This claims provider for SharePoint 2013 and 2016 queries Active Directory and LDAP servers to enhance people picker with a great search experience in federated authentication (typically ADFS):

People picker with LDAPCP

If you want to try and see LDAPCP in action, check this template that deploys SharePoint 2013/2016 in your Azure tenant, fully configured with ADFS and LDAPCP.


  • Easy to configure with administration pages added in Central administration > Security.
  • Queries multiple servers in parallel (multi-threaded connections).
  • Populates properties (e.g. email, SIP, display name) upon permission creation.
  • Supports rehydration for provider-hosted add-ins.
  • Supports dynamics tokens “{domain}” and “{fqdn}” to add domain information on permissions to create.
  • Implements SharePoint logging infrastructure and logs messages in Area/Product “LDAPCP”.
  • Ensures thread safety.
  • Implements augmentation to add group membership to security tokens.

Customization capabilities

  • Customize list of claim types, and their mapping with LDAP objects.
  • Enable/disable augmentation globally or per LDAP connection.
  • Customize display of permissions.
  • Customize LDAP filter per claim type, e.g. to only return users member of a specific security group.
  • Set a keyword to bypass LDAP lookup. e.g. input “” directly creates permission “” on claim type set for this.
  • Set a prefix to add to LDAP results, e.g. add “domain" to groups returned by LDAP.
  • Hide disabled users and distribution lists.
  • Developers can easily do a lot more by inheriting base class.