search cancel

LDAP Authsync times out


Article ID: 207765


Updated On:


CA Harvest Software Change Manager


At login by Client to Harvest-Server with an LDAP-User , login is denied, when the password was changed before outside Harvest for the LDAP-User.

By renewing password in Harvest Administrator and say "Change password at next login", the password can be changed at login and then it works.

Problem is, that we have the option -authsynchinterval=01:00:00:00. This should make sure, that the synchronization of passwords takes places every day automatically



The problem encountered was that the openldap connection was doing DNS referrals. 

Unable to chase referral "ldaps://hostname/CN=Configuration,DC=domain,DC=company,DC=country" (-1: Can't contact LDAP server)  

Since the firewall was blocking some of those servers, this could cause timeouts.

How can the LDAP Query be configured, so that chase referrals don't take place?


Release : 13.0.3

Component : CA Harvest Software Change Manager


Create an ldap.conf file and setting the env var in the Harvest server to read and use it.

The ldap.conf just contains one line:
referrals no

1. The system variable name is LDAPCONF
2. System variable is set on the machine on which you are running the hauthtst command. This is a client-side setting. You don't need to do it on your harvest server machine.
But, the client machine needs to have this one.

If you are running a harvest command (like say haccess or hci, etc) from cmd-line, you may want to double check the LDAPCONF setting by running the following command