I am unable to add ad lds users to sharepoint...
I have a web app (portal) which has been extended (extranet). Authentication provider for portal is set to Claims/NTLM. Authentication provider for extranet is both Claims/NTLM and FBA, with 'LdapMemeber' and 'LdapRole'.
I added the following to the peoplepickerwildcards section of the web app and Central admin's web.config:
<PeoplePickerWildcards>
<clear />
<add key="AspNetSqlMembershipProvider" value="%" />
<add key="LdapMember" value="*" />
<add key="LdapRole" value="*" />
/PeoplePickerWildcards>
I added the following to the portals' web.config:
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="WIN-I6SHQ2N2241.kemosabe.local"
port="50000" useSSL="false" userDNAttribute="distinguishedName" useDNAttribute="true" userNameAttribute="cn"userContainer="CN=Users,CN=LDAP,DC=SharePoint,DC=COM" userObjectClass="user"userFilter="(ObjectClass=user)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="WIN-I6SHQ2N2241.kemosabe.local" port="50000"
useSSL="false" enableSearchMethods="true" groupContainer="CN=Roles,CN=LDAP,DC=SharePoint,DC=COM" groupNameAttribute="cn" groupNameAlternateSearchAttribute="cn" groupMemberAttribute="member" userNameAttribute="cn"
dnAttribute="distinguishedName" useUserDNAttribute="true" scope="Subtree" userFilter="&(objectClass=user) (objectCategory=user)" groupFilter="&(objectCategory=Group)(objectClass=group)"
/>
</providers>
</roleManager>
I added the following to central admin's web.config:
<roleManager>
<providers>
<add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="WIN-I6SHQ2N2241.kemosabe.local" port="50000"
useSSL="false" groupContainer="CN=Roles,CN=LDAP,DC=SHAREPOINT,DC=COM" groupNameAttribute="cn"
groupNameAlternateSearchAttribute="cn" groupMemberAttribute="member" userNameAttribute="cn" dnAttribute="distinguishedName"
userFilter="&(objectClass=user)(objectCategory=user)" groupFilter="&(objectCategory=Group)(objectClass=group)" useUserDNAttribute="true" scope="Subtree" />
</providers>
</roleManager>
<membership>
<providers>
<add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="WIN-I6SHQ2N2241.kemosabe.local" port="50000" useSSL="false" useDNAttribute="true" userNameAttribute="cn" userContainer="CN=Users,CN=LDAP,DC=SHAREPOINT,DC=COM" userObjectClass="user" userFilter="
(ObjectClass=user)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
I added the following to STS web.config:
<membership>
<providers>
<add name="ContosoMember" type="ContosoProviders.Members, ContosoProviders, Version=1.0.0.0, Culture=neutral, PublicKeyToken=26fc91a86676aa9f" />
<add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="WIN-I6SHQ2N2241.kemosabe.local" port="50000" useSSL="false" enableSearchMethods="true" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="CN=Users,CN=LDAP,DC=SharePoint,DC=COM" userObjectClass="user" userFilter="(ObjectClass=*)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<add name="ContosoRole" type="ContosoProviders.Roles, ContosoProviders, Version=1.0.0.0, Culture=neutral, PublicKeyToken=26fc91a86676aa9f" />
<add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="WIN-I6SHQ2N2241.kemosabe.local" port="50000" useSSL="false" enableSearchMethods="true" groupContainer="CN=Roles,CN=LDAP,DC=SharePoint,DC=COM" groupNameAttribute="cn" groupNameAlternateSearchAttribute="cn" groupMemberAttribute="member" userNameAttribute="cn" dnAttribute="distinguishedName" groupFilter="&(objectCategory=Group)(objectClass=group)" userFilter="&(objectClass=user)(objectCategory=user)" scope="Subtree" />
</providers>
</roleManager>
</system.web>
I setup AD LDS, created a user in CN=Users,CN=LDAP,DC=SharePoint,DC=COM. I set the password and MSDS-UserAccountDisabled=False
I added the portalapppool account to the 'Member' attribute of the Administrator Role.
I go to the 'User Policy' of the Web Application and attempt to add a user. I select the address book and type in 'Rick' and return nothing. In fact, I see Forms Auth (0) users and Active Directory also shows (11) users.
Any idea of what I might be missing to have SharePoint people picker recognize ad lds users?
- Rick