People Picker configuration

Page created: 24 Jul 2019 |

Page updated: 8 Feb 2022

| 3 min read

Microsoft SharePoint Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator

Login to your SharePoint Central Administration site.
Go to Central Administration > Security.
Click on Configure People Picker (under Users):
Select the web application that is configured to use the Partner STS (Trusted Identity Provider) for authentication from the drop down at the top of the page):
Configure the Claim Settings by selecting the Partner STS and specifying the Identity Claim Type.

Identity Claim Type examples:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
Add LDAP connections by selecting Add a new connection… in the drop down, then proceed to fill out the LDAP connection settings as described below.
- Name
  
  The name of this LDAP connection.
- Server
  
  The FQDN or IP address for the LDAP server. If using LDAPS, include the relevant port (i.e. ldap.domain.com:636)
- Secure Store App Id
  
  The ID of your saved credentials in SharePoint's Secure Store Service.
- Username
  
  The username of the LDAP account that will be used to bind to LDAP in order to query users or groups. If the Username field is left blank the LDAP query will be made using the SharePoint farm account.
- Password
  
  The password for the LDAP account.
  
  Note: Passwords are stored in plain text with the other configuration data.
- Search Root
  
  The root (BaseDN) for the LDAP search.
- Identity Attribute
  
  The Identity Attribute refers to the LDAP attribute that is used to populated the Identity Claim Type (which you selected in the Claim Settings at the top of the page). The LDAP attribute configured where must match the LDAP attribute used in PingFederate to populate that WS-Fed attribute.
  
  For example, an Identity Attribute of userPrincipalName has an Identity Claim Type of http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
- Group Identifier
  
  Select either SID or Distinguished Name (DN) to be used as the group unique identifier.
- Server Time Limit (seconds)
  
  The maximum number of seconds that the server will wait for a search to complete.
- Client Timeout (seconds)
  
  The maximum number of seconds that the client will wait for the server to return results.
- Maximum number of objects to return
  
  This refers to the maximum number of search results you want the People Picker to return.
  - You can set this to a number between 0 and 500.
  - If you set this to 0, it will use the SharePoint default size limit of 1000 entries.
- Minimum characters to start search
  
  This refers to the minimum number of characters (letters) an end user must type into the People Picker search window before the search starts to execute.
  - You can set this to a number between 4 and 10.
  - If you set this to 0, it will use the SharePoint default setting of 3 characters.
  Tip: Each LDAP connection you add here will only be enabled for the specific SharePoint web application you selected. If you want to add the same LDAP connection to multiple SharePoint web applications, you will need to repeat the same configuration steps (4-5-6) for each SharePoint web application.
- Filter
  
  Provide a custom LDAP query to be used for search. Leave this property blank to use the default query:
  
  "(&(&(|(objectCategory=person)(groupType=-2147483646))(|(displayName={0}*)(sAMAccountName={0}*)(userPrincipalName={0}*)(cn={0}*)(mail={0}*))))"