|Applies To||Microsoft Active Directory Application Mode (ADAM)|
Microsoft Windows Server 2003
RSA ClearTrust 5.5.x
|Issue||RSA ClearTrust unable to bind to Microsoft Active Directory Application Mode (ADAM) datastore|
|Cause||There are a few Account Control attributes that Microsoft Active Directory Application Mode (ADAM) uses that can cause unsuccessful binds to the datastore|
If Microsoft Active Directory Application Mode (ADAM) is installed/configured to run as a service, the account that is used to run the service must have sufficient permissions to read the Microsoft certificate store. By default, the install will choose the ?NetworkService? account, which does not have this permission and subsequently the bind will fail.
|Resolution||1. Using ADAM-adsiedit connect to the datastore and drill down to the administrator being used for the CT bind|
2. Right click and select "Properties" for this user
3. Check the following attributes and their values:
If either of these is set to "TRUE", ClearTrust will not be able to connect to the datastore.
In the case of msDS-UserAccountDisabled having a value of TRUE, simply click on this attribute and select "Edit" and change the value to "FALSE". However, mdDS-UserPasswordExpired cannot be edited via ADAM-adsiedit. In this case simply right-click on the admin user and select "Reset Password" to change the password. Once this is done, the mdDS-UserPasswordExpired attribute will be set to "FALSE".
Also, ensure that the account used to start the ADAM instance has the appropriate permissions to the Microsoft certificate store.
NOTE: If you want to keep the current admin password, simply reuse it when prompted by the "Reset Password" screen.
|Legacy Article ID||a24636|