Kelly Wong

Tech Tip - CA Single Sign-On: Policy Server logs error 91 against LDAP policy store

Blog Post created by Kelly Wong Employee on Apr 21, 2016

CA Single Sign-On Tech Tip by Sau Lai Wong, Senior Support Engineer for 21st April 2016

 

ISSUE:

Policy Server logs “Error 91 - Can't connect to the LDAP server“ against the LDAP policy store, despite success with the following approaches from Policy Server:

  • telnet to the LDAP port (with hostname and IP address)
  • Test Connection via SM Management Console
  • execute the ldapsearch command

 

CAUSE:

The default Ping timeout should be 10 seconds, but with R12.52 SP1 release, somehow Policy Server is reading the value in milliseconds instead of seconds.

 

RESOLUTION:

Fix is incorporated with R12.52 SP1 CR1 release onward. With the fix, Policy Server is reading the LDAPPingTimeout value in seconds.

 

WORKAROUND:

Add/ update the following registry key in sm.registry file on UNIX or through Registry Editor on Windows:

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Debug
LDAPPingTimeout = 10000; REG_DWORD

 

Alternatively, you can define a reasonable ping timeout in milliseconds.

Restart Policy Server after the updates.

Outcomes