Communication requirements between CA SSO and Active Directory

Document ID : KB000096925
Last Modified Date : 18/05/2018
Show Technical Document Details
Question:
Which port/protocol required for communication on the following conditions in CA SSO. 

- Active Directory (AD) is used as a policy store / a user store of CA SSO. 
(LDAP:389 is defined for the policy store / user store) 
- The Kerberos authentication sheme is used as an authentication scheme. 
- WebAgent and the PolicyServer are operating by RHEL7.3 and are participating to the domain. 

Can you show the requirements for communication with ActiveDirectory for WebAgent and PolicyServer, respectively? 
Environment:
CA SiteMinder R12.7 
OS RedHat 7 
Answer:
Required settings were as follows.

(1) CA SSO WebAgent - Active Directory communication 
   WebAgent -> AD 88 TCP/UDP Kerberos 
 
(2) CA SSO PolicyServer - Active Directory communication 
   PolicyServer -> AD 389 LDAP User directory
   PolicyServer -> AD 88 Kerberos KDC

If DNS on AD server is used, DNS port 53 is required. 

About a port required in order to make RHEL7.3 participate to the domain, if required, please ask Red Hat software.