LDAP errors on IM and SSO Integration
search cancel

LDAP errors on IM and SSO Integration

book

Article ID: 111769

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

We are working to Integrate the Virtual Appliance Identity Manager with Single Sign On. When we delete the directories and environment and start the application server we notice that it's failing to create the directories with the following errors. 

2018-08-17 18:49:26,676 INFO  [ims.Main] (MSC service thread 1-4) * Deploying Directory : UserStore
2018-08-17 18:49:27,371 ERROR [ims.tasktrack.LLSDK] (MSC service thread 1-4) SmApiException: retCode is [facility=4 severity=3 reason=0 status=2 message=SmImsCommand (createImsDirectory) Provider call failed
Error Code was: -2147418012
Error Message: Unknown Failure ID:4] apiObj tried to tunnel the following:   {}

In the SMPS log we see this error:
[08/17/2018][20:12:02.055][20:12:02][10209][140106094589696][SmObjLDAP_IMSDirectory6.cpp:898][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-log-00000] LDAP error code '34' Message 'Invalid DN syntax'] 
Invalid DN syntax. 

Environment

Identity Suite Virtual Appliance
Identity Manager (IM)
Single Sign on (SSO)

Resolution

On creation of the directories and you see the error "LDAP error code '34' Message 'Invalid DN syntax'] Invalid DN syntax." it's most likely due to the LDAP Schema on SSO not being extended. This can vary depending on which type of LDAP is being used as the Policy Store. For CA Directory Please make sure to extend the schema and try again. To extend the Schema please follow our documentation

https://docops.ca.com/ca-identity-manager/14-1/EN/configuring/ca-single-sign-on-integration/integrate-ca-single-sign-on-with-ca-identity-manager/configure-the-ca-sso-policy-store#ConfiguretheCASSOPolicyStore-CADirectoryServer