the default LDAP connection? |
I can try tomorrow morning. BTW, the log you referring to, does it include the ULS log I sent to your mail? |
|
Yes, basically I'm curious if you can reproduce the issue even with typing dummy data, e.g. Yes, I reviewed the log you sent, and it contains nothing helpful |
|
Sent you 3 problem step recorder files for the following scenarios. All of them have identical error.
|
|
@desmondkung the error happens because there is no group claim type set in the trust in your environment. In the meantime, you can fix the issue in the current version by removing the group claim type from the LDAPCPSE configuration, using the script below: Add-Type -AssemblyName "Yvand.LDAPCPSE, Version=1.0.0.0, Culture=neutral, PublicKeyToken=80be731bc1a1a740"
$config = [Yvand.LdapClaimsProvider.LDAPCPSE]::GetConfiguration()
$settings = $config.Settings
$settings.ClaimTypes.Remove($settings.ClaimTypes.GroupIdentifierConfig)
$config.ApplySettings($settings, $true) |
|
Alright! I'll test this out tomorrow morning =) |
|
Error: Value cannot be null. Parameter name: type. |
|
weird that I did not repro it, but it should be fixed in b4c5d97 |
|
I think the only way left to tell would be to deploy the new release once your pull request is done. |
* fix #203 * Update CHANGELOG.md * update test in GroupIdentifierEncodedValuePrefix * delete group claim type if None is selected
|
I just published a nightly build which contains this fix |
|
Just tested. No more error messages =) Will the release build be created soon? Else, I might just use this nightly first. |
|
Thanks for confirming! |
* Update AssemblyInfo.cs * Update GlobalSettings.ascx * Update GlobalSettings.ascx * Fix error if group claim type does not exist in the trust (#207) * fix #203 * Update CHANGELOG.md * update test in GroupIdentifierEncodedValuePrefix * delete group claim type if None is selected * Ignore case when comparing claim types (#205) * ignore case when comparing claim types * Update CHANGELOG.md * Update CHANGELOG.md * add server-side member NoValueSelected to test "None" * Add property max search results count (#211) * initial work * work * Fix uninitialized properties (#212) * Update LDAPProviderConfiguration.cs * remove deprecated pipelines * test if ClaimsPrincipal.Identity is null * Add helper methods to get/delete a directory connection in the configuration * ask for confirmation before deleting connection * fix repository name hosting the reusable workflows * update build workflow
Hi Yvand, after adding a LDAPS connection as a second option and saving it, going back to the global config page will error out with "Exception of type 'SystemArgumentException' was thrown. Parameter name: claimType.
I need help to see the current claimTypes via PowerShell and to edit them if necessary.
Based on old docs, I can add type using 'Assembly Name="Yvand.LDAPCPSE, Version=1.0.0.0, Culture=neutral, PublicKeyToken=80be731bc1a1a740" '
What about the second line? How do I adapt the following to fit LDAPCPSE?
$config = [ldapcp.LDAPCPConfig]::GetConfiguration("LDAPCPConfig")
The text was updated successfully, but these errors were encountered: