Error: "LDAP_SERVER_DOWN" (81) when connecting from member server to DC with "Use SSL" enabled.
(Last modified: 07Mar2006)
This document (10100215) is provided subject to the disclaimer at the end of this document.
symptom
Error: "LDAP_SERVER_DOWN" (81) when connecting from member server to DC with "Use SSL" enabled.
Objects synchronize but passwords do not.
fact
Microsoft Active Directory
Novell Identity Manager
Microsoft Windows 2003
cause
The Active Directory (AD) domain must have a certificate server working in order for SSL to work properly between AD and eDirectory. If there is no AD CA then there can be no SSL. Without SSL LDAPS will not work properly on the Domain Controller (DC) preventing an LDAPS connection resulting in the LDAP Server Down error.
fix
The recommended fix is to install the Remote Loader on the DC and point the driver to that server directly. Doing this allows you to leave your domain configuration the same. Set "Use SSL" to "no" in the driver configuration and clear out the "Authentication Context" field. Make sure the authentication type is set to Negotiate and the Authentication ID is set to Administrator or domain/Administrator (or an equivalent user).
Some customers have voiced concern about running the Remote Loader on a DC but it is the best setup for a number of reasons. First, if you do not use this implementation you either have the Remote Loader or IDM engine on a member server which means the same amount or an increased amount of network traffic because of multiple connections. Second using the Remote Loader requires an insignificant amount of resources on the DC and can be configured to use SSL between it and the engine (separate setting from the previous one mentioned). The security of this setup is usually superior because there are fewer boxes involved. The implementation of this setup is consistently simpler.
The alternative fix is to install Certificate Services on the DC. It has been said this is not the default configuration for Windows 2003 but is an option for all versions of Windows 2000 and 2003 servers.
document
| Document Title: | Error: "LDAP_SERVER_DOWN" (81) when connecting from member server to DC with "Use SSL" enabled. |
| Document ID: | 10100215 |
| Solution ID: | NOVL104877 |
| Creation Date: | 20Jan2006 |
| Modified Date: | 07Mar2006 |
| Novell Product Class: | DirXML |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.