I'm trying to connect CA SSO with an existing user directory which is located in a VM with AD DS. But after many tries I always get "Error: [General] Could not contact the user directory" I checked that Active Directory is listening on port 9389:
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
Microsoft.ActiveDirectory 1300 Services 0 54.572 K
C:\Users\Administrator>netstat -nao | find "1300"
TCP 0.0.0.0:9389 0.0.0.0:0 LISTENING 1300
TCP [::]:9389 [::]:0 LISTENING 1300
TCP [::1]:62079 [::1]:389 ESTABLISHED 1300
TCP [::1]:62080 [::1]:389 ESTABLISHED 1300
TCP [::1]:62082 [::1]:389 ESTABLISHED 1300
UDP 0.0.0.0:61300 *:* 1376
UDP 127.0.0.1:49872 *:* 1300
So CA SSO has to establish connection with X.X.X.21:9389.
Regarding LDAP Settings, the LDAP tree is this one:
So, if I'm not wrong:
How Important are the User Attributes?
And yes, from VM where CA SSO is located, the VM where AD DS is installed can be "pinged".
Sometimes I tried to add Administrator Credentials, is this right fulfilled?
What am I doing wrong? Thanks.
PS: In both VM is MS Server 2008 R2 installed
The user attributes mapping is required when you have SM Password Services setup fro this user store.
Please confirm if you checked the "Require credentials" checkbox and define the administrator credentials that has privileges to create user store connection.
For User DN Lookup, specify the following:
this is weird. I did two changes and now the connection works:
The thing I have to fix now is getting the right list of users. I mean, when I check Directory Contents I don't get what I want, but at least it works. I suppose I have to fill better the attributes in LDAP Settings and User Attributes.
Why what I did solved my problem? Do you know why?
Thanks and kind regards,
When you delete the port number from the server details, default port is used -- 389 for non-SSL and 636 for SSL. Maybe the port number was the issue.
So if no port is given, then CA SSO have 389 and 636 ports configured as default ports. Got it! I've just checked it on Policy Server Configuration Guide. I found that I'm using 389 port. Thanks a lot!