Thursday, 18 November 2010

Custom Claims Membership Provider

Problem: We have written a custom claims membership provider, it works in development however if fails in the UAT environment.  The Membership provider goes to an LDAP directory (IBM TAM).

Initial Hypothesis: After checking the configuration was correct, I looked at the logs that were informing me that the provider was not returning results.  We can't use wireshark on the UAT environment to verify the call is being made to the LDAP directory.  And the error message is a generic failure message.

Resolution: Use Telnet to check that the WFE/WebService/STS/SharePoint token service can speak to the LDAP directory.
cmd>Telnet 389

The Claims web service cannot contact the LDAP directory, most likely cause is the firewall or the windows firewall.  Add a rule to the firewall to allow traffic on port 389.


Post a Comment