I have Project Server 2016. I've config FBA base on this guide - https://docs.microsoft.com/en-us/previous-versions/office/sharepoint-server-2010/ee806890(v=office.14)#section2
When I add FBA user in any Project group (for example "Team Members for Project Web App") - user can FBA authenticate on site and give access level based on group role. But whan I've try to add (Site settings - site permissions - any site role) FBA group (rolemanager:g2) I recieve following error - "Sorry, something went wrong. The user does not exist or is not unique.".
On ULS log I'm getting the following:
08/17/2018 17:09:04.82 w3wp.exe (0x1FEC) 0x07ACSharePoint Foundation Resolve ax7nkMedium Found multiple matches for resolution. Web: 'af904f57-5b8e-49bb-8c23-103a1f187fb1', WebApp: 'null', Input: 'c:0-.f|rolemanager|g2', PrincipalType: 'SecurityGroup', PrincipalSource: 'RoleProvider', MatchCount: '2'.97b0859e-d0e8-80ca-0000-01d782af63af
---
08/17/2018 17:09:04.82 w3wp.exe (0x1FEC) 0x07ACSharePoint Foundation Authentication Authorization a7wirUnexpectedGetUserInfoFromMembershipProvider: Request is in a web context and we can't find the user so we are failing. LoginName: 'c:0-.f|rolemanager|g2', bIsRole: 'True'.97b0859e-d0e8-80ca-0000-01d782af63af
---
08/17/2018 17:09:04.82 w3wp.exe (0x1FEC) 0x07ACSharePoint Foundation Claims Authentication ax8ngMedium ensureUserExistsInternal2: managedCodeInterop.getUserInfoFromMembershipProvider return values. bSuccess: 'False' wzLogin: 'c:0-.f|rolemanager|g2' wstrUserKey: ''97b0859e-d0e8-80ca-0000-01d782af63af
---
08/17/2018 17:09:04.82 w3wp.exe (0x1FEC) 0x07ACSharePoint Foundation General 8kh7High The user does not exist or is not unique. 97b0859e-d0e8-80ca-0000-01d782af63af
---
I've found that if I assign this FBA group (rolemanager:g2) rights on User Policy (CAS - Manage Web Application - My WebApp - User Policy) group add successfully and users (that belong to group r2) can authenticate on Project web site successfully.
What I'm doing wrong?
CAS web.config:
<add name="membership"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="srv-dc01.home.loc"
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="sAMAccountName"
userContainer="DC=home,DC=loc"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
<add name="roleManager"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="srv-dc01.home.loc"
port="389"
useSSL="false"
groupContainer="DC=home,DC=loc"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(ObjectClass=group)"
userFilter="(ObjectClass=person)"
scope="Subtree" />
STS web.config:
<add name="membership"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="srv-dc01.home.loc"
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="sAMAccountName"
userContainer="DC=home,DC=loc"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
<add name="rolemanager"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="srv-dc01.home.loc"
port="389"
useSSL="false"
groupContainer="DC=home,DC=loc"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(ObjectClass=group)"
userFilter="(ObjectClass=person)"
scope="Subtree" />
Project Webapp web.config:
<add name="membership"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="srv-dc01.home.loc"
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="sAMAccountName"
userContainer="DC=home,DC=loc"
userObjectClass="person"
userFilter="(&(ObjectClass=person))"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
<add name="roleManager"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="srv-dc01.home.loc"
port="389"
useSSL="false"
groupContainer="DC=home,DC=loc"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(&(ObjectClass=group))"
userFilter="(&(ObjectClass=person))"
scope="Subtree" />
When I add FBA user in any Project group (for example "Team Members for Project Web App") - user can FBA authenticate on site and give access level based on group role. But whan I've try to add (Site settings - site permissions - any site role) FBA group (rolemanager:g2) I recieve following error - "Sorry, something went wrong. The user does not exist or is not unique.".
On ULS log I'm getting the following:
08/17/2018 17:09:04.82 w3wp.exe (0x1FEC) 0x07ACSharePoint Foundation Resolve ax7nkMedium Found multiple matches for resolution. Web: 'af904f57-5b8e-49bb-8c23-103a1f187fb1', WebApp: 'null', Input: 'c:0-.f|rolemanager|g2', PrincipalType: 'SecurityGroup', PrincipalSource: 'RoleProvider', MatchCount: '2'.97b0859e-d0e8-80ca-0000-01d782af63af
---
08/17/2018 17:09:04.82 w3wp.exe (0x1FEC) 0x07ACSharePoint Foundation Authentication Authorization a7wirUnexpectedGetUserInfoFromMembershipProvider: Request is in a web context and we can't find the user so we are failing. LoginName: 'c:0-.f|rolemanager|g2', bIsRole: 'True'.97b0859e-d0e8-80ca-0000-01d782af63af
---
08/17/2018 17:09:04.82 w3wp.exe (0x1FEC) 0x07ACSharePoint Foundation Claims Authentication ax8ngMedium ensureUserExistsInternal2: managedCodeInterop.getUserInfoFromMembershipProvider return values. bSuccess: 'False' wzLogin: 'c:0-.f|rolemanager|g2' wstrUserKey: ''97b0859e-d0e8-80ca-0000-01d782af63af
---
08/17/2018 17:09:04.82 w3wp.exe (0x1FEC) 0x07ACSharePoint Foundation General 8kh7High The user does not exist or is not unique. 97b0859e-d0e8-80ca-0000-01d782af63af
---
I've found that if I assign this FBA group (rolemanager:g2) rights on User Policy (CAS - Manage Web Application - My WebApp - User Policy) group add successfully and users (that belong to group r2) can authenticate on Project web site successfully.
What I'm doing wrong?
CAS web.config:
<add name="membership"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="srv-dc01.home.loc"
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="sAMAccountName"
userContainer="DC=home,DC=loc"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
<add name="roleManager"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="srv-dc01.home.loc"
port="389"
useSSL="false"
groupContainer="DC=home,DC=loc"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(ObjectClass=group)"
userFilter="(ObjectClass=person)"
scope="Subtree" />
STS web.config:
<add name="membership"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="srv-dc01.home.loc"
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="sAMAccountName"
userContainer="DC=home,DC=loc"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
<add name="rolemanager"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="srv-dc01.home.loc"
port="389"
useSSL="false"
groupContainer="DC=home,DC=loc"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(ObjectClass=group)"
userFilter="(ObjectClass=person)"
scope="Subtree" />
Project Webapp web.config:
<add name="membership"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="srv-dc01.home.loc"
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="sAMAccountName"
userContainer="DC=home,DC=loc"
userObjectClass="person"
userFilter="(&(ObjectClass=person))"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
<add name="roleManager"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="srv-dc01.home.loc"
port="389"
useSSL="false"
groupContainer="DC=home,DC=loc"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(&(ObjectClass=group))"
userFilter="(&(ObjectClass=person))"
scope="Subtree" />