Solved: vCSA 5.5 AD Integration and LDAP

shmed · ‎01-08-2014

Can anyone shed any light onto the connection process that occurs when the vCSA performs and LDAP lookup against a Domain please? I am working on a problem where the vCSA is unable to perform an LDAP bind to the W2k8 Domain Contoller. The Appliance joins the domain without problem creating the necessary DNS entries and AD computer account, and adding the domain into the Identity Sources works fine. The problem manifests when we try to enumerate the users/groups within the domain with the error 'ldm client exception' error.

Having covered off all the 'usual suspects' such as network connectivity/DNS, I have narrowed the issue down to the actual LDAP connection between the vCSA and the Domain. Annoyingly, I have three environments, two work fine, one doesn't. I need to be conclusive in what is causing the issue, so need to fully understand the process that is happening under the hood.

I suspected it would be related to the GPO setting for 'Require Signing' on Domain Controller LDAP queries, but even setting this in a working environment does not cause the lookup to break.

shmed · ‎01-14-2014

Just to update on this, it seems that one of the 'working' environments wasn't actually 'working' in that the group policy (Domain Controller: LDAP signing) wasn't actually being applied properly.

If you get the ldm client exception error when enumerating domain users, and using the vCSA, check the group policy above (as applied to your domain controllers).

View solution in original post

shmed · ‎01-14-2014

Just to update on this, it seems that one of the 'working' environments wasn't actually 'working' in that the group policy (Domain Controller: LDAP signing) wasn't actually being applied properly.

If you get the ldm client exception error when enumerating domain users, and using the vCSA, check the group policy above (as applied to your domain controllers).

All

vCSA 5.5 AD Integration and LDAP