This project has moved and is read-only. For the latest updates, please go here.

Active Directory groups are not being added after resolving in Peoplepicker - SharePoint Enterprise 2013

Oct 15, 2014 at 5:24 PM
A similar thred is initiated by someone....567802

Active Directory groups are not be added after resolving in peoplepicker. Our enviornment is configured with ping federated without ups.

We have configured LDAPCP.codeplex.com integrating with Ping federated. please find the claim mapping, we configured in our environment.

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress mail user Edit DeleteSave Cancel
http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname sAMAccountName user Edit DeleteSave Cancel
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn userPrincipalName user Edit DeleteSave Cancel
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname givenName user Edit DeleteSave Cancel
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality physicalDeliveryOfficeName user Edit DeleteSave Cancel
http://schemas.microsoft.com/ws/2008/06/identity/claims/role sAMAccountName group Edit DeleteSave Cancel
http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname cn user Edit DeleteSave Cancel
Used as metadata for the permission created title user DeleteSave Cancel
Used as metadata for the permission created msRTCSIP-PrimaryUserAddress user DeleteSave Cancel
Used as metadata for the permission created telephoneNumber user DeleteSave Cancel
Used as metadata for the permission created mail user DeleteSave Cancel
http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname displayName User Edit DeleteSave Cancel
http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname mail User Edit DeleteSave Cancel
http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname sAMAccountName group Edit DeleteSave Cancel
http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname DisplayName group Edit DeleteSave Cancel
http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname Group-Membership-SAM group Edit DeleteSave Cancel

That's the identity claim type (Account Name) defined in the trust "PingFederateSTS5" associated with LDAPCP. It should always be present, unique and modified with care.

we are getting following transaction errors from SharePoint ULS logs.
[LDAPCP] this LDAP query did not return any result result: "(|(&(objectclass=user) (sAMAccountName=global-sp-gsdm-s-g)))" and message "The user doesn't exist or no unique user"
Oct 16, 2014 at 12:12 PM
Hello, and the same replies apply:
claim types must be unique, you should not create multiple entries with same claim type (in your case http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname).
Clean your list to not have duplicate claim types, then you may have to recreate some permissions (created with incorrect claim type) to completely resolve all issues.
Cheers,
Yvan