The issue LDAP: error code 12 – Unavailable Critical Extension commonly occurs when asking an LDAP Server to return paged results but the LDAP doesn’t support the PagedResultsControl extension.

  • SunOne 5.2 and 6.3 don’t support PagedResultsControl extension.
  • Active Directory and other LDAP servers support PagedResultsControl extension.

Working of pagination during LiveCycle sync from an LDAP server
In LiveCycle, users and groups are synched from an LDAP server in batches of 200.
When the results returned from an LDAP server is >= 200, then an AutoDetectionLogic is automatically enabled.
This AutoDetectionLogic seeing that the LDAP server is SunOne, automatically disables paging.
This AutoDetectionLogic seeing that the LDAP server is AD or non-SunOne, automatically enables paging.

Issue
There have been cases where an Enterprise has a proxy server in between which acts as Active Directory but the ultimate LDAP server running behind is SunOne.
In such a scenario, the AutoDetectionLogic is forced to enable paging because of the proxy server acting as Active Directory.
Hence, when the communication ultimately happens with SunOne, we get the error and sync fails.

---

Read the complete post at Amit Pugalia's blog.