Troubleshooting LDAP referrals

An LDAP referral is a domain controller's way of indicating to a client application that it does not have a copy of a requested object. It actually indicates the absence of the directory tree in which the object resides. Instead, the domain controller provides the client a location that is more likely to hold the object. The client then uses the location as the basis for a DNS search for a domain controller.

In most instances, referrals refer a domain controller that holds the object. At times, the referred domain controller may generate yet another referral, although it does not take long for the domain controller to discover that the object does not exist and to inform the client.

Currently BMC Atrium Single Sign-On does not support LDAP referrals.

To work around this issue, you may access the LDAP server or domain controller directly and this may require administrative changes. Note that as each customer environment is different, we need to look at the current environment and provide the possible options.