Proxy to Active Directory “Unavailable Critical Extension”

This topic has 1 reply, 2 voices, and was last updated 3 years ago by JnRouvignac.

  • Author
    Posts
  • #18277
     jimena
    Participant

    Hi,

    We are trying to configure Directory Services as a proxy to Active Directory 2012 R2. After turning on debug logs for an ldapsearch, I see DS sending an LDAP SEARCH REQUEST with controls=[ProxiedAuthorizationV2Control(oid=2.16.840.1.113730.3.4.18 …)]
    and then I see LDAP SEARCH RESULT(messageID=10, result=Result(resultCode=Unavailable Critical Extension, matchedDn=, diagnosticMessage=00000057: LdapErr: DSID-0C0907C1, comment: Error processing control, data 0, v2580

    Should I check control oid=2.16.840.1.113730.3.4.18 is supported in AD? In the AD, the RootDSE supportedControls attribute does not include that oid.
    Can you please suggest what to check in this setup (DS 5 as proxy-server to AD 2012 R2)?

    Thanks,
    Jimena

    • This topic was modified 3 years ago by jimena.
    #18373
     JnRouvignac
    Participant

    Hello,

    AD does not support proxy auth v2 control.
    It means that it cannot be used behind OpenDJ proxy as of today (DS 5).
    If you are interested in this feature, I’d suggest you contact Ludovic Poitou, who is Product Manager for OpenDJ.

    Best regards,
    Jean-Noel

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?