LDAP_SERVER_DOWN and Unable to connect to Active Directory during Driver Startup

  • 3925059
  • 08-Nov-2007
  • 16-Mar-2012

Environment

IDM 2.0.X
IDM 3.0.X
Active Directory (on Windows 2000 server or Windows 2003 server)
AD Driver on the Domain Controller

Situation

This is usually caused by a bad value in the Authentication Server parameter. The preferred value is the DNS name of the domain controller you want to talk to. You can use an IP address or leave it blank, but these two options have restrictions. Using the IP address can be problematic with the Negotiate authentication method, so its restricted for use with Simple Bind (preferably over SSL) and LDAP-style name for the Authentication ID. Blank means use the local host.

The DNS name must resolve on the machine running the addriver.dll shim.

A common problem in a lab environment is that the server that's hosting the addriver.dll cannot lookup the domain controller name. That is because the server is pointed at the corporate DNS server, not the one that has the test AD domain in it.

Another frequent mistake is to use the DNS name of the domain instead of the domain controller.
LDAP_SERVER_DOWN
ldap-rc="81"
ldap-err ldap-rc="81" ldap-rc-name="LDAP_SERVER_DOWN"
unable to connect to Active Directory


unable to connect to Active Directory



Resolution

In this particular case, the Authentication ID field was misconfigured. The Documentation states:

An Active Directory account with administrative privileges to be used by Identity Manager. The name form used depends on the selected authentication mechanism.

For Negotiate, provide the name form required by your Active Directory authentication mechanism. For example:

Administrator- AD Logon Name

Domain/Administrator- Domain qualified AD Logon Name

For Simple, provide an LDAP ID. For example:cn=DirXML,cn=Users,DC=domain,dc=com


Additional Information


Formerly known as TID# 10098447

Feedback service temporarily unavailable. For content questions or problems, please contact Support.