Symantec IGA

CA IDM r12.6.6

JBoss 6.4 EAP

Active Directory Windows 2003

Error: 11/19/2015 2:10:27 PM: :ETA_E_0003<ADI>, Active Directory Endpoint 'ad002' creation failed: Connector Server Add failed: code 13 (CONFIDENTIALITY_REQUIRED): failed to add entry eTADSDirectoryName=ad002,eTNamespaceName=ActiveDirectory,dc=im,dc=etasa: JCS@caidm126: JNDI: Failed to activate connector on proxy connector server: [LDAP: error code 13 - Confidentiality Required] (ldaps://caidm126:20411)

Please help on this

In 90% of the cases the CONFIDENTIALITY_REQUIRED message indicates that the certificates are not correct.

Have you installed certificate from the AD?

There is a test program (adslapdiag or something) located in provisioning server\bin directory.

There are also steps in the manual in how to get the certificate

Cheers, Atle

Yes. Please give right doc to how to install AD certificate

Thanks,

Saravana

Hello,

Please, refer to the CA Identity Management & Governance Connectors Guides

(https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={B3173B4D-17D8-42D8-85FA-F72285CA90A9})

Microsoft Active Directory, Microsoft Exchange, and Microsoft Lync »How to Connect to Active Directory

(https://wiki.ca.com/display/IMGC10/How+to+Connect+to+Active+Directory)

Best regards, Laurent

Hi ,

Please need your help

i am also getting the same error when connecting to Active Directory

:ETA_E_0019<RDI>, Active Directory Endpoint AD creation failed: Connector Server Add failed: code 13 (CONFIDENTIALITY_REQUIRED): failed to add entry eTADSDirectoryName=AD,eTNamespaceName=ActiveDirectory,dc=im,dc=etasa

What is the version of CA Identity Manager in use? 

With the release of version 14.1, we have also provided AD Cert Util along with the product that makes it easier to apply certificates.

Active Directory Certificate Utility - CA Identity Management & Governance Connectors - CA Technologies Documentation 

Hi Satbeer,

 we are using the CA IDM  version 12.6.5

Hi SabreeW75350521

You should provide a bit more context:

1. is your C++ connector installed on the same machine as the AD you want to provision?

2. If not, is your C++ connector installed in the same AD domain or another Domain?

3. does the digital certificate you created for your Active Directory domain controller indicate the FQDN of the host as the subject name?

4. Did you specify the same FQDN in the CA identity manager Endpoint host field?

KR
Russi 

Hi Russi

 We are facing the same issue can you please share your idea.

1. No C++ connector is installed in different machine.

2. Different domain name. 

 * Is that mandatory that both should be in same domain name?

3. yes

4. yes

  We are trying with CA Vapp 14.0 and we don't find the adsldapdiag.exe in provisioning server->bin

BR

Kirupakaran