Directory not trusted in directory user mapping

Problem

This FAQ relates to GlobalSign SSO 6.2 and higher. A desired Directory User Mapping is not working and uas3_diag log shows:

2017-12-17 12:32:27,747 identity search(): directory not trusted in directory user mapping: ldaps://LDAPHOST/DC=XXXXXXXXXXXXXX

Solution

This error indicates that the method used by the user to sign in has not been enabled for Directory User Mapping.

Examine the Directory field from the authentication method settings for the authentication method used during unsuccessful mapping. If the field is blank, as below, it must be added from the services menu.

From the services menu, select the desired directory with which Directory User Mapping will be performed. Open the method tab, select the method(s) that the user will use to authenticate and press Update.

Confirm that the directory is now set. The name of the directory used for Directory User Mapping is visible in the final column of the method list under Home -> Methods.

The name of the directory used for Directory User Mapping is also visible in the Directory field of the method settings under Home -> Methods -> (Method name) -> Main.

Attempt the sign in again. Changes made in the user interface may take up to one minute to be activated.