ldap login bind password request

book

Article ID: 125660

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction



At the "Credentials -> Reports -> Run -> View Password Requests" we are seeing repeated "ldap login bind password request".
Why are we seeing this?
 

Environment

Release:
Component: CAPAMX

Resolution

"ldap login bind password request" message appears in the "View Password Request" report because of the following configuration.
"Configuration -> 3rd Party -> LDAP -> LDAP Domains -> Domain -> LDAP Configuration -> Update Interval (minutes)". 

This controls how frequently PAM would check with LDAP to synchronize the LDAP Groups.
This is not a mandatory field so it should accept empty value in case if you decide to disable the auto-synchronization of LDAP Groups.
This would come with a caveat that you must manually synchronize the LDAP Groups at your desired interval MANUALLY otherwise the users may fail to login.
Each time PAM tries to synchronize with LDAP server it would require to fetch the user credential associated to contact the LDAP server and this is the reason why you will see "ldap login bind password request" in the "View Password Request".

In case if you are not able to enter an empty value for "Update Interval (minutes)", it is fixed on PAM 3.2.5 and PAM 3.3.0