000022632 - RSA ClearTrust 5.5 Entitlements Server (EServer) does not start when using ADAM as directory store

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022632
Applies ToRSA ClearTrust 5.5 Entitlements Server (EServer)
Microsoft Windows Server 2003
Microsoft Active Directory Application Mode (ADAM)
IssueRSA ClearTrust 5.5 Entitlements Server (EServer) does not start when using ADAM as directory store
RSA ClearTrust 5.5 Entitlements Server (EServer) debug output shows the following failure on EServer start up:

2006/02/09 17:58:04:320 [dal_conn] [APIClientProxy_0 (sirrus.da.util.ConnectionManager.returnConnection)] - Returned connection. Now free = 10, leased = 0
Not authorized (RC_NOT_AUTHORIZED): Login incorrect
With search profiling enabled (cleartrust.data.ldap.show_search_profiling :true in ldap.conf), the EServer shows a failure executing the following search:

Base DN: OU=Tronox Users,OU=Livelink,DC=tronox,DC=com
Scope: 1
Filter: (&(&(objectClass=user)(objectCategory=person))(samAccountName=Admin))
CauseThe search is unable to find an administrator account using the filter for user objects. Either the user does not exist within the scope of the user baseDN, or the filter for users is incorrect.
ResolutionThe correct filter for ADAM users is "CN". Ensure that the ldap.conf file changes described in the RSA Security Partner Engineering Guide for ADAM directory server installation have been followed. The value of cleartrust.data.ldap.user.attributemap.name for ADAM should be CN.
Legacy Article IDa29563

Attachments

    Outcomes