locked
FBA LDAP People Picker works in CA but not Site RRS feed

  • Question

  • I am able to use th Peopl Picker for User Policy at web app level to add accounts on LDAP eDirectory, but unable to find accounts when adding to a site group.
    Tuesday, February 21, 2017 5:33 PM

Answers

  • Allow me to elaborate: The LDAP Directory was used for authentication for our intranet users, but needed to limit user access to a limited "userType" and "objectClass". I was able to select a LDAP user account from the Member Provider using People Picker in Central Admin, but was unable to add the LDAP group account from the Role Provider using Site Settings in the specific Site Collection. So I temporarily modified the web.configs and changed the users container setting in the LDAP Role Provider to point to the container/OU that housed the service account I was assigned to use for the connector to the LDAP Directory while leaving the Group container setting unchanged. That service account container was on a different branch of the LDAP Directory. I logged back into SharePoint using the service account and People Picker was able to locate the group in the Role Provider. I was very happy. Then I re-edited the web.config Member Provider to point back to the specific user container.
    • Proposed as answer by Victoria Xia Friday, February 24, 2017 2:14 AM
    • Marked as answer by hartdr Friday, February 24, 2017 3:46 PM
    Thursday, February 23, 2017 1:28 PM

All replies

  • Hi,

    Please verify the steps you have down with the steps in the link below to see if there is any difference.

    https://msdn.microsoft.com/en-us/library/bb975136.aspx

    Best Regards,

    Victoria 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, February 22, 2017 12:28 PM
  • I'm using Forms Based Authentication for an Intranet solution to verify user credentials hosted on their Novell eDirectory server.  The answer to fixing my People Picker issue was to modify several parameters in the web.configs until I got the right mix.
    • Proposed as answer by T G N Thursday, February 23, 2017 3:41 AM
    • Unproposed as answer by T G N Monday, May 22, 2017 2:43 PM
    Wednesday, February 22, 2017 5:07 PM
  • Hi,

    I am glad that you found the solution and thanks for sharing it here.

    Best Regards,

    Victoria


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, February 23, 2017 3:31 AM
  • Allow me to elaborate: The LDAP Directory was used for authentication for our intranet users, but needed to limit user access to a limited "userType" and "objectClass". I was able to select a LDAP user account from the Member Provider using People Picker in Central Admin, but was unable to add the LDAP group account from the Role Provider using Site Settings in the specific Site Collection. So I temporarily modified the web.configs and changed the users container setting in the LDAP Role Provider to point to the container/OU that housed the service account I was assigned to use for the connector to the LDAP Directory while leaving the Group container setting unchanged. That service account container was on a different branch of the LDAP Directory. I logged back into SharePoint using the service account and People Picker was able to locate the group in the Role Provider. I was very happy. Then I re-edited the web.config Member Provider to point back to the specific user container.
    • Proposed as answer by Victoria Xia Friday, February 24, 2017 2:14 AM
    • Marked as answer by hartdr Friday, February 24, 2017 3:46 PM
    Thursday, February 23, 2017 1:28 PM
  • Hi,

    Thanks for providing the detailed solution and it will help other users who meet the same issue in this forum.

    Best Regards,

    Victoria


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, February 24, 2017 2:15 AM