- Login to your SharePoint Central Administration site.
- Go to .
Click on Configure People Picker (under Users):
Select the web application that is configured to use the Partner STS (Trusted
Identity Provider) for authentication from the drop down at the top of the
Configure the Claim Settings by selecting the Partner STS and specifying the
Identity Claim Type.
Identity Claim Type examples:
Add LDAP connections by selecting Add a new connection… in the drop down,
then proceed to fill out the LDAP connection settings as described below.
The name of this LDAP connection.
The FQDN or IP address for the LDAP server. If using LDAPS, include the relevant port (i.e. ldap.domain.com:636)
Secure Store App Id
The ID of your saved credentials in SharePoint's Secure Store Service.
The username of the LDAP account that will be used to bind to LDAP in order to query users or groups. If the Username field is left blank the LDAP query will be made using the SharePoint farm account.
The password for the LDAP account.Note: Passwords are stored in plain text with the other configuration data.
The root (BaseDN) for the LDAP search.
The Identity Attribute refers to the LDAP attribute that is used to populated the Identity Claim Type (which you selected in the Claim Settings at the top of the page). The LDAP attribute configured where must match the LDAP attribute used in PingFederate to populate that WS-Fed attribute.
For example, an Identity Attribute of userPrincipalName has an Identity Claim Type of http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
Select either SID or Distinguished Name (DN) to be used as the group unique identifier.
Server Time Limit (seconds)
The maximum number of seconds that the server will wait for a search to complete.
Client Timeout (seconds)
The maximum number of seconds that the client will wait for the server to return results.
Maximum number of objects to return
This refers to the maximum number of search results you want the People Picker to return.
You can set this to a number between 0 and 500.
- If you set this to 0, it will use the SharePoint default size limit of 1000 entries.
Minimum characters to start search
This refers to the minimum number of characters (letters) an end user must type into the People Picker search window before the search starts to execute.
Tip: Each LDAP connection you add here will only be enabled for the specific SharePoint web application you selected. If you want to add the same LDAP connection to multiple SharePoint web applications, you will need to repeat the same configuration steps (4-5-6) for each SharePoint web application.
You can set this to a number between 4 and 10.
- If you set this to 0, it will use the SharePoint default setting of 3 characters.
Provide a custom LDAP query to be used for search. Leave this property blank to use the default query:
Page created: 24 Jul 2019 |
Page updated: 8 Feb 2022