This project has moved. For the latest updates, please go here.

LDAP Groups

Jun 28, 2012 at 3:52 AM

Hi there. Using your tool. Is there a way to import AD Groups?

Coordinator
Jun 28, 2012 at 11:04 AM

hello,
what do you mean exactly?
LDAPCP supports AD groups by default and you can resolve them in the people picker if the claim type http://schemas.xmlsoap.org/claims/Group is defined in the trust.
Also make sure that STS associates group names (in ADFS this is referred as "Token-Groups - Unqualified Names") to this claim type.

Jul 11, 2012 at 4:55 AM

Thanks for that. we have gotten a little bit farther. We can now search for Groups with People picker, however after selecting a group in people picker, the value shows as blank. would you have any idea why this is?

Coordinator
Jul 11, 2012 at 8:24 AM

hello,
Can you be more specific with what you mean by "value show as blank" ?
You can check ULS logs and filter on category "LDAP Claim Provider" to have more information on what happens.

Jul 11, 2012 at 10:11 PM

Hi there,

thanks for the speedy reply, so I should have been more clear. I mean that if you want to add an AD group to the permissions of a list for example, you select the people picker beside the users/groups box. You then search for the group, which works fine, and double click the group, to add it. then you click OK, and there is nothing in the users/groups box, and clicking ok from there errors saying that the value cannot be empty. If you manually type the group name into the users/groups box, then check name. It resolves, and is showen, but then clicking OK again says that the value cannot be empty, and it removes the group name from the box.

Coordinator
Jul 12, 2012 at 9:36 AM

Hello,
This can happen if claim provider is not able to resolve the group as a unique value (which should not happen).
To make sure of what happens, can you filter ULS logs on category "LDAP Claim Provider" and send me the output?

Jul 13, 2012 at 1:04 AM

No worries. Thanks again for the fast responce. We managed to sort it out by reconfiguring the claims provider. There was nothing in the logs though funnily enought.