How to resolve LDAP connection errors if the user store connection is configured with the LDAP namespace for Active Directory (AD) user store?

Document ID : KB000098918
Last Modified Date : 27/07/2018
Show Technical Document Details
Question:
How to resolve LDAP connection errors if the user store connection is configured with the LDAP namespace for Active Directory (AD) user store?
Answer:
You can see LDAP bind errors in smps.log as below.

Example bind Errors:
[SmDsLdapConnMgr.cpp:809][ERROR] SmDsLdapConnMgr Bind. Server DomainDnsZones.ad2k3systest.com : 389. Error 91-Can't connect to the LDAP server
[SmDsLdapConnMgr.cpp:809][ERROR] SmDsLdapConnMgr Bind. Server ForestDnsZones.ad2k3systest.com : 389. Error 91-Can't connect to the LDAP server
[SmDsLdapConnMgr.cpp:809][ERROR] SmDsLdapConnMgr Bind. Server ad2k3systest.com : 389. Error 91-Can't connect to the LDAP server

Details of the registry EnableADEnhancedReferrals.
This registry entry is added to support the enabling and disabling of the Enhanced Referral for AD (& ADAM) User Directories.
Default value is 1 ( enabled)
If the user store connection ( AD / ADAM) is configured with the LDAP namespace, disable the EnableADEnhancedReferrals registry key. Disabling this registry key prevents LDAP connection errors from occurring.

Use Case:
1) Without registry or with registry enabled
   The error related to LDAP bind errors will be logged in smps.log in case AD user store is accessed using LDAP namespace if this new entry is either unavailable or enabled.
2) With registry disabled (0)
    The error related to LDAP bind errors will NOT be logged in smps.log in case AD user store is accessed using LDAP namespace if this new entry is disabled
Additional Information:
Disable the EnableADEnhancedReferrals Registry Key:
If the user store connection is configured with the LDAP namespace, disable the EnableADEnhancedReferrals registry key. Disabling this registry key prevents LDAP connection errors from occurring.
Contact the policy server administrator and request that the key be disabled.


https://docops.ca.com/display/sm1252sp1J/Configure+an+Active+Directory+User+Store+Connection