##### Tip Description
Lot of times ,you may get LDAP error 91 or 81 such as the below knowing that your directory is up and running with no issues .
[SmDsLdapConnMgr.cpp:923][ERROR] SmDsLdapConnMgr Bind. Server 159.202.167.217 : 14389. Error 91-Can't connect to the LDAP server
Their might be lot of causes that can result "LDAP Error 91-Can't connect to the LDAP server"
This is normally a pretty straightforward problem. It means it cannot open a connection to the LDAP server. Typical reasons are:
-bad ip
-bad hostname
-bad port #
-firewall, load balancer, router etc
Now another cause that few think about is the LDAP referrals.
If the user directory is sending back LDAP referrals that Siteminder is trying to connect to ,This can cause these errors to show up .
We have 2 kinds of referrals :
- Their is the SDK referral which is managed by the LDAP layer on the policy server
- there is the Enhanced referral that is managed by the Siteminder itself
To disable the referrals Please follow the below steps :
- You can disable the "Enhanced referrals" from Siteminder from smconsole --> Data tab by un-flagging the "enable Enhanced Referrals" option at the button of the page .
- The second referral that we need to disable is the SDK which can be found as described below
EnableReferrals :
In HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\LDAPProvider
Note: The value is shown in hexadecimal notation. "EnableReferrals"=dword:00000001
Determines if any LDAP referrals are handled by the Policy Server. If set to 0, no LDAP referrals will be accepted by the Policy Server. If set to 1, the Policy Server accepts LDAP referrals.
LDAP referrals are enabled by default. This setting may only be modified by editing the Registry.
Restart your policy server for the changes to take effect.