Getting "[ERROR]SmDsLdapConnMgr Bind. Server DC.domain.com : 636. Error 81-Can't contact LDAPserver" when trying to authenticate with AD configured in SSL

book

Article ID: 49048

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

Even if you have configured properly the cert7.db and you are able to browse successfully your AD by using the policy server Admin UI, you may have the following error when trying to authenticate when using AD with SSL as User Store :

  • [ERROR]SmDsLdapConnMgr Bind. Server DC.domain.com : 636. Error 81-Can't contact LDAPserver

Where DC.domain.com is the domain controller not the AD server.

Solution:

This is due to the fact that all your Active Directory servers are not configured in SSL and some of them do not accept SSL connections. When the domain controller try to connect to one of the AD in SSL (636 port) it is not able to connect to some of them.

The solution is to disable the Enhanced LDAP Referrals on the policy server management console. You will then use only the AD servers defined in the list of the User Directory definition.

Environment

Release:
Component: SMPLC