000033659 - Occasionally, the RSA Archer LDAP Sync fails when the Use Serverless Binding option is enabled in LDAP Configuration

Document created by RSA Customer Support Employee on Aug 10, 2016Last modified by RSA Customer Support on May 1, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000033659
Applies ToRSA Product Set: RSA Archer
RSA Version/Condition: All
 
IssueThe LDAP Sync sometimes fails when the Use Serverless Binding option is enabled in LDAP Configuration.
User-added image


 
CauseOne possible cause is the LDAP Configuration has the Use Serverless Binding option enabled and the environment has multiple Active Directory Domain Controllers (ADDC).

Serverless binding doesn't dictate which Active Directory Domain Controllers it will hit first. If users/groups aren't completely identical across all of your Active Directory Domain Controllers, the LDAP Sync could connect to an ADDC that doesn't have the same users/group setup/hierarchy and the LDAP Sync may fail. Running the LDAP Sync again may succeed, but that only means that it hit a different ADDC that does match the user/group setup that it recognizes.
ResolutionThere are a few options:
  1. Specify the Active Directory Domain Controller:
    1. Uncheck the Use Serverless Binding option.
    2. For Name/IP Address, enter the IP Address or Server Name of the specific Active Directory Domain Controller.
    3. Run LDAP Sync tests to verify consistency.
  2. For Name/IP Address, specify an Active Directory Global Catalog and append ":3268" and run LDAP Sync.
  3. Request the Active Directory Administrator verify the Domain Controllers are syncing correctly across the domain controllers in Active Directory.

Attachments

    Outcomes