Excessive error 81 in smps logs - EKSP code timeouts as result

Article Id: 7550

Status: Published

Updated On: 14-02-2018 08:18

Legacy Id: TEC1015536

Products:

CA Single Sign On Secure Proxy Server (SiteMinder) , AXIOMATICS POLICY SERVER , CA Single Sign On SOA Security Manager (SiteMinder) , CA Single Sign-On , CA Single Sign-On

Issue/Introduction:

When the policy server initializes a new connection to the LDAP server it receives error 18 on it’s first attempt this results in excessive LDAP error 81’s

Cause:

Directory ordering change R12.52 SP1 Cr5 when determining the directory type MS ADAM search was moved up the case statement if CA directory is the backend LDAP policy server sends a search based on ADAM (not handled by CA directory properly)

When PS first initializes user store it performs a BIND

Then goes through a case statement that detects the directory type

Engineering debugged, reported that when it got to ADAM a bad search was returned to client resulting in Error 81

PS then unbind reconnect

Environment:

Solaris policy server (issue occurs on all platforms)CA Directory as backend LDAP (R12 SP17)

Resolution:

Defect: DE267950 dev fix to be installed on top pf R12.52 Sp1 Cr5

Defect DE280381 dev fix to be installed on top pf R12.52 Sp1 Cr6