Layer7 Access Management

Expand all | Collapse all

Error:  [General]  Could not contact the user directory

Jump to Best Answer
  • 1.  Error:  [General]  Could not contact the user directory

    Posted 08-13-2015 12:00 PM

    Hi,

     

    I'm trying to connect CA SSO with an existing user directory which is located in a VM with AD DS. But after many tries I always get "Error:  [General]  Could not contact the user directory" I checked that Active Directory is listening on port 9389:

     

    C:\Users\Administrator>tasklist


    Image Name                    PID Session Name        Session#    Mem Usage

    ========================= ======== ================ =========== ============


    Microsoft.ActiveDirectory    1300 Services                  0    54.572 K

     

    C:\Users\Administrator>netstat -nao | find "1300"

      TCP    0.0.0.0:9389          0.0.0.0:0              LISTENING      1300

      TCP    [::]:9389              [::]:0                LISTENING      1300

      TCP    [::1]:62079            [::1]:389             ESTABLISHED    1300

      TCP    [::1]:62080            [::1]:389             ESTABLISHED    1300

      TCP    [::1]:62082            [::1]:389             ESTABLISHED    1300

      UDP    0.0.0.0:61300          *:*                                  1376

      UDP    127.0.0.1:49872        *:*                                  1300

     

    So CA SSO has to establish connection with X.X.X.21:9389.

    Regarding LDAP Settings, the LDAP tree is this one:

     

    Untitled.png

    So, if I'm not wrong:

    • Root: DC = AJC03, DC = LEARNING, DC = LAB
    • Scope: Sub-Tree
    • Max Time: 30
    • Max Results: 0
    • User Object: [is this necessary? Where can I find it?]
    • User Class: OID
    • Start: [I'm not quite sure of this one]
    • End:[I'm not quite sure of this one]


    How Important are the User Attributes?


    And yes, from VM where CA SSO is located, the VM where AD DS is installed can be "pinged".

    Sometimes I tried to add Administrator Credentials, is this right fulfilled?

    • Username: Administrator
    • Password: ······
    • Confirm Password: ······


    What am I doing wrong? Thanks.


    PS: In both VM is MS Server 2008 R2 installed


    Kind regards,

    Andrés-J. Cremades






  • 2.  Re: Error:  [General]  Could not contact the user directory

    Posted 08-13-2015 08:33 PM

    Hi ajcremades,

     

    The user attributes mapping is required when you have SM Password Services setup fro this user store.

     

    Please confirm if you checked the "Require credentials" checkbox and define the administrator credentials that has privileges to create user store connection.

     

    For User DN Lookup, specify the following:

    (Start): (sAMAccountName=

    (End): )

     

    Best regards,

    Kelly



  • 3.  Re: Error:  [General]  Could not contact the user directory
    Best Answer

    Posted 08-14-2015 04:19 AM

    Hi,

    this is weird. I did two changes and now the connection works:

    1. Delete port number from IP address.
    2. In admin credentials, specify in administrator username the domain: DOMAIN\Administrator

    The thing I have to fix now is getting the right list of users. I mean, when I check Directory Contents I don't get what I want, but at least it works. I suppose I have to fill better the attributes in LDAP Settings and User Attributes.

    Why what I did solved my problem? Do you know why?

     

    Thanks and kind regards,

    Andrés-J. Cremades



  • 4.  Re: Error:  [General]  Could not contact the user directory

    Posted 08-15-2015 12:09 AM

    Hi ajcremades,

     

    When you delete the port number from the server details, default port is used -- 389 for non-SSL and 636 for SSL. Maybe the port number was the issue.

     

    Best regards,

    Kelly



  • 5.  Re: Error:  [General]  Could not contact the user directory

    Posted 08-17-2015 02:58 AM

    Hi wonsa03!

     

    So if no port is given, then CA SSO have 389 and 636 ports configured as default ports. Got it! I've just checked it on Policy Server Configuration Guide. I found that I'm using 389 port. Thanks a lot!