We're running an AdminUI and when we want to configure a group to a
Policy for Federation, then the AdminUI returns error :
Error: Unable to contact the LDAP directory to determine if it is an
Active Directory directory, so that it can manage the group user
policy appropriately. Correct the problem, and then resume the
configuration of the partnership.
How can we solve this ?
Policy Server 12.52SP1CR05;
AdminUI 12.52SP1CR05;
At first glance, this issue might occurs if you have configured the
LDAP User Directory with multiples instances, and if you have
configured the instances for loadbalancing.
This issue is fixed in Policy Server 12.8. And there's a work around :
You can :
temporarily modify the User Directory connection to use "failover";
update the partnership to add the group, and then after saving the
partnership modify the User Directory Connection back to
"Load-balance"
What is the LDAP User Directory configuration ?
This can also be due to a timeout between the Policy Server and the
LDAP User Directory :
Could not reach LDAP directory to determine if it's an Active
Directory, for correct handling of Group user policy. Please correct
the issue and then resume partnership configuration.
- Document Reference:
https://knowledge.broadcom.com/external/article?articleId=13385