ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to resolve LDAP connection errors if the user store connection is configured with the LDAP namespace for Active Directory (AD) user store?

book

Article ID: 98918

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction



How to resolve LDAP connection errors if the user store connection is configured with the LDAP namespace for Active Directory (AD) user store?

Environment

Release:
Component: SMPLC

Resolution

You can see LDAP bind errors in smps.log as below.

Example bind Errors:
[SmDsLdapConnMgr.cpp:809][ERROR] SmDsLdapConnMgr Bind. Server DomainDnsZones.ad2k3systest.com : 389. Error 91-Can't connect to the LDAP server
[SmDsLdapConnMgr.cpp:809][ERROR] SmDsLdapConnMgr Bind. Server ForestDnsZones.ad2k3systest.com : 389. Error 91-Can't connect to the LDAP server
[SmDsLdapConnMgr.cpp:809][ERROR] SmDsLdapConnMgr Bind. Server ad2k3systest.com : 389. Error 91-Can't connect to the LDAP server

Details of the registry EnableADEnhancedReferrals.
This registry entry is added to support the enabling and disabling of the Enhanced Referral for AD (& ADAM) User Directories.
Default value is 1 ( enabled)
If the user store connection ( AD / ADAM) is configured with the LDAP namespace, disable the EnableADEnhancedReferrals registry key. Disabling this registry key prevents LDAP connection errors from occurring.

Use Case:
1) Without registry or with registry enabled
   The error related to LDAP bind errors will be logged in smps.log in case AD user store is accessed using LDAP namespace if this new entry is either unavailable or enabled.
2) With registry disabled (0)
    The error related to LDAP bind errors will NOT be logged in smps.log in case AD user store is accessed using LDAP namespace if this new entry is disabled

Additional Information

Disable the EnableADEnhancedReferrals Registry Key:
If the user store connection is configured with the LDAP namespace, disable the EnableADEnhancedReferrals registry key. Disabling this registry key prevents LDAP connection errors from occurring.
Contact the policy server administrator and request that the key be disabled.


https://docops.ca.com/display/sm1252sp1J/Configure+an+Active+Directory+User+Store+Connection