If you’re seeing the following error in the ULS logs, hopefully it’ll be as simple a fix for you as it was for me:<\/p>\n
LdapRoleProvider.GetRolesFor() exception: {0}.System.ArgumentException: The (&(((ObjectClass=group))(member=CN=Some User,CN=Users,DC=domain,DC=local)) search filter is invalid.<\/p>\n
at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()<\/p>\n
at Microsoft.Office.Server.Security.LdapRoleProvider.GetRolesFor(String userOrGroupDN, DirectoryEntry groupContainer, LdapDistinguishedNameManager ldapDnManager, List`1& userRoles)<\/p>\n
To resolve this error, all that’s required is to updated the Group and User filter values for the role provider in the forms web application and the security token’s web configuration files.<\/p>\n
The role provider settings I had looked something like:<\/p>\n
\r\n\r\n \r\n Notice the values for groupFilter<\/em> and userFilter<\/em> – ((ObjectClass=person)<\/em>.<\/p>\nThis is correct for the Central Administration web configuration. For the forms web application and security token’s configuration this should be updated to (&(ObjectClass=person))<\/em>.<\/p>\nPerform an IIS reset and next time you log in the exception in the ULS log should be resolved.<\/p>\n","protected":false},"excerpt":{"rendered":"
If you’re seeing the following error in the ULS logs, hopefully it’ll be as simple a fix for you as it was for me: LdapRoleProvider.GetRolesFor() exception: {0}.System.ArgumentException: The (&(((ObjectClass=group))(member=CN=Some User,CN=Users,DC=domain,DC=local)) search filter is invalid. at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext() at Microsoft.Office.Server.Security.LdapRoleProvider.GetRolesFor(String userOrGroupDN, DirectoryEntry … Continue reading