When configuring the Active Directory Authentication Module for CA Identity Suite 14.x, and setting the BASEDN to the root of the AD domain (example; DC=lab,DC=local) AD will respond to searches with referrals that are not handled correctly by the current version of the Authentication Module.  As a result, a login with correct credentials will return “Error: AD Internal Error:Check AD”. How can this issue be resolved?

Release: 14.x
Component: IDMGR

Configure the SERVERS property to point to the catalog by adding the port

For example

SERVERS=<adserver>:3268 or <adserver>:3269 if you use SSL.

Another option is to add a container to the BASEDN.

For Example:

“CN=Users,DC=lab,DC=local”

If all the users are in this OU. Another note is the location of the trusted keystore. The path used is %JAVA_HOME%\jre\lib\security\cacerts