Unable to Connect to LDAP for the following reason: Unknow error (0x80005000)

[unh1990]

Unable to connect to LDAP for following reason: Unknown error (0x80005000) It may be expected if w3wp process of central admin has intentionally no access to LDAP server.

Able to connect using ldap browsers from same server but not through the configuration of LDAPCPSE, if I use LDAPS it gives me this error, if I use LDAP it comes back saying the server isn't operational. Not sure what is blocking this connection but I believe there is something specific to SharePoint server 2019 that is causing the issue.

[Yvand]

@unh1990, can you confirm you are able to connect to your LDAP from the SharePoint server using the script below:

$filter = "(&(objectClass=user)(|(sAMAccountName=yvand*)(cn=yvand*)))"
$ldapServer = "contoso.local"
$ldapBase = "DC=contoso,DC=local"
$ldapUser = "contoso\spfarm"
$ldapPassword = Read-Host "Enter the password (will appear in clear text)"
$ldapAuth = [System.DirectoryServices.AuthenticationTypes] "Secure, Signing"

$directoryEntry = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$ldapServer/$ldapBase" , $ldapUser, $ldapPassword, $ldapAuth)
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher ($directoryEntry, $filter)
# Uncomment line below to restrict properties returned by LDAP server
#$objSearcher.PropertiesToLoad.AddRange(@("cn"))

$results = $objSearcher.FindAll() 
Write-Host "Found $($results.Count) result(s)":
foreach ($objResult in $results)    {$objItem = $objResult.Properties; $objItem}

If this script works, LDAPCP should work too

[unh1990]

I tried the script but get this message from the server that is trying to connect to the LDAP server:
Exception calling "FindAll" with "0" argument(s): "The server is not operational. " At line:13 char:1

• $results = $objSearcher.FindAll()

• 
  + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
  + FullyQualifiedErrorId : COMException
  Found 0 result(s) 

[unh1990]

I am able to connect to the LDAP server using Softera LDAP Browser but not through the config settings for LDAPCP.

[Yvand]

@unh1990 there must be a setting in the script that prevents the LDAP connection, while it works with your LDAP browser. It could be an AuthenticationTypes option, or maybe something else, but I cannot help you much more since it totally depends on your environment

[unh1990]

I added an entry for the ip of the ldap server and now if I choose none for the authentication type it shows connected successfully however I get an error stating validation failed and cannot be resolved when clicking share on the people picker in a web app that is using the custom provider. The logs show a connection is made and a result is returned but I cannot get SharePoint to resolve the user i:05.t|xxxxx|firstname.lastname. Any suggestions on what needs to be done to get the people picker to work?

[Yvand]

@unh1990 without the logs it is difficult to comment. Does LDAPCP write that validation was successful?

[unh1990]

I was able to get the connection to our LDAP server working correctly but it does not allow me to find saml users when working in Central admin (site collection administration, web app access...) I read in a Microsoft article that states that People picker in CA will return users, groups, claims by default. I get the following error in the SharePoint ULS Logs. https://learn.microsoft.com/en-us/sharepoint/administration/people-picker-and-claims-providers-overview

This is the error message captured in the ULS Logs [LDAPCPSE] A DirectoryServicesCOMException occured while connecting using the default AD connection. It may be resolved by replacing it with a custom LDAP connection with explicit credentials. ------------- comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4563"

Any suggestions?

[Yvand]

@unh1990 instead of using the default AD connection, can you replace it with a custom LDAP connection? You can do that in central administration > security > LDAPCPSE global configuration page

[github-actions[bot]]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[github-actions[bot]]

This issue was closed because it has been stalled for 5 days with no activity.