Query for TAM LDAP Connection

Jan 10, 2015 at 1:25 AM
Edited Jan 10, 2015 at 2:42 AM
HI Team,

We have deployed latest LDAPCP solution and tried connecting to TAM LDAP Server.

Test Connection to the server - Worked fine.
In the Peoplepicker transaction, connection to the TAM LDAP server is success. But unable to get the result from TAM LDAP servers.

Could you please assist us in resolving the same. Is it required any additional Claim Mapping or query update for the connecting to TAM LDAP server.

From ULS log, find the below query:

[LDAPCP] Connect as uid=spadminbind,ou=people,ou=marsh,o=mmc.com to LDAP://****..mc.com.

[LDAPCP] This LDAP query did not return any result: "(| (&(objectclass=user)(sAMAccountName=mohamed.farook
)(!(objectClass=computer))) (&(objectclass=user)(mail=mohamed.farook
)) (&(objectclass=user)(displayName=mohamed.farook
)) (&(objectclass=user)(cn=mohamed.farook
)(!(objectClass=computer))) (&(objectclass=user)(sn=mohamed.farook
)) (&(objectclass=inetOrgPerson)(uid=mohamed.farook
)) )"

UID LDAP Attribute with Object Class = inetOrgPerson/top/person accepted by LDAPCP solution in people picker query.

Also, please assist me in updating claim table for second trust security token issuser. I am getting claim table mapping for one trusted security token issuser.
Jan 13, 2015 at 8:15 AM
you can use the admin pages only for OOB LDAPCP, and the SPTrust it is linked to, you cannot use them with a 2nd SPTrust.
The logs say that LDAP query that didn't return any result, then the question is what is wrong in the query to not return any result? So you need to debug the query, using cmd line tool "ldifde" for example
Jan 14, 2015 at 5:42 PM
Hi Yvan,

We are trying to use UID attribute by customizing LDAPCP developer version. But we are facing issue with ObjectClass. If we use objectclass="person" or objectclass="top" we are facing Object reference not found. Objectclass="user" is not returing any result from TAM side. We have tried with below mentioned obejctclass

objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: ePerson

Can you please let us know how can we use these above mentioned objectclass?
Jan 23, 2015 at 11:22 AM
this really depends on your LDAP server and I have no idea what you should use, you should troubleshoot the LDAP query outside of LDAPCP/SharePoint with cmd line tool "ldifde"
Jan 23, 2015 at 3:01 PM
Hi Yvand,

We have tried to execute query outside SharePoint from "ldifde", we got the result from TAM LDAP Server withhout any issue using objectclass "person" and Attribute "UID".

When we tried to add same in the claim mapping table, getting the issue in ULS log stating that Object reference not found.

It will be great, if you can suggested us, how to inherit additional class in custom LDAPCP.
Jan 27, 2015 at 11:10 AM
can you generate the smallest LDAP query possible and:
  • copy/paste the LDAP query that you see in ULS logs for LDAPCP and causes the exception
  • copy/paste the LDAP query executed from ldifde.exe tool and returns results