Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAPCPSE An item with LDAP newAttribute 'userPrincipalName' and LDAP class 'user' already exists for the object type 'User' #204

Closed
Paconaut opened this issue Apr 5, 2024 · 10 comments · Fixed by #205
Closed

LDAPCPSE An item with LDAP newAttribute 'userPrincipalName' and LDAP class 'user' already exists for the object type 'User' #204

Paconaut opened this issue Apr 5, 2024 · 10 comments · Fixed by #205
Assignees
@Yvand
Labels
bug Issue stale

Comments

@Paconaut
Copy link

Paconaut commented Apr 5, 2024

Hi @Yvand

Appreciate if you can help me understand why I get the following error preventing me from opening Global configuration and Mapping of permissions under SharePoint Server 2019 central admin after installing LDAPCPSE v17.0.20240226.2:

"An item with LDAP newAttribute 'userPrincipalName' and LDAP class 'user' already exists for the object type 'User'"

LDAPCP Classic uninstalled by following the documentation.

Thanks in advance!
@Paconaut Paconaut changed the title LDAPCP Second Edition LDAPCPSE An item with LDAP newAttribute 'userPrincipalName' and LDAP class 'user' already exists for the object type 'User' Apr 5, 2024
@Yvand Yvand self-assigned this Apr 5, 2024
@Yvand
Copy link
Owner

Yvand commented Apr 5, 2024

@Paconaut to understand your scenario, can you please send the output of those commands:

Add-Type -AssemblyName "Yvand.LDAPCPSE, Version=1.0.0.0, Culture=neutral, PublicKeyToken=80be731bc1a1a740"
$config = [Yvand.LdapClaimsProvider.LDAPCPSE]::GetConfiguration()
$config.Settings.ClaimTypes | ft LDAPAttribute, EntityType, ClaimType, UseMainClaimTypeOfDirectoryObject
$trust = Get-SPTrustedIdentityTokenIssuer "YOUR_SPTRUST_NAME"
$trust.ClaimTypeInformation | fl MappedClaimType, IsIdentityClaim

@Paconaut
Copy link
Author

Paconaut commented Apr 5, 2024

@Yvand Thanks for your help!

[Yvand.LdapClaimsProvider.LDAPCPSE]::GetConfiguration() return nothing
[Yvand.LdapClaimsProvider.LDAPCPSE]::ClaimsProviderName return "LDAPCPSE"

MappedClaimType : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/UPN
IsIdentityClaim : True

MappedClaimType : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
IsIdentityClaim : False

MappedClaimType : http://schemas.microsoft.com/ws/2008/06/identity/claims/role
IsIdentityClaim : False

@Yvand
Copy link
Owner

Yvand commented Apr 5, 2024

Can you try to create the configuration using this command:

[Yvand.LdapClaimsProvider.LDAPCPSE]::CreateConfiguration()

@Paconaut
Copy link
Author

Paconaut commented Apr 5, 2024
edited
Loading

Exception calling "CreateConfiguration" with "0" argument(s): "An item with LDAP newAttribute 'userPrincipalName' and LDAP class 'user' already exists for the object type 'User'"
At line:1 char:1
[Yvand.LdapClaimsProvider.LDAPCPSE]::CreateConfiguration()
CategoryInfo : NotSpecified: (:) [], MethodInvocationException
FullyQualifiedErrorId : InvalidOperationException

@Yvand
Copy link
Owner

Yvand commented Apr 5, 2024

Definitely looks like a bug, I will try to repro using the same claim types in the trust and come back to you, most likely next week.
In the meantime, if it is possible/acceptable for you, you can consider a workaround by removing the claim type emailaddress from the trust (I would totally understand you reject this test)

@Paconaut
Copy link
Author

Paconaut commented Apr 5, 2024

I excluded emailaddress but still the same error messages in central admin and PowerShell.

@Yvand
Copy link
Owner

Yvand commented Apr 8, 2024

@Paconaut FYI, I was able to repro exactly the same error, I'll investigate and report the progress in this thread

@Yvand Yvand added the bug label Apr 8, 2024
@Yvand Yvand mentioned this issue Apr 8, 2024
Merged
@Yvand Yvand linked a pull request Apr 8, 2024 that will close this issue
Ignore case when comparing claim types #205
Merged
@Yvand
Copy link
Owner

Yvand commented Apr 8, 2024

I confirm this is a bug, fixed in #205

@Yvand
Copy link
Owner

Yvand commented Apr 8, 2024

More info: It happens becaue you claim type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/UPN has upper-case letters UPN.
A workaround to fix the issue on the current version, is to delete the trust and recreate it, using a claim type with lower-case only: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn

@github-actions GitHub Actions
Copy link

github-actions bot commented May 9, 2024

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the stale label May 9, 2024
@Yvand Yvand mentioned this issue May 13, 2024
Merged
@Yvand Yvand closed this as completed May 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Yvand Yvand

Labels
bug Issue stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ignore case when comparing claim types Yvand/LDAPCP
2 participants
@Yvand @Paconaut