Communication requirements between CA SSO and Active Directory

Document ID : KB000096925
Last Modified Date : 18/05/2018
Show Technical Document Details
Which port/protocol required for communication on the following conditions in CA SSO. 

- Active Directory (AD) is used as a policy store / a user store of CA SSO. 
(LDAP:389 is defined for the policy store / user store) 
- The Kerberos authentication sheme is used as an authentication scheme. 
- WebAgent and the PolicyServer are operating by RHEL7.3 and are participating to the domain. 

Can you show the requirements for communication with ActiveDirectory for WebAgent and PolicyServer, respectively? 
CA SiteMinder R12.7 
OS RedHat 7 
Required settings were as follows.

(1) CA SSO WebAgent - Active Directory communication 
   WebAgent -> AD 88 TCP/UDP Kerberos 
(2) CA SSO PolicyServer - Active Directory communication 
   PolicyServer -> AD 389 LDAP User directory
   PolicyServer -> AD 88 Kerberos KDC

If DNS on AD server is used, DNS port 53 is required. 

About a port required in order to make RHEL7.3 participate to the domain, if required, please ask Red Hat software.