ISSUE:

Policy Server is logging “Error 91 - Can't connect to the LDAP server“ against the LDAP policy store, despite success with the following approaches from Policy Server:

·         telnet to the LDAP port (with hostname or IP address)

·         Test Connection via SM Management console

·         execute the ldapsearch command

CAUSE:

The default Ping timeout should be 10 seconds, but with R12.52 SP1 release, somehow Policy Server is reading the value in milliseconds instead of seconds.

RESOLUTION:

Fix is incorporated with R12.52 SP1 CR1 release onward. With the fix, Policy Server is reading the LDAPPingTimeout value in seconds.

WORKAROUND:

Add/ update the following registry key in sm.registry file on UNIX or through Registry Editor on Windows:

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Debug
LDAPPingTimeout = 10000; REG_DWORD

Alternatively, you can define a reasonable ping timeout in milliseconds.

Restart Policy Server after the updates.