000023241 - rsautil initialize-is --status to check connection to LDAP fails

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000023241
Applies ToWindows 2003 Server SP1
Red Hat Linux AS 3.0
Authentication Manager 7.0
Issuersautil initialize-is --status to check connection to LDAP fails

C:\Program Files\RSA Security\RSA Authentication Manager\utils>rsautil initialize-is --status --ldap-name vm235-4_AD

Enter master password: **********

Testing connection to the primary server... Failed

Testing connection to the secondary server... Not Found

C:\Program Files\RSA Security\RSA Authentication Manager\utils>

Cause

Possibly causes:

1.  You have not restarted the Authentication Manager services after importing the certificate and running the deploy command.

2.  The LDAP administrator specified during the deploy doesnt have proper permissions to access the LDAP.

3.  The deploy command had errors. (wrong LDAP URL for instance)

4.  If creating the connection over LDAPS the SSL certificate has not been installed properly.

5.  You deployed the same connector more than once with the same name, now if you run rsautil initialize-is --list you see more than one matching connector. 

Resolution

1.  If you make a mistake during the deploy, run an undeploy and start over again. (rsautil initialize-is --undeploy --ldap-name <name>)

2.  If you are using LDAPS you need to import the SSL certificate.  How to import the SSL certificate and deploy the LDAP resource adapter in Authentication Manager 7.0.

3.  Use another ldap browser to verify you can connect using the LDAP user you specified in the deploy.  If you can't connect then you will need to troubleshoot that before the deploy will work.

NotesThe rsautil initialize-is --deploy command doesnt actually attempt to connect to the LDAP, it merely creats the connector in the Application server as defined by the command.  Because of this it almost never fails... even if the LDAP information entered is invalid.  Running rsautil initialize-is --status attempts to establish the connection.  If this fails then you will not be able to create the identity source in the console.
Legacy Article IDa34842

Attachments

    Outcomes