CA Single Sign-On Tech Tip by Sau Lai Wong, Senior Support Engineer for 21st April 2016
Policy Server logs “Error 91 - Can't connect to the LDAP server“ against the LDAP policy store, despite success with the following approaches from Policy Server:
- telnet to the LDAP port (with hostname and IP address)
- Test Connection via SM Management Console
- execute the ldapsearch command
The default Ping timeout should be 10 seconds, but with R12.52 SP1 release, somehow Policy Server is reading the value in milliseconds instead of seconds.
Fix is incorporated with R12.52 SP1 CR1 release onward. With the fix, Policy Server is reading the LDAPPingTimeout value in seconds.
Add/ update the following registry key in sm.registry file on UNIX or through Registry Editor on Windows:
LDAPPingTimeout = 10000; REG_DWORD
Alternatively, you can define a reasonable ping timeout in milliseconds.
Restart Policy Server after the updates.