locked
Disabling LDAP Chase Referrals RRS feed

  • Question

  • I have a problem with my AD where I get incorrect LDAP referrals - the obvious solution is to fix it but that seems to be a longer task for our server team than I expected :)

    So...idea 2...Can you disable chasing referrals in UAG authentication?  Using LDP I can repro the LDAP issue and it goes away when I disable chase referrals (obviously)

    This is not a server-wide change it will be in UAG as UAG authentication is seperate to server domain membership.

    Thx


    • Edited by Zuzzy Friday, September 16, 2011 12:45 PM
    Friday, September 16, 2011 12:44 PM

All replies

  • Hi,

    can u try to use global catalog? No chase referrals should be in the reply.

    Cheers,

    Andreas


    Andreas Hecker - Blog: http://microsoft-iag.blogspot.com/ Please remember to use “Mark as Answer” or "vote as helpful" on the posts that help you.
    Friday, September 16, 2011 3:15 PM
  • Hi,

    could be that u need this hotfix package, if u not did not already install, to get tls with gc running.

    Cheers,

    Andreas


    Andreas Hecker - Blog: http://microsoft-iag.blogspot.com/ Please remember to use “Mark as Answer” or "vote as helpful" on the posts that help you.
    Friday, September 16, 2011 3:16 PM
  • Did you mean to include  a link to the package?

    Thanks

    Friday, September 16, 2011 4:24 PM
  • Hi,

    please excuse me for answering imprecisly. Please configure uag to use global catalog instead of ldap. If your global catalog is secured by tls then u will need to install the rollup 1 hotfix package. After that uag does not support only simple bind but tls also.

    Better now?

    Cheers,

    Andreas


    Andreas Hecker - Blog: http://microsoft-iag.blogspot.com/ Please remember to use “Mark as Answer” or "vote as helpful" on the posts that help you.
    Friday, September 16, 2011 6:52 PM
  • I see what you meant now - however I am already running with AD and GC, using update 1.

    However, now you mention it, why *am* I seeing LDAP referrals when I have AD as it should be using GC (AD in UAG is seeming LDAPS+GC)...

    Monday, September 19, 2011 8:29 AM
  • Hi,

    did u change the port to 3268 (gc) instead 389 (ldap)?

    Cheers,

    Andreas


    Andreas Hecker - Blog: http://microsoft-iag.blogspot.com/ Please remember to use “Mark as Answer” or "vote as helpful" on the posts that help you.
    Monday, September 19, 2011 8:46 AM
  • I didnt even know you could do that...i knew it tested the gc port but i never actually checked it used it.

    I'll try that!

    Monday, September 19, 2011 9:17 AM
  • Hi,

    did u get any positive results?

    Cheers,

    Andreas


    Andreas Hecker - Blog: http://microsoft-iag.blogspot.com/ Please remember to use “Mark as Answer” or "vote as helpful" on the posts that help you.
    Tuesday, September 20, 2011 8:09 PM