Access Manager: Problems connecting to Active Directory

system
This article is marked as obsolete.

Here are some common problems that we have encountered whilst connecting to Active Directory.

 

Synchronize fails with "Failed to connect. simple bind failed: dc.example.local:636. Please see the logs for more detail."

Inspection of the log files show:

INFO | jvm 1 | 2012/10/11 09:24:38 | at com.nervepoint.connector.AbstractConnector.open(AbstractConnector.java:231) 
INFO | jvm 1 | 2012/10/11 09:24:38 | at com.nervepoint.connector.ConnectorBuilder.buildConnector(ConnectorBuilder.java:59) 
INFO | jvm 1 | 2012/10/11 09:24:38 | at com.nervepoint.connector.ConnectorBuilder.buildConnector(ConnectorBuilder.java:42) 
INFO | jvm 1 | 2012/10/11 09:24:38 | at com.nervepoint.wui.core.install.TestStatus.run(TestStatus.java:160) 
INFO | jvm 1 | 2012/10/11 09:24:38 | at java.lang.Thread.run(Thread.java:679) 
INFO | jvm 1 | 2012/10/11 09:24:38 | Caused by: javax.naming.CommunicationException: simple bind failed: dc.example.local:636 [Root exception is java.net.SocketException: Connection reset]

It appears that SSL is not configured correctly on the Active Directory. 

To check if the SSL is correctly configured, you can use the following procedure on the AD server:

1.       Open the Ldp snap-in. To open Ldp, click Start. In Start Search, type ldp. Right-click the Ldp icon on the Start menu, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

2.       Click the Ldp Connection menu, and then click Connect. In Server, type the host name of the server to which you want to connect. Ensure that Port is set to 636, the Connectionless check box is cleared, and the SSL check box is selected, and then click OK. If you receive a message that says Cannot open connection, LDAP-over-SSL binding is not configured properly.

3.       Click the Connection menu, click Bind, and then click OK.

4.       The command output should display the user name and domain name that you used for binding, if LDAP over SSL is configured properly.