06-01-2010 04:10 AM - edited 03-10-2019 05:10 PM
Hi,
We have ACS 4.1 running. Everything seems to be (and has been) working fine. But when I want to add a LDAP group mapping I get an error message saying "LDAP Server NOT reachable. Please check the configuration". The ldap authentications are working fine, I just can't add a groupmapping. Where do I start troubleshooting this one?
Regards Marco
Solved! Go to Solution.
06-01-2010 05:22 AM
Marco,
1. Do we have large number of groups in LDAP or AD structure?
2. Also, does your Admin DN has right to query database?
ACS Authentication Process with a Generic LDAP User Database
Configuring a Generic LDAP External User Database
Also, please download the LDAP browser softerra to fetch the correct information and configure it accordingle.
http://www.ldapbrowser.com/download.htm
HTH
JK
Do rate helpful posts-
06-01-2010 05:22 AM
Marco,
1. Do we have large number of groups in LDAP or AD structure?
2. Also, does your Admin DN has right to query database?
ACS Authentication Process with a Generic LDAP User Database
Configuring a Generic LDAP External User Database
Also, please download the LDAP browser softerra to fetch the correct information and configure it accordingle.
http://www.ldapbrowser.com/download.htm
HTH
JK
Do rate helpful posts-
06-01-2010 07:21 AM
Yes, we have approx 1200 groups in the OU. If I change the OU to one with less groupw it works fine. I moved the group I needed to another OU and then made the groupmapping. After that, changed the settings back as they were. And it works. Is this a known issue with many groups?
06-01-2010 06:31 PM
Marco,
Yes, this is a known issue.
CSCsg85495 ACS LDAP connectivity vs MS Active-Directory fails due to LDAP referrals
Active-Directory may return LDAP referrals which are not supported by ACS LDAP interface. As a result connectivity fails - "LDAP server not reachable" error message is displayed.
Work-Around:
Limit search scope to a lower sub-tree which doesn't contain referral to avoid the problem.
Regds
JK
Do rate helpful posts-
06-04-2010 07:26 AM
Marco,
Could you please mark this thread "RESOLVED" so that others can take benefits out of it.
06-04-2010 10:04 AM
Sure, is choosing the correct answer enough?
06-04-2010 10:08 AM
Thanks, keep posting
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: