|Applies To||RSA Product Set: Archer|
RSA Version/Condition: All
|Issue||LDAP Sync fails to create more than 1000 users in RSA Archer when connecting to Microsoft Active Directory LDAP Server. The "Disable Page Searching" option is not checked in the LDAP configuration.|
Testing of LDAP configuration attributes in a third party tool like 'Softerra LDAP Browser' produces LDAP referral authentication prompts if results exceed 1000 users.
|Cause||RSA Archer LDAP Sync does not have an ability to recognize LDAP referral authentication prompts. LDAP paged search ends prematurely after the first page and only 1000 users are returned.|
|Resolution||To fix this issue, use port 3268 by appending ":3268" to the LDAP Configuration's Name/IP Address. For LDAPS, use port 3269. Using these ports will allow LDAP search to use Global Catalog domain controller for forest wide search instead of forest root domain search.|
An alternative to port 3268 is to set Referral Chasing to None in Archer LDAP Service configuration file:
|Legacy Article ID||a59700|