search

Yvand / LDAPCP

A claims provider to connect SharePoint Subscription / 2019 / 2016 with Active Directory and LDAP directories in federated authentication
https://ldapcp.com
Apache License 2.0
57 stars 25 forks source link

Claims provider for ADFS: Resolving user thats belongs to a nested group #181

Closed anjagrams closed 8 months ago

anjagrams commented 1 year ago

Bonjour Yvan, unfortunately my french is not good enough to continue. We hope you can help us with a challenge regarding the "Claims provider for ADFS authentication in SharePoint". Is it possible to resolve user in the people picker, when the person is not a direct member of a AD security group. It is in a nested group that’s belongs to the security group? At the moment it does not work and it is quite important. Best regards and thanks in advance, Anja

Yvand commented 1 year ago

Hello Anja, I'm not sure to understand your scenario. Is it that you grant access to an AD group, and a user that is member of this group through a nested group does not have access to the site? If so, it should work if you enable augmentation in LDAPCP global config page, or if the identity provider includes the full group membership (which it should) in the SAML token

ChristophHannappel commented 1 year ago

Hi Yvan,

Anja is a colleague of mine. We had a missunterstanding. The issue with the nested groups is regarding the SharePoint Server Subscription Edition User Profile Claim Provider. The people picker does not show groups which only has other groups as a member. We opened a case with Microsoft.

The question regarding LDAPCP was how much work it would be to support the Active Directory objectSID Fields, so it would be possible to use a Users SID as Identifier and also the Group Memberships via "Token-Groups as SIDs" if we'd pay for the development.

Yvand commented 1 year ago

@ChristophHannappel no worries, LDAPCP is completely free and open source, so the support for SID can be done by any developer, including you or someone in your team, if you can do so I will keep this request but for the moment I have no plan to work on it

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] commented 8 months ago

Stale issue message

Yvand commented 8 months ago

@ChristophHannappel FYI I implemented support for the SID in the newest version - LDAPCPSE - https://github.com/Yvand/LDAPCP/discussions/201