The user does not exist or is not unique. Error

Dec 6, 2012 at 5:00 PM

Hello, 

I seem to be getting this error when we click the OK button on the form.  The LDAPCP feature works great at searching for and resolving the user or group in the people picker but when we try to save the form it throws this error:

System.Runtime.InteropServices.COMException: The user does not exist or is not unique.    at Microsoft.SharePoint.Library.SPRequestInternalClass.UpdateMembers(String bstrUrl, UInt32 dwObjectType, String bstrObjId, Guid& pguidScopeId, Int32 lGroupID, Int32 lGroupOwnerId, Object& pvarArrayAdd, Object& pvarArrayAddIds, Object& pvarArrayLoginsRemove, Object& pvarArrayIdsRemove, Boolean bRemoveFromCurrentScopeOnly, Boolean bSendEmail)     at Microsoft.SharePoint.Library.SPRequest.UpdateMembers(String bstrUrl, UInt32 dwObjectType, String bstrObjId, Guid& pguidScopeId, Int32 lGroupID, Int32 lGroupOwnerId, Object& pvarArrayAdd, Object& pvarArrayAddIds, Object& pvarArrayLoginsRemove, Object& pvarArrayIdsRemove, Boolean bRemoveFromCurrentScopeOnly, Boolean bSendEmail) 0ce6afdc-8584-467b-86e4-77dc7be5c280

Without the feature installed we can add the user without the error being thrown.  We have turned up the logging but can't find any clue as to why we would be getting this error.  Do you have any ideas as to where to look for this issue?  

Thanks in advanced and thank you for the great feature!

Chris

Coordinator
Dec 7, 2012 at 6:56 PM

 

Hello,

Thank you for your great feedback :)

It looks like a bug: for some reason, LDAPCP found several matches instead of 1 expected.

Can you confirm this is the version for SharePoint 2013?

Do you have the problem with every value you search? Only 1 specific value?

Can you reproduce it if you try from central administration?

Can you provide me with a screenshot when you search from the big control in the central administration ? It will help me to understand which duplicates could cause the problem.

Can you please check the ULS logs and filter on category "LDAPCP", and search for the message that starts with "Create Picker Entity…" after you validate the form? You should find more than 1 entry (whereas only 1 entry is expected at this point).

Just before you will also find the LDAP query sent to LDAP, so that it could help you to figure out why multiple values are returned.

Can you also provide me with the full callstack / error message from the ULS log?

thanks

Dec 7, 2012 at 7:16 PM
Edited Dec 21, 2012 at 3:07 PM

Hi,

I'm sorry I put this in the wrong section, we are running SharePoint 2010 and having this error.  We get this error no matter what value we search for and select.  How do I attach a file so I can send you some screen shots?  Here is the ULS log, hope that it is easy enough to read.  Again, I can send you the file if I find out how to attach an attachment to the responses. 

[LDAPCP] Connect as xxxx to LDAP: LDAP://xxx
Leaving Monitored Scope ([LDAPCP] Sending LDAP query to server). Execution Time=15.7176400911289
[LDAPCP] The LDAP Query "(|(&(objectclass=user) (mail=xxx.xxx@xxx.com)))" returned 1 result(s)
Entering monitored scope (SPClaimProvider.GetLocalizedDisplayName())
Leaving Monitored Scope (SPClaimProvider.GetLocalizedDisplayName()). Execution Time=0.00754285810068039
[LDAPCP] Create PickerEntity: ResolveAsIdentityClaim: false,  Claim type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, value: xxx@xxx.com
[LDAPCP] Create PickerEntity Checking claimType: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
[LDAPCP] Create PickerEntity displayText matching claimType
[LDAPCP] Create PickerEntity entityType
[LDAPCP] Create PickerEntity Complete - ResolveAsIdentityClaim: false
[LDAPCP] Create PickerEntity Complete
Leaving Monitored Scope (SPClaimProvider.FillResolveClaim()#1). Execution Time=45.1230533489592
Leaving Monitored Scope (SPClaimProviderOperations.ResolveClaim()). Execution Time=45.451586724011
Entering monitored scope (ToolBarMenuButton.CreateChildControls for PersonalActions)
Leaving Monitored Scope (ToolBarMenuButton.CreateChildControls for PersonalActions). Execution Time=2.08993042411815
GetServerRelativeUrlFromUrl(_layouts/userdisp.aspx?Force=True&ID=,True,True)
GetUriScheme(_layouts/userdisp.aspx?Force=True&ID=)
GetUriScheme(_layouts/userdisp.aspx?Force=True&ID=)
RelativeUrl = /sites/testing/_layouts/userdisp.aspx?Force=True&ID=
GetServerRelativeUrlFromUrl(_layouts/closeConnection.aspx?loginasanotheruser=true,True,True)
GetUriScheme(_layouts/closeConnection.aspx?loginasanotheruser=true)
GetUriScheme(_layouts/closeConnection.aspx?loginasanotheruser=true)
RelativeUrl = /sites/testing/_layouts/closeConnection.aspx?loginasanotheruser=true
GetServerRelativeUrlFromUrl(_layouts/SignOut.aspx,True,True)
GetUriScheme(_layouts/SignOut.aspx)
GetUriScheme(_layouts/SignOut.aspx)
RelativeUrl = /sites/testing/_layouts/SignOut.aspx
GetServerRelativeUrlFromUrl(https://xxx.com/sites/testing/_layouts/aclinv.aspx,True,True)
GetUriScheme(https://xxx.com/sites/testing/_layouts/aclinv.aspx)
Url starts with http or https
fullOrRelativeUrl = https://xxx.com/sites/testing/_layouts/aclinv.aspx
Site.Url = https://xxx.com/sites/testing
url is in site
Setting database session for {905ea099-603e-4d7a-9975-0eae0b4cbf75}.
ConnectionString: 'Data Source=xxx;Initial Catalog=xxx;Integrated Security=True;Enlist=False;Asynchronous Processing=False;Connect Timeout=15'    ConnectionState: Closed ConnectionTimeout: 15
Entering monitored scope (SPClaimProviderOperations.ResolveClaim())
Adding claim provider 'System'.
Adding claim provider 'AllUsers'.
Adding claim provider 'LDAPCP'.
Entering monitored scope (SPClaimProvider.FillResolveClaim())
Leaving Monitored Scope (SPClaimProvider.FillResolveClaim()). Execution Time=0.209523836130011
Entering monitored scope (SPClaimProvider.FillResolveClaim())
Leaving Monitored Scope (SPClaimProvider.FillResolveClaim()#1). Execution Time=0.0888381065191246
Entering monitored scope (SPClaimProvider.FillResolveClaim())
Looking up  site http://xxx.com/ in the farm OSS_Dev11_SharePointConfig
Looking up the additional information about the typical site http://xxx.com/.
Site lookup is replacing http://xxx.com/ with the alternate access url http://xxx.com.
Looking up typical site http://xx.com/ in web application SPWebApplication Name=Partners Dev11 IWA Web Application.
Found typical site / (7a279124-39c0-43ed-8e9e-c9068844e03b) in web application SPWebApplication Name=Partners Dev11 IWA Web Application.
Leaving Monitored Scope (SPClaimProvider.FillResolveClaim()#2). Execution Time=12.0392396240304
Entering monitored scope (SPClaimProvider.FillResolveClaim())
Leaving Monitored Scope (SPClaimProvider.FillResolveClaim()#3). Execution Time=0.0293333370582015
Leaving Monitored Scope (SPClaimProviderOperations.ResolveClaim()#1). Execution Time=14.0207763835907
The user does not exist or is not unique.
Application error when access /_layouts/aclinv.aspx, Error=The user does not exist or is not unique.   at Microsoft.SharePoint.Library.SPRequestInternalClass.UpdateMembers(String bstrUrl, UInt32 dwObjectType, String bstrObjId, Guid& pguidScopeId, Int32 lGroupID, Int32 lGroupOwnerId, Object& pvarArrayAdd, Object& pvarArrayAddIds, Object& pvarArrayLoginsRemove, Object& pvarArrayIdsRemove, Boolean bRemoveFromCurrentScopeOnly, Boolean bSendEmail)     at Microsoft.SharePoint.Library.SPRequest.UpdateMembers(String bstrUrl, UInt32 dwObjectType, String bstrObjId, Guid& pguidScopeId, Int32 lGroupID, Int32 lGroupOwnerId, Object& pvarArrayAdd, Object& pvarArrayAddIds, Object& pvarArrayLoginsRemove, Object& pvarArrayIdsRemove, Boolean bRemoveFromCurrentScopeOnly, Boolean bSendEmail)
System.Runtime.InteropServices.COMException: The user does not exist or is not unique.    at Microsoft.SharePoint.Library.SPRequestInternalClass.UpdateMembers(String bstrUrl, UInt32 dwObjectType, String bstrObjId, Guid& pguidScopeId, Int32 lGroupID, Int32 lGroupOwnerId, Object& pvarArrayAdd, Object& pvarArrayAddIds, Object& pvarArrayLoginsRemove, Object& pvarArrayIdsRemove, Boolean bRemoveFromCurrentScopeOnly, Boolean bSendEmail)     at Microsoft.SharePoint.Library.SPRequest.UpdateMembers(String bstrUrl, UInt32 dwObjectType, String bstrObjId, Guid& pguidScopeId, Int32 lGroupID, Int32 lGroupOwnerId, Object& pvarArrayAdd, Object& pvarArrayAddIds, Object& pvarArrayLoginsRemove, Object& pvarArrayIdsRemove, Boolean bRemoveFromCurrentScopeOnly, Boolean bSendEmail)
Dec 18, 2012 at 3:47 PM

Hello Yvand,

I was wondering if you got my email that I sent last week with the log files and screen shots?  Do you have any ideas as to why it is giving me this error message?  My thought that it is the "User does not exist" and not the is not unique issue.

 

Thanks

Chris

Coordinator
Dec 18, 2012 at 3:57 PM
hello,
sorry I did not get back to you earlier, I've been very busy.
I received your data and I will have a look ASAP, actually you are the 1st one to report this issue, and I did a lot of tests to ensure this does not happen, so there must be something really specific in your scenario.
Which version of ldapcp are you using?
can you send me the claim types configured in your trust?
Can you confirm you get the same behavior for any user you try to add / from central admin or web app itself?
cheers,
Yvan


From: [email removed]
To: [email removed]
Date: Tue, 18 Dec 2012 08:47:08 -0800
Subject: Re: The user does not exist or is not unique. Error [ldapcp:405849]

From: treety2x4
Hello Yvand,
I was wondering if you got my email that I sent last week with the log files and screen shots? Do you have any ideas as to why it is giving me this error message? My thought that it is the "User does not exist" and not the is not unique issue.

Thanks
Chris
Read the full discussion online.
To add a post to this discussion, reply to this email (ldapcp@discussions.codeplex.com)
To start a new discussion for this project, email ldapcp@discussions.codeplex.com
You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.
Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com
Dec 18, 2012 at 4:04 PM
Edited Dec 18, 2012 at 4:05 PM

We are using the most recent version of your LDAPCP feature (3.0.0.0 - 09/11/2012).  Just noticed that you have a new version out since last week so we might try to install that version to see if we have the same issue.

We did notice something interesting when we try to add a user via PowerShell with and without your feature activated:

With Feature enabled:
PS C:\Windows\system32> $SPClaimsPrincipal3 = New-SPClaimsPrincipal -ClaimValue "xxx@xxx.com" -ClaimType Email -TrustedIdentityTokenIssuer "xxx.net" -IdentifierClaim
PS C:\Windows\system32> $SPUser = New-SPUser -UserAlias $SPClaimsPrincipal3.ToEncodedString() -Web $WebSite
New-SPUser : The specified user i:05.t|xxx.net|xxx@xxx.com could not be found.
At line:1 char:21
+ $SPUser = New-SPUser <<<<  -UserAlias $SPClaimsPrincipal3.ToEncodedString() -Web $WebSite
    + CategoryInfo          : InvalidData: (Microsoft.Share...SPCmdletNewUser:SPCmdletNewUser) [New-SPUser], SPException
    + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletNewUser

Without feature enabled:
PS C:\Windows\system32> $trust = Get-SPTrustedIdentityTokenIssuer "xxx.net"
PS C:\Windows\system32> $trust.GetType().GetField("m_ClaimProviderName","NonPublic,Instance").SetValue($trust, $null)
PS C:\Windows\system32> $trust.update()
PS C:\Windows\system32> $SPUser = New-SPUser -UserAlias $SPClaimsPrincipal3.ToEncodedString() -Web $WebSite

 


Jan 17, 2013 at 7:05 PM

This happened to me as well. In my case this was due to using both ADFS and NTLM on the web app. Each zone only had one authentication type. So the default zone was NTLM (used for the crawler), and both Intranet and Internet zones were ADFS.

I was able to work around this issue by changing my set up to have the default and Internet zones use ADFS and then using NTLM in the custom zone for the crawler.

hope this helps,

-Chris

Coordinator
Jan 18, 2013 at 11:17 AM

hello,

thank you for your input, I will investigate this scenario quickly and try to fix it.

cheers,

Yvan

 

Coordinator
Jan 21, 2013 at 9:32 AM

hello,

I fixed the bug, now it doesn't matter which authentication method in used in which zone, it will always work.

The drawback is that now, LDAPCP will appear on every zone, even the ones where it should not. This is by design in SharePoint but the good news is that this can be configured. Check the article http://blogs.technet.com/b/speschka/archive/2010/06/03/configuring-a-custom-claims-provider-to-be-used-only-on-select-zones-in-sharepoint-2010.aspx for more details, and how to prevent this.

 

Jan 21, 2013 at 4:22 PM

Yvan and clathrop,

Thanks for your responses! It seems that if we changed the following check in the FillResolve function near line 487

From: if (!SetSPTrustInCurrentContext(context) || _AttributesToQuery == null)

To: if (_AttributesToQuery == null)

From the notes on the function it states that the picker entity is already resolved so we don’t need to call the SetSPTrustInCurrentContext again, only resolve the claim once more. It seems to work on our tests if you want to try yourselves. I will download the updated code to see if that works for us.

Thanks for your help!

Chris

Coordinator
Jan 22, 2013 at 6:41 AM

hello,

yes I think you're right! There is no reason to call the method at this stage.

I will perform additional testing to make sure there are no drawback, and update the package ASAP

cheers,

Yvan