Issue with AD LDS user directory connection

book

Article ID: 106852

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

In 12.52 SP1 CR08, There are NOT authenticate issue for AD LDS user store, and Policy Server recognize user store AD DS, NOT AD LDS.

1: Access to protected resource
2. Enter credential in AD LDS user store
3. Display error screen and failed message in smps.log

<Please see attached file for image>

User-added image

smps.log:
[38179/4065987440][Tue Dec 19 2017 15:54:49][plugin_AD.cpp:844][ERROR][sm-Ldap-02070] Failed to read Active Directory user attribute userAccountControl for user: cn=testuser,ou=People,dc=example,dc=com

Cause

That is the issue which was introduced in CR7 release as a regression. Normally PS does check what type of User Directory it is connecting with, while checking in CR7 it is mistakenly(code change) looking for AD attributes instead of AD LDS. this is fixed in CR9 release.

Environment

ProductName=CA SiteMinder Policy Server
FullVersion=12.52.107.2259

Resolution

This issue will be fixed in CR09 and 12.8 Policy Server version.

Additional Information

DE326287/ DE335297 Policy Server identifies the ADLDS user store as Active Directory.
https://docops.ca.com/display/casso128J/Defects+Fixed
 

Attachments

1558699250589000106852_sktwi1f5rjvs16jnk.png get_app