000030739 - Support for IBM Security Directory Server as an identity source in Authentication Manger 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030739
Applies ToRSA Product Set: Authentication Manager
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition:  Authentication Manager 8.1
IssueThe /opt/rsa/am/server/logs/imsTrace.log file lists the errors below:
2015-04-09 15:46:17,759, [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'], (DirContextImpl.java:1550), trace.com.rsa.ims.connectionpool.jca.common.DirContextImpl, DEBUG, 
aaxxp0001cld.itau.corp.ihf,,,,search( {ou=Applications,dc=rc,dc=itau}, {(objectClass=groupOfUniqueNames)}, {SearchControls( SUBTREE_SCOPE, 25, 120000, [cn, entryDN], false, false )} )
2015-04-09 15:46:17,760, [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'], (DirContextImpl.java:1484), trace.com.rsa.ims.connectionpool.jca.common.DirContextImpl, DEBUG,
aaxxp0001cld.itau.corp.ihf,,,,Unexpected communication error javax.naming.OperationNotSupportedException: [LDAP: error code 12 - R006006 Unsupported or inappropriate critical control '2.16.840.1.113730.3.4.9'
(process_server_controls:2951)]; remaining name 'ou=Applications,dc=rc,dc=itau'
CauseThe IBM Security Directory Server (z/OS LDAP) is not certified by RSA as an external identity source for use with Authentication Manager 8.1.  Since this product has not been QA'ed as an external identity source, support cannot assist when issues related to the external identity source arise.  
ResolutionIn order to obtain technical support from RSA for issues with Authentication Manager 8.1, deployments of the product must be configured with one or more of the following identity sources that are supported with Authentication Manager 8.1:
  • Authentication Manager internal database 
  • Microsoft Active Directory 2008 R2 
  • Microsoft Active Directory 2012 
  • Microsoft Active Directory 2012 R2 
  • Sun Java System Directory Server 7.0 
  • Oracle Directory Server Enterprise Edition 11g 
If more than one identity source is used, the user base must be unique.
There is a pending enhancement request (AM-23667) for supporting IBM Tivoli DS as an external identity source.