Policy Server failed to connect to the LDAP policy store

book

Article ID: 40524

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

ISSUE:

Policy Server is logging “Error 91 - Can't connect to the LDAP server“ against the LDAP policy store, despite success with the following approaches from Policy Server:

·         telnet to the LDAP port (with hostname or IP address)

·         Test Connection via SM Management console

·         execute the ldapsearch command

 

CAUSE:

The default Ping timeout should be 10 seconds, but with R12.52 SP1 release, somehow Policy Server is reading the value in milliseconds instead of seconds.

  

RESOLUTION:

Fix is incorporated with R12.52 SP1 CR1 release onward. With the fix, Policy Server is reading the LDAPPingTimeout value in seconds.

 

WORKAROUND:

Add/ update the following registry key in sm.registry file on UNIX or through Registry Editor on Windows:

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Debug
LDAPPingTimeout = 10000; REG_DWORD

Alternatively, you can define a reasonable ping timeout in milliseconds.

Restart Policy Server after the updates.

 

 

Environment

Release:
Component: SMPLC