This project has moved and is read-only. For the latest updates, please go here.

Seems only one webapp on three in the Farm is calling the LDAPCP Custom when picker is used.

Oct 15, 2015 at 5:06 PM
Hello,

In the farm I'v got 3 webapps. All the webapps are using adfs. But ony one is calling the LDAPCP when picker is used.

I've made log for this and only one is reachable.

Have anybody encounter such behavior? Any suggestion?

Thank you.
Claude
Oct 16, 2015 at 9:42 AM
Edited Oct 16, 2015 at 10:18 AM
I'm still stucked wit this issue. I don't have a clue. The solution is well Globally deployed...

The problem is tha only one webapp plays the LDAP Custom. The others ignore it completely...


What is displayed for the solution custom:


The solution properties after update:

Name: ldapcp custom.wsp
Type: Core Solution
Contains Web Application Resource: No
Contains Global Assembly: Yes
Contains Code Access Security Policy: No
Deployment Server Type: Front-end Web server
Deployment Status: Deployed
Deployed To: Globally deployed.
Last Operation Result: The solution was successfully deployed.
Last Operation Details: DEV-APP-01 : The solution was successfully deployed.

Last Operation Time: 10/16/2015 10:38 AM
Oct 16, 2015 at 10:29 AM
Edited Oct 16, 2015 at 10:29 AM
I found some recursive error in the sp log that could help understanding the problem?

[LDAPCP_Custom] Unexpected error in Initialize, while refreshing configuration: System.Threading.LockRecursionException: Recursive write lock acquisitions not allowed in this mode., Callstack:
at System.Threading.ReaderWriterLockSlim.TryEnterWriteLockCore(TimeoutTracker timeout)
at System.Threading.ReaderWriterLockSlim.TryEnterWriteLock(TimeoutTracker timeout)
at ldapcp.LDAPCP.Initialize(Uri context, String[] entityTypes)
at ldapcp.LDAPCP.GetClaimTypeForUserKey()
at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaimForTrustedUser(IClaimsIdentity claimsIdentity, SPClaim userIdentityClaim)
at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity, SPClaim loginClaim)
at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)
at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)
at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromLoginName(String loginName)
at Microsoft.SharePoint.SPSecurity.GetCurrentUserTokenNoApplicationPrincipalDelegated(SPWebApplication webApp, Uri siteUrl)
at Microsoft.SharePoint.SPSecurity.GetCurrentUserToken()
at Microsoft.SharePoint.SPSecurity.EnsureOriginatingUserToken()
at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)
at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode)
at ldapcp.Samples.LDAPCP_Custom.initLists()
at ldapcp.Samples.LDAPCP_Custom.SetCustomConfiguration(Uri context, String[] entityTypes)
at ldapcp.LDAPCP.Initialize(Uri context, String[] entityTypes)
Oct 16, 2015 at 12:21 PM
Hello,
can you please copy/paste the code in LDAPCP_Custom.initLists() ?
It seems that somehow code in initLists() causes SharePoint to call again LDAPCP, which conflicts with locking implemented in LDAPCP to be thread safe.
thanks,
Yvan
Oct 16, 2015 at 1:55 PM
Thank you, here is the code.
    protected void initLists() {

        SPSecurity.RunWithElevatedPrivileges(delegate
        {
        //get the central admin site
        Microsoft.SharePoint.Administration.SPAdministrationWebApplication centralWeb =
                SPAdministrationWebApplication.Local;

            string centralAdminUrl = centralWeb.Sites[0].Url;

            using (SPSite oSite = new SPSite(centralAdminUrl))
            {
                try
                {
                    configList = oSite.RootWeb.GetList("/Lists/ldapcp_config");//.Lists["ConfigParams"];
                    logList = oSite.RootWeb.GetList("/Lists/ldapcp_log");
                    log(logList, "OK: From 0 Constructor LDAPCP_Custom, time: " + DateTime.Now.ToString("h:mm:ss tt"));
                }
                catch (Exception ex)
                {
                    log(logList, "ERROR: From 0 Constructor LDAPCP_Custom, " + ex.Message + " time: " + DateTime.Now.ToString("h:mm:ss tt"));
                }
            }
        });
    }

    private void log(SPList logList,string message)
    {
        SPListItem item = logList.AddItem();
        item["Title"] = message;
        item.Update();
    }
Oct 16, 2015 at 2:09 PM
Edited Oct 16, 2015 at 2:09 PM
The code of the 'SetLDAPConnections' method:
    protected override DirectoryEntry[] SetLDAPConnections(Uri context, string[] entityTypes)
    {
        initLists();

        //load the list if exists
        bool listFound = false;

        string ldapcPath = "";
        string ldapcpFilter = "";
        string contextUrl = context.ToString();
        SPList ldapcpLog = null;

        if (logList != null)
        {
            log(logList, "OK logList well found, From 1 SetLDAPConnections: " + contextUrl + " time: " + DateTime.Now.ToString("h:mm:ss tt"));
        }

        try { 


        SPSecurity.RunWithElevatedPrivileges(delegate
        {
            //get the central admin site
            Microsoft.SharePoint.Administration.SPAdministrationWebApplication centralWeb =
               SPAdministrationWebApplication.Local;

            string centralAdminUrl = centralWeb.Sites[0].Url;

            using (SPSite oSite = new SPSite(centralAdminUrl))
            {
                try
                {
                    SPList configList = oSite.RootWeb.GetList("/Lists/ldapcp_config");//.Lists["ConfigParams"];
                    ldapcpLog  = oSite.RootWeb.GetList("/Lists/ldapcp_log");
                    log(ldapcpLog, "From 1 contextUrl: " + contextUrl + " time: " + DateTime.Now.ToString("h:mm:ss tt"));

                    if (configList != null)
                    {
                        log(ldapcpLog, "From 2");
                        listFound = true;
                        // ldapcp_config_webapp 
                        // ldapcp_config_filter 
                        SPQuery oQuery = new SPQuery();
                        oQuery.Query = string.Format(
                            @"
                               <ViewFields>
                                  <FieldRef Name='ldapcp_config_webapp' />
                                  <FieldRef Name='ldapcp_config_filter' />
                                  <FieldRef Name='ldapcp_config_path' />
                               </ViewFields>
                               <Where>
                                  <Eq>
                                     <FieldRef Name='ldapcp_config_webapp' />
                                     <Value Type='Text'>{0}</Value>
                                  </Eq>
                               </Where>
                            ",
                            context.ToString()
                        );
                        SPListItemCollection itemCollection = configList.GetItems(oQuery);
                        if (itemCollection.Count > 0)
                        {
                            //AD filter
                            ldapcpFilter = (itemCollection[0]["ldapcp_config_filter"] != null) ?
                               itemCollection[0]["ldapcp_config_filter"].ToString() : "";
                            //AD path
                            ldapcPath = (itemCollection[0]["ldapcp_config_path"] != null) ?
                               itemCollection[0]["ldapcp_config_path"].ToString() : "";

                            log(ldapcpLog, "From 2.1: ldapcpFilter: " + ldapcpFilter);
                            log(ldapcpLog, "From 2.2: ldapcPath: " + ldapcPath);
                        }
                        else
                        {
                            ldapcpFilter = "";
                            ldapcPath = "";
                        }
                    }
                    else
                    {
                        listFound = false;
                    }
                }
                catch(Exception ex)
                {
                    listFound = false;
                }
            }
        });
        log(ldapcpLog, "From 3");
        if (listFound && (ldapcPath.Length > 0))
        {
            log(ldapcpLog, "From 4");
            DirectoryEntry de = new DirectoryEntry();
            de.Path = ldapcPath; // "LDAP://DC=dev,DC=entsoe,DC=local"; // "LDAP://DC=company,DC=local";
            de.AuthenticationType = AuthenticationTypes.Secure;

            SearchResult result = null;
            if (ldapcpFilter.Length > 0)
            {
                log(ldapcpLog, "From 5: ldapcpFilter.Length > 0 ");
                DirectorySearcher deSearch = new DirectorySearcher();
                deSearch.SearchRoot = de;
                deSearch.Filter = ldapcpFilter; // "(&(objectClass=user) (cn=nsi-elia nsi-elia))"; // ldapcpFilter; // "(&(objectClass=user) (cn="nsi-elia nsi-elia"))";
                result = deSearch.FindOne();
            }
            if (result != null)
            {
                log(ldapcpLog, "From 6: result != null");
                DirectoryEntry deUser = new DirectoryEntry(result.Path);
                return new DirectoryEntry[] {deUser};
            }
            else
            {
                log(ldapcpLog, "From 7: result == null");
                return new DirectoryEntry[] {de};
            }
        }
        else
        {
                return new DirectoryEntry[] { getDefaultBehaiviour() };
            }
    }catch(Exception ex){
            return new DirectoryEntry[] {getDefaultBehaiviour()};
        }
    }
    private DirectoryEntry getDefaultBehaiviour() {
        DirectoryEntry objDE;
        String strPath = "LDAP://";
        objDE = new DirectoryEntry(strPath);
        return objDE;
    }
    private void log(SPList logList,string message)
    {
        SPListItem item = logList.AddItem();
        item["Title"] = message;
        item.Update();
    }
}
}
Oct 16, 2015 at 3:13 PM
Edited Oct 16, 2015 at 5:27 PM
To be sure all the code I put into the LDAP Custom is not the reason why only one webapp use it, I opened the original LADAPC Custom code, made the wsp and uploaded it.

The result is still the same. When I attached in debug mode I can catch only the code for one webapp.

Could it be possible that only one web app per farm can use it?


I'v made some print screens to explain more.
Oct 21, 2015 at 5:25 PM
Ok the problem was linked to the rights access 4 central admin with not enough rights regarding users of the webapps and the user of the pool.
Therefore I will use Farm properties to store config. This way all webApp from the farm are equals and a run with elevated priv is ok for each cases.

This issue has no link with the ldapcp custom feature.

Thank you for your help.
++
Marked as answer by csiefers on 10/21/2015 at 9:25 AM