Orchestrator requires a connection to a working LDAP server on your infrastructure to manage user permissions.

If you are using secure LDAP over SSL, Windows 2003 or 2008, and AD, verify that the LDAP Server Signing Requirements group policy is disabled on the LDAP server.


Multiple domains that have a two-way trust, but are not in the same tree, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are unsupported.


The LDAP service provider uses a URL to configure the connection to the directory server. To generate the LDAP connection URL, you must specify the LDAP host, port, and root.


If your LDAP server uses SSL, you can import the SSL certificate file to the Orchestrator configuration interface and activate secure connection between Orchestrator and LDAP.


Orchestrator must read your LDAP structure to inherit its properties. You can specify the credentials that Orchestrator uses to connect to an LDAP server.


You can define the users and groups lookup information.


You can customize the LDAP search queries and make searching in LDAP more effective.


When you encounter the LDAP:error code 49 error message and experience problems connecting to your LDAP authentication server, you can check which LDAP function is causing the problem.