Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

preceded \ in roles since last fix #66

Closed
tollertenya opened this issue Sep 5, 2018 · 6 comments
Closed

preceded \ in roles since last fix #66

tollertenya opened this issue Sep 5, 2018 · 6 comments
Assignees
@Yvand
Labels
Issue

Comments

@tollertenya
Copy link

hello,
since you fixed issue 53 new issue occured that a "" is before the role in Account. we use {fqdn}\ as claim value prefix.

45023757-8a03e100-b037-11e8-8570-f2a4eb07cca0
@Yvand
Copy link
Owner

Yvand commented Sep 5, 2018

I don't reproduce this issue, results are returned as expected:
group claim type is configured with prefix "{fqdn}\" and if I type "group1", LDAPCP returns "xcontoso.local\group1" as expected:

image

In ULS logs:

LDAPCP	Claims Picking	1337	Verbose	[LDAPCP] Added entity: display text: '(Role) xcontoso.local\group1', claim value: 'xcontoso.local\group1', claim type: 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role'	59b48b9e-e7ab-4061-2841-bb70bd4ba80a

Note: Sometimes the rendering of markdown removes the \ and you need to double it. Please pay attention about this as it makes the understanding of the issue difficult

@Yvand Yvand self-assigned this Sep 5, 2018
@Yvand Yvand added the Issue label Sep 5, 2018
@tollertenya
Copy link
Author

here a extract of our ULSlog
we see correct encoded LDAP search with \5c - the queried server is ADLDS Server and filled in field is adminDisplayName.
verboselog

@Yvand
Copy link
Owner

Yvand commented Sep 6, 2018

Sorry it's not clear:

  • What is the expected value?
  • What is the actual value?

@tollertenya
Copy link
Author

expected is: ftest\groupname xy
actual is: \ftest\groupname xy

@Yvand
Copy link
Owner

Yvand commented Sep 11, 2018

I cannot reproduce the behavior.
I created group "group\charTest" in domain "contoso.local"

My group claim type is configured with prefix "{fqdn}\", as returned by this script:

Add-Type -AssemblyName "ldapcp, Version=1.0.0.0, Culture=neutral, PublicKeyToken=80be731bc1a1a740"
$config = [ldapcp.LDAPCPConfig]::GetConfiguration("LDAPCPConfig")
$config.ClaimTypes.GetByClaimType("http://schemas.microsoft.com/ws/2008/06/identity/claims/role").ClaimValuePrefix
# output: {fqdn}\

I search for it and I get the entity created with expected claim value, as shown in the logs:

LDAPCP	Claims Picking	1337	Verbose	[LDAPCP] Added entity: display text: '(Group) contoso.local\group\charTest', claim value: 'contoso.local\group\charTest', claim type: 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role'	23ddc67c-4996-0003-f4d9-dd239649d401

What am I missing?

@tollertenya
Copy link
Author

we found solution that is working when we using {domain} instead of {fqdn}

@Yvand Yvand closed this as completed Dec 20, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Yvand Yvand

Labels
Issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tollertenya @Yvand