AnsweredAssumed Answered

How to disable AD Referrals ?

Question asked by veeerah on Apr 10, 2013
Latest reply on Apr 10, 2013 by peter_caliri
Hi All,

All our users are from root domain (dc=corp,dc=com) with AD Namespace for user store and we are able to find some LDAP Bind failures to Child Domains (Forest DC)
We are having PS 6.5

[HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\LDAPProvider]
"EnableReferrals"=dword:00000000
"EnableEnhancedReferrals"=dword:00000000
"MaxReferralHops"=dword:00000000
"EnableObjectCategory"=dword:00000001
"EnableSASLBind"=dword:00000000
"IgnoreDefaultRedirectOnADnativeDisabled"=dword:00000001
"EnableADEnhancedReferrals"=dword:00000000
"ChaseReferralsOnBind"=dword:00000000
"EnableSearchFilterCheck"=dword:00000001
"BindLDAPServerDelay"=dword:00000001

Network Trace from Wireshack

Lightweight Directory Access Protocol
LDAPMessage searchResEntry(2899242) "CN=UserID,OU=Person,DC=corp,DC=com" [1 result]
messageID: 2899242
protocolOp: searchResEntry (4)
searchResEntry
objectName: CN=UserID,OU=Person,DC=corp,DC=com
attributes: 2 items
PartialAttributeList item objectClass
type: objectClass
vals: 4 items
AttributeValue: top
AttributeValue: person
AttributeValue: organizationalPerson
AttributeValue: user
PartialAttributeList item sAMAccountName
type: sAMAccountName
vals: 1 item
AttributeValue: UserID
[Response To: 5246]
[Time: 0.001099000 seconds]
Lightweight Directory Access Protocol
LDAPMessage searchResRef(2899242)
messageID: 2899242
protocolOp: searchResRef (19)
searchResRef: 1 item
LDAPURL: ldap://ForestDnsZones.corp.com/DC=ForestDnsZones,DC=corp,DC=com
[Response To: 5246]
[Time: 0.001099000 seconds]
Lightweight Directory Access Protocol
LDAPMessage searchResRef(2899242)
messageID: 2899242
protocolOp: searchResRef (19)
searchResRef: 1 item
LDAPURL: ldap://DomainDnsZones.corp.com/DC=DomainDnsZones,DC=corp,DC=com
[Response To: 5246]
[Time: 0.001099000 seconds]
Lightweight Directory Access Protocol
LDAPMessage searchResRef(2899242)
messageID: 2899242
protocolOp: searchResRef (19)
searchResRef: 1 item
LDAPURL: ldap://Child1.corp.com/DC=Child1,DC=corp,DC=com
[Response To: 5246]
[Time: 0.001099000 seconds]
Lightweight Directory Access Protocol
LDAPMessage searchResRef(2899242)
messageID: 2899242
protocolOp: searchResRef (19)
searchResRef: 1 item
LDAPURL: ldap://Child2.corp.com/DC=Child2,DC=corp,DC=com
[Response To: 5246]
[Time: 0.001099000 seconds]
Lightweight Directory Access Protocol
LDAPMessage searchResRef(2899242)
messageID: 2899242
protocolOp: searchResRef (19)
searchResRef: 1 item
LDAPURL: ldap://corp.com/CN=Configuration,DC=corp,DC=com
[Response To: 5246]
[Time: 0.001099000 seconds]
Lightweight Directory Access Protocol
LDAPMessage searchResDone(2899242) success [1 result]
messageID: 2899242
protocolOp: searchResDone (5)
searchResDone
resultCode: success (0)
matchedDN:
errorMessage:
[Response To: 5246]
[Time: 0.001099000 seconds]

Outcomes