search cancel

Error: AD Internal Error:Check AD when logging into IM User Console

book

Article ID: 16428

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Suite

Issue/Introduction

When configuring the Active Directory Authentication Module for CA Identity Suite 14.x, and setting the BASEDN to the root of the AD domain (example; DC=lab,DC=local) AD will respond to searches with referrals that are not handled correctly by the current version of the Authentication Module.  As a result, a login with correct credentials will return “Error: AD Internal Error:Check AD”. How can this issue be resolved?

Environment

Release: 14.x
Component: IDMGR

Resolution

Configure the SERVERS property to point to the catalog by adding the port

For example

SERVERS=adserver:3268 or adserver:3269 if you use SSL.

 

Another option is to add a container to the BASEDN.

 

For Example:

“CN=Users,DC=lab,DC=local”

 

If all the users are in this OU. Another note is the location of the trusted keystore. The path used is %JAVA_HOME%\jre\lib\security\cacerts