Video Screencast Help

External Identity Provider: Server Configuration

Created: 26 Sep 2012 • Updated: 17 Oct 2012 | 6 comments
This issue has been solved. See solution.


Hope I've landed in the right section.

I'm having difficulty configuring the external identity provider connection.

I've registered a public DNS name which points to a public ip on our firewall which is only configured to allow LDAP over SSL (636) from the trusted IP of our appcentre.

After testing various configurations, AD/LDAP, HTTP/S , URL/IP I still dont see any traffic hitting th firewall for that public IP. No denied or allowed attempts.

Is there something I'm missing ?


Comments 6 CommentsJump to latest comment

ohzone - CherylPeterson's picture

HI Pierre_L,

I've stared a new discussion for you.


Endpoint Management,
Endpoint Virtualization
Managing Mobility
Community Manager
Need Altiris help? IRC chat #Altiris

Dishwishy's picture

Hello Pierre_L,

A couple of things to try:

1) In the configuration screen for the "Server URI" field are you prefixing the DNS entry with ldap:// or ldaps://? Try both of those in a  combination of "Use SSL" checked and not checked.

2) If you are using LDAP over SSL, what certificate authority was used to sign your LDAP server?

3) What IPs did you white-list?

Pierre_L's picture

Thanks for the reponse.

I whitelisted the two following two IP's



BUT i dont see any traffic to our firewall.

When adding in ldap/ldaps to the URL it does seem to take longer to fail but still no traffic to the firewall.

The ACL has 0 hits.

The SSL cert is issued from verisign.

Pierre_L's picture

Problem resolved by updating the source IP as confirmed by Symantec support.

For any future readers after choosing LDAP the URI/L was as follows LDAPS://

and with NO SSL option box enabled. (SSL Un-checked)

Even though we have the cert and it is a valid cert choosing the SSL option did not work so we kep LDAPS as the prefix in the URI/L

Andrew_C's picture

Hello Pierre,

We're glad to hear you were able to properly configure your external IDP. I wish to inform you that this request, and the details you provided above, prompted for 2 new KB articles to be created to assist customers in the future.

If you agree that this issue has been addressed, could you please mark this thread as resolved?



Pierre_L's picture

Glad to hear this will assist your clients going forward. :)