It seems I have hit my first major problem with vCAC 6.
I have copied this Post from my Blog in hopes that I would find an answer quicker.
After doing a few test runs and other scenarios it looks like I have found the problem.
I have a multitiered domain, a forest. The main domain the users of vCAC will use is just under the main/root domain, we will call root level 1. So that means we are using the domain on level 2. Now what happens is I am only able to use AD accounts that I configure for vCAC that are on level 2 (identity source points to level 2) and do not belong to any AD groups of level 1 or 3. What happens if the account belongs to any group that is outside of level 2, is after a log on attempt, the progress bar on the log on page will stop and nothing will happen.
I found the problem by looking at the “vmware-sts-idmd” log. It will say that the log on was successful however there was an error calling for an ldap search of a group the account is in, in domain level 1 or 3. In the log will be an ldap referral error code 10.
Error received by LDAP client: com.vmware.identity.interop.ldap.LinuxLdapClientLibrary, error code: 10
Exception when calling ldap_search_s: base=CN=Group,OU=AdminRoleGroups,OU=Admin,DC=DOMAIN,DC=com, scope=0, filter=(objectClass=group), attrs=[Ljava.lang.String;@20bea718, attrsonly=0
I have tried using the global catalog port 3268 instead of 389. I thought this would work but it seems that the ldap client cannot bind on this port. I have also tried using just the root domain as the identity source with no luck.
So I am still working on this. Any help would be welcomed.