Environment
IDM 3.0.X
Active Directory (on Windows 2000 server or Windows 2003 server)
AD Driver on the Domain Controller
Situation
This is usually caused by a bad value in the Authentication Server parameter. The preferred value is the DNS name of the domain controller you want to talk to. You can use an IP address or leave it blank, but these two options have restrictions. Using the IP address can be problematic with the Negotiate authentication method, so its restricted for use with Simple Bind (preferably over SSL) and LDAP-style name for the Authentication ID. Blank means use the local host.
The DNS name must resolve on the machine running the addriver.dll shim.
A common problem in a lab environment is that the server that's hosting the addriver.dll cannot lookup the domain controller name. That is because the server is pointed at the corporate DNS server, not the one that has the test AD domain in it.
Another frequent mistake is to use the DNS name
of the domain instead of the domain controller.
LDAP_SERVER_DOWN
ldap-rc="81"
ldap-err ldap-rc="81" ldap-rc-name="LDAP_SERVER_DOWN"
unable to connect to Active Directory
Resolution
An Active Directory account with administrative privileges to be used by Identity Manager. The name form used depends on the selected authentication mechanism.
For Negotiate, provide the name form required by your Active Directory authentication mechanism. For example:
Administrator- AD Logon Name
Domain/Administrator- Domain qualified AD Logon Name
For Simple, provide an LDAP ID. For example:cn=DirXML,cn=Users,DC=domain,dc=com
Additional Information
Formerly known as TID# 10098447