"Error: [General] Time out while connecting to the user directory".
Article ID: 404098
Updated On:
Products
Issue/Introduction
Unable to get the SiteMinder Policy Server to connect to Active Directory and observed below error message on the AdminUI screen while connecting to the User Directory (Active Directory).
"Error: [General] Time out while connecting to the user directory".
Environment
Component: Siteminder Policy Server (SMPLC)
Version: Applicable to all the supported releases
Cause
" LDAPServerIntegrity " level caused the Issue.
When the user performs the " LDAPSearch " from the Policy Server, the below error message has been observed.
------ LDAPSearch Command for reference:
ldapsearch -h <ldap_server_hostname> -p <ldap_server_port> -D "<bind_dn>" -w "<bind_password>" -b "<base_dn>" "(&(objectClass=user)(uid=<username>))"
------ LDAPSearch Command Output Error message:
LdapErr: DSID-0C09032F, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection.
- LDAPSearch Command Output Error Snippet:
Resolution
The issue has been resolved after changing the " LDAPServerIntegrity " level from a 2 to a 1 and then Policy Server was able to contact Active Directory.
As always, It is highly recommended to work with the Directory team at your end and discuss these settings before making any changes.
Additional Information
- " LDAPServerIntegrity " Document reference:
LDAPServerIntegrity is a Microsoft Active Directory setting in the Windows registry on Domain Controllers to indicate the policy for "LDAP Signing".
How to enable LDAP signing in Windows Server
2020, 2023, and 2024 LDAP channel binding and LDAP signing requirements for Windows (KB4520412)
LDAPServerIntegrity
Feedback
