When configuring the Active Directory Authentication Module for CA Identity Suite 14.x, and setting the BASEDN to the root of the AD domain (example; DC=lab,DC=local) AD will respond to searches with referrals that are not handled correctly by the current version of the Authentication Module. As a result, a login with correct credentials will return “Error: AD Internal Error:Check AD”. How can this issue be resolved?
Configure the SERVERS property to point to the catalog by adding the port
SERVERS=adserver:3268 or adserver:3269 if you use SSL.
Another option is to add a container to the BASEDN.
If all the users are in this OU. Another note is the location of the trusted keystore. The path used is %JAVA_HOME%\jre\lib\security\cacerts