LDAP: error code 12 – Unavailable Critical Extension

The issue LDAP: error code 12 – Unavailable Critical Extension commonly occurs when asking an LDAP Server to return paged results but the LDAP doesn’t support the PagedResultsControl extension.

  • SunOne 5.2 and 6.3 don’t support PagedResultsControl extension.
  • Active Directory and other LDAP servers support PagedResultsControl extension.

Working of pagination during LiveCycle sync from an LDAP server
In LiveCycle, users and groups are synched from an LDAP server in batches of 200.
When the results returned from an LDAP server is >= 200, then an AutoDetectionLogic is automatically enabled.
This AutoDetectionLogic seeing that the LDAP server is SunOne, automatically disables paging.
This AutoDetectionLogic seeing that the LDAP server is AD or non-SunOne, automatically enables paging.

There have been cases where an Enterprise has a proxy server in between which acts as Active Directory but the ultimate LDAP server running behind is SunOne.
In such a scenario, the AutoDetectionLogic is forced to enable paging because of the proxy server acting as Active Directory.
Hence, when the communication ultimately happens with SunOne, we get the error and sync fails.

In such a scenario, the AutoDetecitonLogic has to be turned off so that LiveCycle doesn’t send any pagination requests.
One should follow the steps mentioned below to disable paging permanently.

  • Login to AdminUI with administrator credentials.
  • Navigate to Home > Settings > User Management > Configuration > Manual Configuration
  • Export the config.xml to file system.
  • Look for the tag entries starting with <entry key=”enablePaging” value=”…
  • This entry is present under nodes named LDAPUserConfig and LDAPGroupConfig for a particular Enterprise or Hybrid domain.
  • By default the entry is <entry key=”enablePaging” value=”true”/>
  • When using SunOne as LDAP, this entry should be modified to <entry key=”enablePaging” value=”false”/>
  • Save the config.xml and import it back to LiveCycle.
  • No restart of the Application server required.

Comments are closed.