Symantec IGA

  • Private Community

  • 1.  Active Directory Authentication Internal Error

    Posted Oct 26, 2017 10:23 AM

    You may run into the following issue when configuring Active Directory Authentication that is available since IdSuite 14.1.

    When you set the BASEDN to the root of the AD domain (like DC=lab,DC=local) AD will respond to searches with referrals that are not handled correctly by the current version of the Authentication Module. As a result a login with correct credentials will return “Error: AD Internal Error:Check AD”.

    As a workaround, you can configure the SERVERS property to point to the catalog by adding the port (SERVERS=adserver:3268 or adserver:3269 if you use SSL ).

    Another possibility is to add a container to the BASEDN like “CN=Users,DC=lab,DC=local”, if all your users are in this OU. Another thing to note is the location of the trusted keystore. The path used is %JAVA_HOME%\jre\lib\security\cacerts 

     

    Hope this may save time until this issue is fixed in a future version.

     

    Regards,

    Dirk



  • 2.  Re: Active Directory Authentication Internal Error

    Posted Oct 26, 2017 11:34 AM

    Dirk,

     

    Does the AD auth feature support multiple domains? I have a situation here where the customer has 5 domains in a forest.

     

    Thanks,

    Nishanth



  • 3.  Re: Active Directory Authentication Internal Error

     
    Posted Oct 27, 2017 03:21 PM

    Thank you for sharing this tip with the community Dirk!

    Active Directory Authentication Internal Error 



  • 4.  Re: Active Directory Authentication Internal Error

    Posted Mar 30, 2018 04:46 PM

    Great workaround, Thanks for posting!