Check Permission via AD group - LDAPCP

[Albino1006]

Hello Yvan,

We have encounter an issue in our SharePoint environment using LDAPCP.

Consider a scenario where a user is granted XYZ permission via AD group in SharePoint (and not explicitly using his ID). Now when we do check permission with that user ID, it should show that this user has XYZ permission via that AD group, but it doesn't (it only shows the permission assigned to it via his ID).

This behavior is seen only on sites with custom Identity provider using LDAPCP and not on sites with AD NTLM.

Are we missing something? Awaiting your reply. Thanks.

[Yvand]

Hi @Albino1006
For this to work, it requires that augmentation is enabled and configured in LDAPCP.
Can you confirm if you did so in LDAPCP configuration page?

[Albino1006]

Hello @Yvand

We have enabled the augmentation option and selected the claim type from dropdown. But still it doesn't show that the user has XYZ permission via that AD group on checknow in SharePoint permission page.

Is there anything else that can be checked?
Also what does this augmentation option do on enabling it?

Awaiting your reply. Thanks.

[Albino1006]

Hello @Yvand

We have enabled the augmentation option and selected the claim type from dropdown. But still it doesn't show that the user has XYZ permission via that AD group on checknow in SharePoint permission page.

Is there anything else that can be checked?
Also what does this augmentation option do on enabling it?

Awaiting your reply. Thanks.

[Yvand]

Basically, when you enable augmentation, LDAPCP will generate claims to provide the group membership of trusted users to SharePoint.
Then those role claims will be added to both the SAML token and the external (non-interactive) token of trusted users.