AdminUI won't bind to LDAP for Administrative Authentication with error "A connection to the LDAP directory could not be established"

book

Article ID: 211488

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder)

Issue/Introduction

AdminUI won't bind to AD for Administrative Authentication. 

When going through external admin store configuration wizard, admin enters external user directory connection information, ends up getting an error in admin ui:

Error: A connection to the LDAP directory 'ad.demo.com:389' could not be established for user 'ad_service_account', please check the connection details and try again.

Cause

Customer has verified that the AD service account and password are correct.

Environment

Windows 2012

Policy server: 12.8sp2, 12.8sp3

Resolution

If AD is listening on default port 389, you may remove the port number to move forward within wizard.

If AD is listening on non default port, then you must provide the specific port.

If the LDAP server is listening on secure port and still can not bind with exact same error, even after root CA certificate is imported.

There is a documented defect fixed in 12.8sp4.

01234914, 01253095, 31919674
DE397317, DE394001, DE463142
Administrative UI fails to connect to an external administrative authentication store using TLS 1.2.

Dev fix : cacommons.jar 

STEPS TO INSTALL DEVFIX:

1- stop adminui

2- take the back up of original file cacommons.jar from adminui installed path /opt/CA/siteminder/adminui/standalone/deployments/iam_siteminder.ear/library/ to another location.

3- copy the new file to adminui installed path /opt/CA/siteminder/adminui/standalone/deployments/iam_siteminder.ear/library/

4- start AdminUI

Additional Information

DE394001 12.7 Linux version cacommons.jar
DE495124, DE389355 cacommons.zip file contains 12.8 Windows cacommons.jar

Attachments

1623440796480__cacommons.zip get_app
1621459200669__cacommons.jar get_app