Cannot add directory service

Symptom

You cannot add a directory service to the appliance.

Solution 1
Cause

An external problem disconnected the directory server host.

Action
  1. Log in as the Infrastructure administrator.
  2. Verify that the settings for the directory service host are accurate.
  3. Verify that the settings for the directory service host are accurate.
  4. Locally on the directory server’s IP address or host name to determine if it is on-line.
  5. Locally run the ping command on the directory server’s IP address or host name to determine if it is on-line.
  6. Verify that the port for LDAP communication with the directory service is SSL port (default is 636) or Global Catalog SSL port (default is 3269).
  7. Verify that the port (default port: 636 or 3269) you are using for communication is not blocked by any firewalls.
  8. Verify that the appliance network is operating correctly.
  9. Determine that the appliance is functioning properly and that there are enough resources.
Solution 2
Cause

The directory server host is refusing to authenticate the appliance because the certificate has expired.

Action
  1. Log in as the Infrastructure administrator.
  2. Verify the login name and password are accurate.
  3. Contact the directory service provider to ensure that the credentials are accurate.
  4. Reacquire and install the directory service host certificate.
Solution 3
Cause

The certificate is not in valid x509 format.

Action
  1. Log in as the Infrastructure administrator.
  2. Reacquire and install the directory service host certificate, if necessary.
  3. Contact the directory service provider to ensure that the credentials are accurate.
Solution 4
Cause

The certificate does not contain the x509v3 key usage extension.

Action
  1. Log in as the Infrastructure administrator.
  2. Ensure that the certificate contains the key usage extension.
  3. Reacquire and install the directory service host certificate, if necessary.
Solution 5
Cause

The directory server host cannot authenticate the appliance because the credentials are invalid.

Action
  1. Log in as the Infrastructure administrator.
  2. Verify the login name and password are accurate.
  3. Verify the search context information is accurate; you might be trying to access a different account or group.
  4. Reacquire and install the directory service host certificate.
  5. Contact the directory service provider to ensure that the credentials are accurate.
Solution 6
Cause

There are incorrect parameters when the directory service was configured.

Action
  1. Verify that the name of the directory service is unique and entered correctly. Duplicate names are not accepted.
  2. Verify that the Directory type is correct.
  3. Ensure that the Base DN fields and, for OpenLDAP, the User naming attribute field, and Organizational unit fields are correct.
  4. Verify that the credentials of the authentication directory service administrator are correct.
  5. Verify that the group is configured in the directory service.