Symantec Privileged Access Management

Hello,

I'm trying to bind LDAP server but I get error message: PAM-CM-0271: LDAP Bind fail: Invalid credentials 

I followed manual LDAP - CA Privileged Access Manager - 3.0.1 - CA Technologies Documentation and everything is set up as it should be (double-checked).

Also credentials are OK because RDP connection on the server works fine.

LDAP server is Windows Server 2008 R2.

Hi Jiri,

I just tested this functionality & can confirm that it works properly for me. This error usually means exactly what it says: Invalid credentials. That can include: bad passwords, bad usernames, disabled/locked accounts.

I would suggest looking at you AD servers Event Viewer Security logs to see if there are any failures for this account that may be able to give you more information on what is going on.

If this continues to be a problem please open a support ticket to have this looked into.

Hope this helps,

-Christian

Hi Christinan,

for testing I use full Administrator account. You can check it in the screenshots.

1) Target Application

2) Target Account

3) Bind LDAP

In 2.8.3 version it worked fine.

Hi Jiri,

Based on your screenshots it looks like your problem is the Distinguished Name you have set for the Administrator account. This should be the full DN for the 'Account', not for the 'Domain'.

e.g, if this is the default AD admin it usually looks like this: CN=Administrator,CN=Users,DC=cmss,DC=Local

-Christian

Hi Christian,

that was the problem. Works fine now.

Thank you for the advice!

In "Target Account" section, try with distinguished name of Administrator Account from Active Directory is used to define the account. 

e.g. CN=Administrator,DC=cmss,DC=local

You are right, the DN was bad. Fixed, working.

Thank you.

Checked again and it should be correct. You can see the settings in the screenshots above.

It was really problem with DN as described above.

Fixed, working. Thank you.