000026092 - RSA ClearTrust unable to bind to Microsoft Active Directory Application Mode (ADAM) datastore

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026092
Applies ToMicrosoft Active Directory Application Mode (ADAM)
Microsoft Windows Server 2003
RSA ClearTrust 5.5.x
IssueRSA ClearTrust unable to bind to Microsoft Active Directory Application Mode (ADAM) datastore
CauseThere are a few Account Control attributes that Microsoft Active Directory Application Mode (ADAM) uses that can cause unsuccessful binds to the datastore
If Microsoft Active Directory Application Mode (ADAM) is installed/configured to run as a service, the account that is used to run the service must have sufficient permissions to read the Microsoft certificate store. By default, the install will choose the ?NetworkService? account, which does not have this permission and subsequently the bind will fail.
Resolution1. Using ADAM-adsiedit connect to the datastore and drill down to the administrator being used for the CT bind

2. Right click and select "Properties" for this user

3. Check the following attributes and their values:

    msDS-UserAccountDisabled
    mdDS-UserPasswordExpired

If either of these is set to "TRUE", ClearTrust will not be able to connect to the datastore.

In the case of msDS-UserAccountDisabled having a value of TRUE, simply click on this attribute and select "Edit" and change the value to "FALSE". However, mdDS-UserPasswordExpired cannot be edited via ADAM-adsiedit. In this case simply right-click on the admin user and select "Reset Password" to change the password. Once this is done, the mdDS-UserPasswordExpired attribute will be set to "FALSE".

Also, ensure that the account used to start the ADAM instance has the appropriate permissions to the Microsoft certificate store.

NOTE: If you want to keep the current admin password, simply reuse it when prompted by the "Reset Password" screen.
Legacy Article IDa24636

Attachments

    Outcomes