Manager Attribute not populating properly in UPS

Sep 3, 2013 at 10:10 PM
We've run into an issue after adding LDAPCP to our environment where the manager attribute isn't getting populated properly in the User Profile Service Application. Has anyone else ever run across this issue? Before it would populate the manager's email fine:

Image

After activating the feature it breaks this import and displays the following:

Image


Anyone have any ideas how to correct this?

Thanks
Coordinator
Sep 4, 2013 at 6:47 AM
hello,
indeed it is strange since manager and user are indentical.
Can you check SharePoint logs populated when you display the page, and filter on category "LDAPCP"? That should give some hints why the account cannot be resolved.
Sep 4, 2013 at 1:46 PM
It doesn't appear to be referring to anything not resolving:
09/04/2013 07:41:22.90  w3wp.exe (0x15D0)   0x1A88  Unknown LDAPCP  00000   Medium  [LDAPCP] Created a fake PersistedObject because it could not be found in the config database    19b63f9c-5073-10cc-6e22-c4497f3618d1
09/04/2013 07:41:22.90  w3wp.exe (0x15D0)   0x1A88  Unknown LDAPCP  00000   Medium  [LDAPCP] Connect to AD this server is member of, with application pool credentials  19b63f9c-5073-10cc-6e22-c4497f3618d1
09/04/2013 07:41:22.90  w3wp.exe (0x15D0)   0x1A88  Unknown LDAPCP  00000   Medium  [LDAPCP] The LDAP Query "(|(&(objectclass=user) (mail=wesadmin@2008r2.local)))" returned 1 result(s)    19b63f9c-5073-10cc-6e22-c4497f3618d1
09/04/2013 07:41:22.90  w3wp.exe (0x15D0)   0x1A88  Unknown LDAPCP  00000   Verbose [LDAPCP] Added metadata to permission: type: "Email", value: "wesadmin@2008r2.local"    19b63f9c-5073-10cc-6e22-c4497f3618d1
09/04/2013 07:41:22.90  w3wp.exe (0x15D0)   0x1A88  Unknown LDAPCP  00000   Verbose [LDAPCP] Added metadata to permission: type: "DisplayName", value: "Wes Admin"  19b63f9c-5073-10cc-6e22-c4497f3618d1
09/04/2013 07:41:22.90  w3wp.exe (0x15D0)   0x1A88  Unknown LDAPCP  00000   Verbose [LDAPCP] Created permission with claim value: "wesadmin@2008r2.local", claim type: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" to the list of results. 19b63f9c-5073-10cc-6e22-c4497f3618d1
09/04/2013 07:41:22.90  w3wp.exe (0x15D0)   0x1A88  Unknown LDAPCP  00000   Medium  [LDAPCP] Validated permission with LDAP lookup. claim value: wesadmin@2008r2.local, claim type: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"    19b63f9c-5073-10cc-6e22-c4497f3618d1
Coordinator
Sep 5, 2013 at 11:36 AM
Indeed it seems to work as it should.
I'll try to reproduce this behavior in my environment and I'll keep you posted, but that will take me some days...
cheers,
Yvan
Coordinator
Sep 6, 2013 at 2:20 PM
Edited Sep 6, 2013 at 2:24 PM
hello,

I confirm that I can reproduce the problem, but this is a bug in SharePoint, not in LDAPCP:
SharePoint asks LDAPCP to validate the manager, which it does and adds it to the list of entities resolved (as expected).

But then SharePoint seems to also add the user a second time on its own (it goes 2 times in SPClaimProvider.FillResolveClaim):
Monitoring  nasq    Verbose Entering monitored scope (SPClaimProvider.FillResolveClaim()). Parent SPClaimProviderOperations.ResolveClaim()
LDAPCP  00000   Medium  [LDAPCP] Validated permission with LDAP lookup. claim value: yvand@yvanhost.local, claim type: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
Monitoring  b4ly    Verbose Leaving Monitored Scope (SPClaimProvider.FillResolveClaim()). Execution Time=9.42
Monitoring  nasq    Verbose Entering monitored scope (SPClaimProvider.FillResolveClaim()). Parent SPClaimProviderOperations.ResolveClaim()  875c409c-0619-1081-be00-dfb0543738ea
Monitoring  b4ly    Verbose Leaving Monitored Scope (SPClaimProvider.FillResolveClaim()). Execution Time=0.1688

So at the end there are 2 times the same permission, which explains why manager appears as invalid.
I'm running with March 2013 PU, I didn't try yet with August 2013 PU.

There is really nothing I can do in LDAPCP to mitigate this, since it doesn't know it is resolving a manager it cannot ignore to resolve it.

cheers,
Yvan
Oct 15, 2015 at 7:25 AM
Hello Yvan,

Do we have any further updates on this issue? Has new CUs or SPs have fixed this SharePoint bug? My customer is a high user of User Profile Service Application, and they have close to 5K+ users and it is hard for them to resolve the manager property every now and then? Do you have any temporary work around for this issue? Your help is highly appreciated.

Regards,
Srikanth N