PIM/PAMSC All:LDAP Channel binding and signing requirement on Windows

book

Article ID: 142698

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC) CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

 Windows update which is coming on March change behavior to access AD.
 LDAP channel binding and LDAP signing requirement is default.
 Does this change affect PAMSC ? 

 1. Does PAMSC use following method to access AD server?
   - no required signing access, negotiate, Kerberos, NTLM or Digest, SASL LDAP binding
   - clear text(no encryption) LDAP binding 
 2. If PAMSC use above method, please let him know how to change it.
 

Environment

Release : 14.0

Component : PAM SERVER CONTROL ENDPOINT WINDOWS

Resolution

As default, User store on Enterprise Management is configured with LDAP(389).

So, customer required change port.

Please change configuration along with following page.

For Example, CA Privileged Access Manager Server Control SSL Communication

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager-server-control/14-1/implementing/communication-encryption/ca-privileged-access-manager-server-control-ssl-communication.html

 

Endpoint component does not use LDAP access.  So, it does not affect by this change.

 

Additional Information

All PIM/PAMSC server component has same issue.