search cancel

WAMUI - Unable to contact the following LDAP directory to check its type

book

Article ID: 134042

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

We're running an AdminUI and when we want to configure a group to a

Policy for Federation, then the AdminUI returns error :

  Error: Unable to contact the LDAP directory to determine if it is an

  Active Directory directory, so that it can manage the group user

  policy appropriately. Correct the problem, and then resume the

  configuration of the partnership.


How can we solve this ?

Environment

  Policy Server 12.52SP1CR05;

  AdminUI 12.52SP1CR05;


Resolution

At first glance, this issue might occurs if you have configured the

LDAP User Directory with multiples instances, and if you have

configured the instances for loadbalancing.

This issue is fixed in Policy Server 12.8. And there's a work around :

You can :

  temporarily modify the User Directory connection to use "failover";

  update the partnership to add the group, and then after saving the

  partnership modify the User Directory Connection back to

  "Load-balance"

What is the LDAP User Directory configuration ?

This can also be due to a timeout between the Policy Server and the

LDAP User Directory :

  Could not reach LDAP directory to determine if it's an Active

  Directory, for correct handling of Group user policy. Please correct

  the issue and then resume partnership configuration.

  https://ca-broadcom.wolkenservicedesk.com/kb/could-not-reach-ldap-directory-to-determine-if-its-an-active-directory-for-correct-handling-of-group-user-policy-please-correct-the-issue-and-then-resume-partnership-configuration/kb000013385