This project has moved and is read-only. For the latest updates, please go here.

Issues after removal of LDAPCP on SP 2013

Aug 14, 2015 at 8:09 PM
We had some issues with LDAPCP so we uninstalled as the doc describes and the "Get-SPClaimProvider | ft DisplayName" shows the provider as not installed.

We have some pages on the SharePoint site that look to be stuck thinking this provider is still in use so some users accessing SP create this error that is trapped in a "something went wrong" error trap.

"Trusted login provider is configured to use claim provider but it is not found in configuration. LoginProvider: 'ADFS Login', ClaimProvider: 'LDAPCP'."

I can't find any traces of the LDAPCP in any part of the SP config.

Anyone have a idea or clue where this might be coming from?
Aug 17, 2015 at 12:32 PM
Hello,
it looks like LDAPCP is still referenced by the trust. You can check this with this cmdlet:
Get-SPTrustedIdentityTokenIssuer| ft Name, ClaimProviderName
If "LDAPCP" appears that explains why you get this error. To remove it, you need to delete the SPTrustedIdentityTokenIssuer object and recreate it, SharePoint offers no easier way to remove the reference to the claims provider.
thanks,
Yvan
Marked as answer by Yvand on 8/20/2015 at 4:03 AM
Aug 17, 2015 at 2:03 PM
Edited Aug 17, 2015 at 2:05 PM
Thanks for the reply.
I did issue this command and it indeed does exist.
Thanks for this tip.

Name ClaimProviderName
ADFS Login LDAPCP

I will plan on recreating the trust.

I did issue another comand and it didn't show up there so I thought it was removed.

Get-SPClaimProvider | ft DisplayName
System
Active Directory
All Users
Forms Auth
User Profile Claim Provider
Sep 3, 2015 at 2:57 PM
I found I had the same issue. IMO, this should be part of the Uninstall instructions..

But I might have found a better way as described here:

https://social.technet.microsoft.com/Forums/en-US/47d345b0-0de8-4723-a9c5-04d9ed67db2d/restore-default-oob-claim-provider-after-removing-custom-claim-provider?forum=sharepointadminprevious
According to this post from Steve Peschka:

http://blogs.technet.com/b/speschka/archive/2010/06/02/more-information-on-adding-and-changing-custom-claims-providers-in-sharepoint-2010.aspx

You can't. You must delete your SPTrustedIdentityTokenIssuer and recreate a new one...

But, a smart guy in the comments used reflection to do this:
$ti = Get-SPTrustedIdentityTokenIssuer XXXX

$ti.GetType().GetField("m_ClaimProviderName","NonPublic,Instance").SetValue($ti, $null)

$ti.Update()
I tested this method out on our system, and it seemed to revert back to the original/default resolver

(Can someone test, then include these in the instructions for Uninstall?) or at least point out the fact the LDAPCP is still listed as the ClaimsProviderName in the SPTrustedTokenIssue, and peoplepicker resolution will not work normally after trying to remove the solution and either redoing all the trusted authentication provider stuff..
Jan 8, 2016 at 12:29 PM
Hello All,

I have been facing an issue post removal of LDAPCP while creating the new token issuer which is as follows.

It is trying to locate ldapcp dll while creating new token issuer after removal all components of ldapcp.

$Issuer = New-SPTrustedIdentityTokenIssuer -Name "XYZ" -Description "identyfingclaim" -realm $realm -ClaimsMappings $id.$groups -SignInUrl $signinurl -IdentifierClaim $id.InputCLaimType -UseWReply -ImportTrustCertificate $corpcert

New-SPTrustedIdentityTokenIssuer : Could not load file or assembly 'ldapcp, Version=3.0.0.0, Culture=neutral, PublicKeyToken=6520e17cd9489fc0' or
one of its dependencies. The system cannot find the file specified
.
At line:1 char:47
  • $CorpIssuer = New-SPTrustedIdentityTokenIssuer <<<< -Name "XYZ" -Description "identyfingclaim" -realm $realm -ClaimsMappings $id.$groups -SignInUrl $signinurl -IdentifierClaim $id.InputCLaimType -UseWReply -ImportTrustCertificate $corpcert
    • CategoryInfo : InvalidData: (Microsoft.Share...dentityProvider:SPCmdletNewSPIdentityProvider) [New-SPTrustedIdentityTokenIssuer],
      FileNotFoundException
    • FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletNewSPIdentityProvider
Any suggestions would be greatly appreciated.