Issue with AD LDS user directory connection

Document ID : KB000106852
Last Modified Date : 18/07/2018
Show Technical Document Details
Issue:
In 12.52 SP1 CR08, There are NOT authenticate issue for AD LDS user store, and Policy Server recognize user store AD DS, NOT AD LDS.

1: Access to protected resource
2. Enter credential in AD LDS user store
3. Display error screen and failed message in smps.log
User-added image

smps.log:
[38179/4065987440][Tue Dec 19 2017 15:54:49][plugin_AD.cpp:844][ERROR][sm-Ldap-02070] Failed to read Active Directory user attribute userAccountControl for user: cn=testuser,ou=People,dc=example,dc=com
Environment:
ProductName=CA SiteMinder Policy Server
FullVersion=12.52.107.2259
Cause:
That is the issue which was introduced in CR7 release as a regression. Normally PS does check what type of User Directory it is connecting with, while checking in CR7 it is mistakenly(code change) looking for AD attributes instead of AD LDS. this is fixed in CR9 release.
Resolution:
This issue will be fixed in CR09 and 12.8 Policy Server version.
Additional Information:
DE326287/ DE335297 Policy Server identifies the ADLDS user store as Active Directory.
https://docops.ca.com/display/casso128J/Defects+Fixed