|Applies To||RSA Authentication Manager 6.1|
|Issue||How to make LDAP sync jobs work as they did before upgrading to RSA Authentication Manager 6.1|
Sync jobs all show "ERROR" in job list, and test authentication to LDAP server fails as if invalid credentials were supplied
Packet traces show that LDAP server returns error: "LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece"
|Cause||RSA Authentication Manager 6.1 LDAP sync now uses SASL bind by default. If the LDAP server doesn't properly support SASL, bind fails as if invalid credentials were supplied.|
|Resolution||To correct this issue, add a system environment variable to the RSA Authentication Manager server:|
Then restart Authentication Manager services. Now LDAP sync will fall back to using basic authentication if SASL bind fails.
NOTE: SASL authentication is a method of securely passing credentials over LDAP. Simple authentication submits passwords in cleartext, so be aware of the security impact of this change.
|Workaround||Upgraded from RSA ACE/Server or RSA Authentication Manager 6.0 to RSA Authentication Manager 6.1|
|Legacy Article ID||a31359|