ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Issue with AD LDS user directory connection


Article ID: 106852


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


In 12.52 SP1 CR08, There are NOT authenticate issue for AD LDS user store, and Policy Server recognize user store AD DS, NOT AD LDS.

1: Access to protected resource
2. Enter credential in AD LDS user store
3. Display error screen and failed message in smps.log

<Please see attached file for image>

User-added image

[38179/4065987440][Tue Dec 19 2017 15:54:49][plugin_AD.cpp:844][ERROR][sm-Ldap-02070] Failed to read Active Directory user attribute userAccountControl for user: cn=testuser,ou=People,dc=example,dc=com


That is the issue which was introduced in CR7 release as a regression. Normally PS does check what type of User Directory it is connecting with, while checking in CR7 it is mistakenly(code change) looking for AD attributes instead of AD LDS. this is fixed in CR9 release.


ProductName=CA SiteMinder Policy Server


This issue will be fixed in CR09 and 12.8 Policy Server version.

Additional Information

DE326287/ DE335297 Policy Server identifies the ADLDS user store as Active Directory.


1558699250589000106852_sktwi1f5rjvs16jnk.png get_app