Active Directory Authentication Internal Error in CA Identity Manager 14.1

Document ID : KB000016428
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

When configuring Active Directory Authentication for CA Identity Suite 14.1, setting the BASEDN to the root of the AD domain (like DC=lab,DC=local) AD will respond to searches with referrals that are not handled correctly by the current version of the Authentication Module. As a result a login with correct credentials will return “Error: AD Internal Error:Check AD”. How would this issue be resolved?

Answer:

Configure the SERVERS property to point to the catalog by adding the port (SERVERS=adserver:3268 or adserver:3269 if you use SSL ). Another option is to add a container to the BASEDN like “CN=Users,DC=lab,DC=local”, if all the users are in this OU. Another note is the location of the trusted keystore. The path used is %JAVA_HOME%\jre\lib\security\cacerts