Issue with AD LDS user directory connection
Article ID: 106852
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
In 12.52 SP1 CR08, There are NOT authenticate issue for AD LDS user store, and Policy Server recognize user store AD DS, NOT AD LDS.
1: Access to protected resource
2. Enter credential in AD LDS user store
3. Display error screen and failed message in smps.log
smps.log:
[38179/4065987440][Tue Dec 19 2017 15:54:49][plugin_AD.cpp:844][ERROR][sm-Ldap-02070] Failed to read Active Directory user attribute userAccountControl for user: cn=testuser,ou=People,dc=example,dc=com
1: Access to protected resource
2. Enter credential in AD LDS user store
3. Display error screen and failed message in smps.log
<Please see attached file for image>
smps.log:
[38179/4065987440][Tue Dec 19 2017 15:54:49][plugin_AD.cpp:844][ERROR][sm-Ldap-02070] Failed to read Active Directory user attribute userAccountControl for user: cn=testuser,ou=People,dc=example,dc=com
Environment
ProductName=CA SiteMinder Policy Server
FullVersion=12.52.107.2259
FullVersion=12.52.107.2259
Cause
That is the issue which was introduced in CR7 release as a regression. Normally PS does check what type of User Directory it is connecting with, while checking in CR7 it is mistakenly(code change) looking for AD attributes instead of AD LDS. this is fixed in CR9 release.
Resolution
This issue will be fixed in CR09 and 12.8 Policy Server version.
Additional Information
DE326287/ DE335297 Policy Server identifies the ADLDS user store as Active Directory.
https://docops.ca.com/display/casso128J/Defects+Fixed
https://docops.ca.com/display/casso128J/Defects+Fixed
Attachments
Feedback
Yes
No
Powered by
