On verifying the AD Account customer encounteres this error - PAM-CM-3431: Distinguished Name (DN) must be specified. The PAM UI contains a Distinguished Name
Release : 3.4.x
Component : PRIVILEGED ACCESS MANAGEMENT
The Error message popup upon Account Verification looks like this
The "Account Name" in the PAM UI Target Account screen and "User logon name" in AD User Properties did not match. Example screenshots shown below.
The "User logon name" (aka samAccountName) in the AD (Account Properties) should match the "Account Name" in the PAM UI's Target Account. (Credetial èManage TargetsèAccounts)
During Account Verification, PAM at this version gets the Distinguished Name from the AD/LDAP using the Account Name in PAM UI and not using the Distinguished Name specified in PAM UI. So the mismatch leads to the error- PAM-CM-3431: Distinguished Name (DN) must be specified.