SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.

Stuck on Identity Source

I am setting up RSA SecurID for the first time and attaching it to a Windows Server 2016 domain. I am following the steps in "How to create an external LDAP Identity Source in RSA Authentication Manager 8.1 SP1 or later" but connecting to the basic AD LDAP doesn't work. My configuration is:

Identity Source: DC1 (This is the name of domain controller)

Type: Active Directory

Directory URL: ldap://DC1.domain.local (name of the AD domain)

Directory User ID: DomainAdmin@domain.local

Directory Password: correct password


But Test Connection fails each time. This is for the Primary RSA, not a replica. I know I am missing something basic, but am stumped and the online documents have not been much help. I can ping the DC from the RSA server, and the ldap URL resolves. Any help is appreciated.

2 Replies
Administrator Administrator

Hi Charles,


I have moved this thread to the RSA SecurID Suite" data-type="space so that you can get an answer to your question.


You can post future questions and discussions directly to that community by clicking on the Ask a Question or Start a Discussion button on the RSA SecurID Suite" data-type="space page.






You mentioned replica. Is there a replica ? If there is a replica, the replica also needs to have a working ldap url configured for the identity source.


Otherwise it is pretty simple. Name it, give it a working URL, admin name and password and save it.


You can test an ldap connection on the command line:

get on command line as rsaadmin,  (ssh is good)

become root with

sudo su -   (enter)

and rsaadmin password again


As root, run ldapsearch, should dump a list of groups

my non-ssl example here I have a dc, administrator@farmco.local and password password1##

and the top level of my domain is dc=farmco,dc=local


ldapsearch -h -p 389 -D administrator@farmco.local -w password1## -b "dc=farmco,dc=local" -s sub "objectclass=group" grouptype cn


Sample Output snip:

# DHCP Administrators, Users, farmco.local
dn: CN=DHCP Administrators,CN=Users,DC=farmco,DC=local
cn: DHCP Administrators
groupType: -2147483644

# Distributed COM Users, Builtin, farmco.local
dn: CN=Distributed COM Users,CN=Builtin,DC=farmco,DC=local
cn: Distributed COM Users
groupType: -2147483643

# CERTSVC_DCOM_ACCESS, Users, farmco.local
dn: CN=CERTSVC_DCOM_ACCESS,CN=Users,DC=farmco,DC=local
groupType: -2147483644

# ad-aliases, Users, farmco.local
dn: CN=ad-aliases,CN=Users,DC=farmco,DC=local
cn: ad-aliases
groupType: -2147483646

# sliders, Users, farmco.local
dn: CN=sliders,CN=Users,DC=farmco,DC=local
cn: sliders
groupType: -2147483646