1. Login to your SharePoint Central Administration site.
  2. Go to Central Administration > Security.
  3. Click on Configure People Picker (under Users):
  4. Select the web application that is configured to use the Partner STS (Trusted Identity Provider) for authentication from the drop down at the top of the page):
  5. Configure the Claim Settings by selecting the Partner STS and specifying the Identity Claim Type.

    Identity Claim Type examples:



  6. Add LDAP connections by selecting Add a new connection… in the drop down, then proceed to fill out the LDAP connection settings as described below.
    • Name

      The name of this LDAP connection.

    • Server

      The FQDN or IP address for the LDAP server. If using LDAPS, include the relevant port (i.e. ldap.domain.com:636)

    • Secure Store App Id

      The ID of your saved credentials in SharePoint's Secure Store Service.

    • Username

      The username of the LDAP account that will be used to bind to LDAP in order to query users or groups. If the Username field is left blank the LDAP query will be made using the SharePoint farm account.

    • Password

      The password for the LDAP account.

      Note: Passwords are stored in plain text with the other configuration data.
    • Search Root

      The root (BaseDN) for the LDAP search.

    • Identity Attribute

      The Identity Attribute refers to the LDAP attribute that is used to populated the Identity Claim Type (which you selected in the Claim Settings at the top of the page). The LDAP attribute configured where must match the LDAP attribute used in PingFederate to populate that WS-Fed attribute.

      For example, an Identity Attribute of userPrincipalName has an Identity Claim Type of http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn

    • Group Identifier

      Select either SID or Distinguished Name (DN) to be used as the group unique identifier.

    • Server Time Limit (seconds)

      The maximum number of seconds that the server will wait for a search to complete.

    • Client Timeout (seconds)

      The maximum number of seconds that the client will wait for the server to return results.

    • Maximum number of objects to return

      This refers to the maximum number of search results you want the People Picker to return.

      • You can set this to a number between 0 and 500.

      • If you set this to 0, it will use the SharePoint default size limit of 1000 entries.
    • Minimum characters to start search

      This refers to the minimum number of characters (letters) an end user must type into the People Picker search window before the search starts to execute.

      • You can set this to a number between 4 and 10.

      • If you set this to 0, it will use the SharePoint default setting of 3 characters.
      Tip: Each LDAP connection you add here will only be enabled for the specific SharePoint web application you selected. If you want to add the same LDAP connection to multiple SharePoint web applications, you will need to repeat the same configuration steps (4-5-6) for each SharePoint web application.
    • Filter

      Provide a custom LDAP query to be used for search. Leave this property blank to use the default query: