LDAP Result Msg | Can’t contact LDAP server (usercertificate)

Created: 2025-12-22 12:36:06
Modified: 2025-12-22 12:38:23
Tags: Active Directory Troubleshooting

LDAP Connection Failure | mod_object
LDAP Result Code | -1
LDAP Result Msg | Can’t contact LDAP server

Run Summary : 12/18/25 11:13:47
Total Records Read | 29791
Objects Modified | 11
Run Time | 2 minutes 43 seconds

Error Summary : 12/18/25 11:13:47`
LDAP Connection Failure | 1

The above error may be seen on syncs to AD.

The sync does not crash. Instead, the sync ends prematurely when the connection to the destination AD DC is lost. Immediately above the Run Summary you will see the error. And the error is also logged in the Error Summmary.

You will also notice, Total Records Read will be LESS than the expected number of objects to be processed. (See ‘Object Table’ in the log).

This is a known problem when you are syncing usercertificate and source objects have a very large number of certificates.

The easy fix is to comment out (not sync) usercertificate:**

  1. Create or Update your custom object map file.

  2. Comment out the usercertificate mapping with a # character.

    i.e.  #usercertificate=[usercertificate]

  3. Save changes.

  4. Save the connection.
  5. Run the Sync again

Note: The certificates of destination contacts will not be removed. This change means future syncs will no longer attempt to sync usercertificates.
Knowledgebase

Directory
  1. Directify - Self Service

  2. UnitySync - Sync
Password
  1. emPass - Sync
Obsolete
  1. Profiler
  2. SimpleSync